Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Script errors, invalid destination errors, adobe flash crashing even w

Started by sheyennelilly , Dec 02 2014 01:10 PM

  • This topic is locked This topic is locked

#1
sheyennelilly
Posted 02 December 2014 - 01:10 PM

sheyennelilly

    Member

  • Member
  • PipPip
  • 65 posts

I'm posting here after being referred to this thread from another area.  I posted a few days ago that my computer was running extremely slowly and shortcuts weren't working.  It was running so slowly that it would take 20 minutes to open something after clicking sometimes.  Many times it would just lock up.  After some help my computer is back to opening things okay, but I'm getting all kinds of pop-ups.  I'm getting script errors where it tells me I can stop, debug, or wait for the script (I think it says I can wait...).  I'm also getting popups very frequently that say job cannot finish because of invalid destination.  On top of that, my adobe flash player crashes periodically.  I've updated it and reset Firefox after reading possible solutions on other websites.  Neither has fixed the problem.  I sometimes get messages that tell me to update my flash player when it's already at the latest version.

Also, sometimes my computer will stall when shutting down and it won't be able to shut down.  It will tell me that explorer.exe is the problem.  I have no idea what this means, and this hasn't happened in a while, but I thought I'd mention it.

 

Here is the OTL file:

 

OTL logfile created on: 12/2/2014 12:51:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sheyenne Alvarez\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 56.29% Memory free
7.50 Gb Paging File | 4.53 Gb Available in Paging File | 60.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.50 Gb Total Space | 140.06 Gb Free Space | 15.25% Space Free | Partition Type: NTFS
Drive E: | 12.92 Gb Total Space | 1.59 Gb Free Space | 12.28% Space Free | Partition Type: NTFS
Drive K: | 465.65 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: FAT32
 
Computer Name: SHEYENNEALVAREZ | User Name: Sheyenne Alvarez | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/02 12:47:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sheyenne Alvarez\Downloads\OTL.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/14 12:41:15 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/11/13 00:58:58 | 035,419,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/11/10 08:38:23 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/11/10 08:38:21 | 000,028,272 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
PRC - [2014/10/14 23:35:26 | 006,281,024 | ---- | M] () -- C:\Users\Sheyenne Alvarez\AppData\Local\Amazon Music\Amazon Music Helper.exe
PRC - [2014/10/07 08:40:00 | 001,923,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\winword.exe
PRC - [2014/09/12 03:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/12 16:36:54 | 003,746,120 | ---- | M] (Google Inc.) -- C:\Users\Sheyenne Alvarez\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
PRC - [2014/05/19 15:05:10 | 003,414,560 | R--- | M] (Fitbit, Inc.) -- C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
PRC - [2014/05/19 15:05:10 | 001,436,192 | R--- | M] (Fitbit, Inc.) -- C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
PRC - [2014/03/18 15:39:03 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Sheyenne Alvarez\AppData\Local\Apps\2.0\C52Q8JWR.CDD\6A344DJW.HND\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\LocalServiceJre\bin\AmazonCloudDriveW.exe
PRC - [2013/02/05 09:10:48 | 000,581,624 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
PRC - [2013/02/05 09:10:46 | 000,046,072 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
PRC - [2012/11/07 21:54:39 | 000,644,456 | ---- | M] () -- C:\Program Files (x86)\Dell\ErrorApp\dkab1err.exe
PRC - [2012/11/07 21:54:06 | 000,951,656 | ---- | M] () -- C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe
PRC - [2012/10/19 13:46:22 | 000,144,896 | ---- | M] (Motorola Mobility Inc.) -- C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
PRC - [2012/10/19 13:46:00 | 000,240,056 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
PRC - [2012/10/02 12:45:22 | 000,120,728 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2012/10/02 12:41:02 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2012/09/07 20:36:46 | 000,087,992 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2009/08/27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | R-S- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/01 07:02:50 | 000,553,984 | ---- | M] () -- C:\Users\Sheyenne Alvarez\AppData\Local\Temp\zumotaglib.dll7000694649529791781.lib
MOD - [2014/12/01 06:53:30 | 000,160,256 | ---- | M] () -- C:\Users\Sheyenne Alvarez\AppData\Local\Temp\ZumoLocalGateway.dll2056677331032952862.lib
MOD - [2014/12/01 06:53:19 | 000,314,368 | ---- | M] () -- C:\Users\Sheyenne Alvarez\AppData\Local\Temp\WindowsFolderWatcher.dll4292676265308765660.lib
MOD - [2014/12/01 06:52:42 | 000,046,080 | ---- | M] () -- C:\Users\Sheyenne Alvarez\AppData\Local\Apps\2.0\C52Q8JWR.CDD\6A344DJW.HND\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\NativeOperations.dll
MOD - [2014/12/01 06:52:03 | 000,205,824 | ---- | M] () -- C:\Users\Sheyenne Alvarez\AppData\Local\Temp\WindowsAPI.dll8808630298038366323.lib
MOD - [2014/12/01 06:52:03 | 000,043,008 | ---- | M] () -- c:\Users\Sheyenne Alvarez\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyr7ak5.dll
MOD - [2014/11/16 04:55:18 | 000,316,576 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2014/11/13 00:49:58 | 003,610,624 | ---- | M] () -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/11/10 08:38:21 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/10/14 23:35:26 | 006,281,024 | ---- | M] () -- C:\Users\Sheyenne Alvarez\AppData\Local\Amazon Music\Amazon Music Helper.exe
MOD - [2014/09/23 05:43:09 | 008,897,696 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\1033\grooveintlresource.dll
MOD - [2014/08/12 16:29:32 | 003,219,456 | ---- | M] () -- C:\Users\Sheyenne Alvarez\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
MOD - [2014/04/23 15:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/04/23 15:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/08/23 13:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/08/19 19:07:50 | 000,509,440 | ---- | M] () -- C:\Users\Sheyenne Alvarez\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll
MOD - [2013/02/05 09:11:18 | 000,465,824 | ---- | M] () -- C:\Program Files (x86)\NTI\NTI Backup Now EZ\sqlite3.dll
MOD - [2013/01/04 13:00:09 | 000,541,696 | ---- | M] () -- C:\Users\Sheyenne Alvarez\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
MOD - [2012/11/07 21:54:39 | 000,644,456 | ---- | M] () -- C:\Program Files (x86)\Dell\ErrorApp\dkab1err.exe
MOD - [2012/11/07 21:54:06 | 000,951,656 | ---- | M] () -- C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe
MOD - [2012/10/19 13:46:20 | 000,075,776 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideoscale.dll
MOD - [2012/10/19 13:46:20 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgsttypefindfunctions.dll
MOD - [2012/10/19 13:46:20 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideobox.dll
MOD - [2012/10/19 13:46:20 | 000,054,784 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstsmpte.dll
MOD - [2012/10/19 13:46:20 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvorbis.dll
MOD - [2012/10/19 13:46:20 | 000,051,712 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstsubparse.dll
MOD - [2012/10/19 13:46:20 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstwavpack.dll
MOD - [2012/10/19 13:46:20 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstwavparse.dll
MOD - [2012/10/19 13:46:20 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvolume.dll
MOD - [2012/10/19 13:46:20 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideocrop.dll
MOD - [2012/10/19 13:46:20 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstvideorate.dll
MOD - [2012/10/19 13:46:20 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgsty4menc.dll
MOD - [2012/10/19 13:46:18 | 000,531,968 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg4video.dll
MOD - [2012/10/19 13:46:18 | 000,363,008 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumpeg2video.dll
MOD - [2012/10/19 13:46:18 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstisomp4.dll
MOD - [2012/10/19 13:46:18 | 000,207,872 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmatroska.dll
MOD - [2012/10/19 13:46:18 | 000,150,528 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegdemux.dll
MOD - [2012/10/19 13:46:18 | 000,132,608 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstogg.dll
MOD - [2012/10/19 13:46:18 | 000,119,296 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumpegdemux.dll
MOD - [2012/10/19 13:46:18 | 000,075,776 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflv.dll
MOD - [2012/10/19 13:46:18 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstjpeg.dll
MOD - [2012/10/19 13:46:18 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegaudioparse.dll
MOD - [2012/10/19 13:46:18 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegtsmux.dll
MOD - [2012/10/19 13:46:18 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstgio.dll
MOD - [2012/10/19 13:46:18 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstinterleave.dll
MOD - [2012/10/19 13:46:18 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstreplaygain.dll
MOD - [2012/10/19 13:46:18 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstid3tag.dll
MOD - [2012/10/19 13:46:18 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstid3demux.dll
MOD - [2012/10/19 13:46:18 | 000,029,696 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstgdp.dll
MOD - [2012/10/19 13:46:18 | 000,029,184 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstpng.dll
MOD - [2012/10/19 13:46:18 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmultipart.dll
MOD - [2012/10/19 13:46:18 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmpegvideoparse.dll
MOD - [2012/10/19 13:46:18 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmultifile.dll
MOD - [2012/10/19 13:46:18 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstlevel.dll
MOD - [2012/10/19 13:46:18 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstmulaw.dll
MOD - [2012/10/19 13:46:18 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstshift.dll
MOD - [2012/10/19 13:46:16 | 001,563,136 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflump3enc.dll
MOD - [2012/10/19 13:46:16 | 001,376,256 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflump3dec.dll
MOD - [2012/10/19 13:46:16 | 000,088,064 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflummssrc.dll
MOD - [2012/10/19 13:46:16 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumch264enc.dll
MOD - [2012/10/19 13:46:16 | 000,033,280 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflumcaacenc.dll
MOD - [2012/10/19 13:46:14 | 002,009,600 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstfluh264dec.dll
MOD - [2012/10/19 13:46:14 | 001,694,208 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstfluaacdec.dll
MOD - [2012/10/19 13:46:14 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstfluasfdemux.dll
MOD - [2012/10/19 13:46:12 | 000,187,904 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstffmpegcolorspace.dll
MOD - [2012/10/19 13:46:12 | 000,073,216 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstdshowsrcwrapper.dll
MOD - [2012/10/19 13:46:12 | 000,069,120 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstflac.dll
MOD - [2012/10/19 13:46:12 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstequalizer.dll
MOD - [2012/10/19 13:46:10 | 000,212,480 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstcoreelements.dll
MOD - [2012/10/19 13:46:10 | 000,123,904 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstavi.dll
MOD - [2012/10/19 13:46:10 | 000,091,136 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstdshowdecwrapper.dll
MOD - [2012/10/19 13:46:10 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstdecodebin2.dll
MOD - [2012/10/19 13:46:10 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaudioconvert.dll
MOD - [2012/10/19 13:46:10 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaudioresample.dll
MOD - [2012/10/19 13:46:10 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstautoconvert.dll
MOD - [2012/10/19 13:46:10 | 000,029,184 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstautodetect.dll
MOD - [2012/10/19 13:46:10 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaudiorate.dll
MOD - [2012/10/19 13:46:10 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstamrnb.dll
MOD - [2012/10/19 13:46:10 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstauparse.dll
MOD - [2012/10/19 13:46:10 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstcutter.dll
MOD - [2012/10/19 13:46:10 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstapetag.dll
MOD - [2012/10/19 13:46:10 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstamrwbdec.dll
MOD - [2012/10/19 13:46:10 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstcoreindexers.dll
MOD - [2012/10/19 13:46:08 | 001,520,128 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libvorbisenc-2.dll
MOD - [2012/10/19 13:46:08 | 001,396,736 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libxml2-2.dll
MOD - [2012/10/19 13:46:08 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libwavpack-1.dll
MOD - [2012/10/19 13:46:08 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\z.dll
MOD - [2012/10/19 13:46:08 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstalpha.dll
MOD - [2012/10/19 13:46:08 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstaiff.dll
MOD - [2012/10/19 13:46:08 | 000,030,208 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstadder.dll
MOD - [2012/10/19 13:46:08 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstalaw.dll
MOD - [2012/10/19 13:46:08 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstalphacolor.dll
MOD - [2012/10/19 13:46:08 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\plugins\libgstadpcmdec.dll
MOD - [2012/10/19 13:46:06 | 000,471,552 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\liborc-0.4-0.dll
MOD - [2012/10/19 13:46:06 | 000,190,976 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libpng14-14.dll
MOD - [2012/10/19 13:46:06 | 000,162,304 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libvorbis-0.dll
MOD - [2012/10/19 13:46:06 | 000,123,947 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libopencore-amrwb.0.1.1.dll
MOD - [2012/10/19 13:46:04 | 000,699,392 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstreamer-0.10.dll
MOD - [2012/10/19 13:46:04 | 000,276,992 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libjpeg-8.dll
MOD - [2012/10/19 13:46:04 | 000,253,440 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstbase-0.10.dll
MOD - [2012/10/19 13:46:04 | 000,248,352 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libopencore-amrnb.0.1.1.dll
MOD - [2012/10/19 13:46:04 | 000,133,120 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgsttag-0.10.dll
MOD - [2012/10/19 13:46:04 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstcontroller-0.10.dll
MOD - [2012/10/19 13:46:04 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstpbutils-0.10.dll
MOD - [2012/10/19 13:46:04 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstrtp-0.10.dll
MOD - [2012/10/19 13:46:04 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstinterfaces-0.10.dll
MOD - [2012/10/19 13:46:04 | 000,041,984 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstriff-0.10.dll
MOD - [2012/10/19 13:46:04 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstvideo-0.10.dll
MOD - [2012/10/19 13:46:04 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libogg-0.dll
MOD - [2012/10/19 13:46:04 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstdataprotocol-0.10.dll
MOD - [2012/10/19 13:46:02 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libgstaudio-0.10.dll
MOD - [2012/10/19 13:46:00 | 000,331,264 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\libFLAC-8.dll
MOD - [2012/10/19 13:46:00 | 000,240,056 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
MOD - [2012/10/02 12:41:02 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
MOD - [2012/08/22 05:05:46 | 001,490,944 | ---- | M] () -- C:\Program Files (x86)\Dell V520 Series\DKabdrs.dll
MOD - [2012/08/07 06:37:29 | 000,217,088 | ---- | M] () -- C:\Program Files (x86)\Dell\ErrorApp\dkab1err.dll
MOD - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/05 21:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/30 01:24:10 | 002,443,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/04/09 07:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/09/11 22:14:40 | 000,390,672 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:64bit: - [2010/08/05 21:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/05/11 09:16:12 | 000,203,264 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2014/11/26 04:36:17 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/11/10 08:38:22 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/12 03:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/05/25 06:23:00 | 003,377,568 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2014/05/19 15:05:10 | 001,436,192 | R--- | M] (Fitbit, Inc.) [Auto | Running] -- C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe -- (Fitbit Connect)
SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/02/05 09:10:46 | 000,046,072 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
SRV - [2012/10/02 12:45:22 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2012/09/07 20:36:46 | 000,087,992 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2011/09/02 15:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2011/05/06 09:58:04 | 001,128,952 | ---- | M] (PDF Complete Inc) [Disabled | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/08/20 19:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2009/08/27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/01/07 07:42:08 | 000,076,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/10/31 10:47:18 | 000,035,352 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WLRAWMp50x64.sys -- (WLRAWMp50x64)
DRV:64bit: - [2013/10/31 10:47:18 | 000,034,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WLRAWSp50x64.sys -- (WLRAWSp50x64)
DRV:64bit: - [2013/08/06 14:13:30 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2013/03/18 15:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/04/13 14:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 00:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/09/03 00:59:26 | 000,349,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/08/13 07:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/13 07:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/07/21 21:57:22 | 001,002,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/05/11 09:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/11 08:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 09:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/09 16:31:36 | 000,032,280 | ---- | M] (Intellon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbethmp.sys -- (A_USBETHMP)
DRV:64bit: - [2009/06/17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 15:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 15:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/08/22 14:26:32 | 000,021,648 | ---- | M] (SRS Labs, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZCinema_SRS_amd64.sys -- (ZCinema_TSHD_x64)
DRV:64bit: - [2007/02/12 16:56:08 | 000,089,600 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2007/01/12 18:43:40 | 000,037,552 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\frmupgr.sys -- (DFUBTUSB)
DRV - [2013/10/31 10:47:18 | 000,035,352 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\WLRAWMp50x64.sys -- (WLRAWMp50x64)
DRV - [2013/10/31 10:47:18 | 000,034,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\WLRAWSp50x64.sys -- (WLRAWSp50x64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://my.yahoo.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {A95C09AC-0593-4FEF-898E-A147C363BCAB}
IE - HKCU\..\SearchScopes\{4408C5D3-D063-47B7-F412-10B06D154E1C}: "URL" = http://bdlr.startnow...eferrer:source}
IE - HKCU\..\SearchScopes\{A95C09AC-0593-4FEF-898E-A147C363BCAB}: "URL" = http://www.google.co...&rlz=1I7ADSA_en
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "https://my.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.2.6.20140805113039
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Sheyenne Alvarez\AppData\Roaming\Mozilla\Firefox\Profiles\kn59s6jm.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sheyenne Alvarez\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sheyenne Alvarez\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Sheyenne Alvarez\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101710.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/18 22:23:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/11/10 08:38:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/11/10 08:38:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 04:36:14 | 000,010,691 | ---- | M] ()
 
[2012/05/08 13:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Mozilla\Extensions
[2014/11/18 11:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Mozilla\Firefox\Profiles\btxhxadl.default-1415987071767\extensions
[2014/11/14 18:39:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Mozilla\Firefox\Profiles\btxhxadl.default-1415987071767\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2014/11/18 11:17:29 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Mozilla\Firefox\Profiles\btxhxadl.default-1415987071767\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/11/10 08:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/10 08:38:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - homepage: http://www.google.com/
 
O1 HOSTS File: ([2012/11/29 09:34:26 | 000,444,933 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    www.123fporn.info
O1 - Hosts: 15280 more lines...
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Dell Toolbar) - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4:64bit: - HKLM..\Run: [DKADGmon] C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe ()
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BackupNowEZtray] C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe (NTI Corporation)
O4 - HKLM..\Run: [DKADGmon] C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe ()
O4 - HKLM..\Run: [Fitbit Connect] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKCU..\Run: [Amazon Music] C:\Users\Sheyenne Alvarez\AppData\Local\Amazon Music\Amazon Music Helper.exe ()
O4 - HKCU..\Run: [DKab1err] C:\Program Files (x86)\Dell\ErrorApp\DKab1err.exe ()
O4 - HKCU..\Run: [DKADGmon] C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe ()
O4 - HKCU..\Run: [Fitbit Connect] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
O4 - HKCU..\Run: [Google+ Auto Backup] C:\Users\Sheyenne Alvarez\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe (Google Inc.)
O4 - HKCU..\Run: [MotoCast] C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms ()
O4 - Startup: C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z Cinema.lnk = C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Installer\{6E166235-49F3-4DFA-A102-1E86675ABD11}\StartupShortcut_6E16623549F34DFAA1021E86675ABD11.exe (Macrovision Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D516469-D24C-4900-82CF-A21B89F6B1CB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DF58AFA-1D29-46DA-BB69-5A747894F98C}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/14 11:44:38 | 000,000,000 | ---D | C] -- C:\Users\Sheyenne Alvarez\Desktop\Old Firefox Data
[2014/11/10 08:38:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/11/08 21:06:41 | 000,000,000 | ---D | C] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music
[2014/11/08 21:06:33 | 000,000,000 | ---D | C] -- C:\Users\Sheyenne Alvarez\AppData\Local\Amazon Music
[2014/11/04 20:03:50 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys
[4 C:\Users\Sheyenne Alvarez\Documents\*.tmp files -> C:\Users\Sheyenne Alvarez\Documents\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/02 12:50:13 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/02 12:48:17 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/02 12:46:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/02 12:46:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/02 12:36:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/02 12:28:42 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3854915487-3061028145-266851286-1000UA.job
[2014/12/01 21:52:22 | 000,137,540 | ---- | M] () -- C:\Users\Sheyenne Alvarez\Documents\Sheyenne Resume for Bus. Plan class.dotx
[2014/12/01 21:52:22 | 000,000,162 | -H-- | M] () -- C:\Users\Sheyenne Alvarez\Documents\~$eyenne Resume for Bus. Plan class.dotx
[2014/12/01 19:28:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3854915487-3061028145-266851286-1000Core.job
[2014/12/01 17:15:49 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSheyenne Alvarez.job
[2014/12/01 06:51:46 | 000,000,408 | ---- | M] () -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms
[2014/12/01 02:29:14 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/01 02:29:14 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/01 02:21:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/01 02:21:44 | 3019,333,632 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/28 14:18:57 | 006,558,250 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/28 14:18:57 | 002,223,910 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/28 14:18:57 | 002,137,818 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/11/21 06:14:12 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/11/17 13:50:32 | 000,011,479 | ---- | M] () -- C:\Users\Sheyenne Alvarez\Documents\Numbers.jpg
[2014/11/14 18:37:02 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSHEYENNEALVAREZ$.job
[2014/11/14 11:30:46 | 000,001,071 | ---- | M] () -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/11/14 11:30:27 | 000,001,061 | ---- | M] () -- C:\Users\Sheyenne Alvarez\Desktop\Dropbox.lnk
[2014/11/13 03:34:38 | 000,525,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/08 21:06:57 | 000,001,252 | ---- | M] () -- C:\Users\Sheyenne Alvarez\Desktop\Amazon Music.lnk
[2014/11/05 08:51:13 | 000,166,563 | ---- | M] () -- C:\Users\Sheyenne Alvarez\Documents\Sheyenne Resume.dotx
[2014/11/02 21:58:27 | 000,000,162 | -H-- | M] () -- C:\Users\Sheyenne Alvarez\Documents\~$eyenne Resume.dotx
[4 C:\Users\Sheyenne Alvarez\Documents\*.tmp files -> C:\Users\Sheyenne Alvarez\Documents\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/01 21:52:22 | 000,000,162 | -H-- | C] () -- C:\Users\Sheyenne Alvarez\Documents\~$eyenne Resume for Bus. Plan class.dotx
[2014/12/01 21:52:16 | 000,137,540 | ---- | C] () -- C:\Users\Sheyenne Alvarez\Documents\Sheyenne Resume for Bus. Plan class.dotx
[2014/11/17 13:50:31 | 000,011,479 | ---- | C] () -- C:\Users\Sheyenne Alvarez\Documents\Numbers.jpg
[2014/11/08 21:06:57 | 000,001,252 | ---- | C] () -- C:\Users\Sheyenne Alvarez\Desktop\Amazon Music.lnk
[2014/11/04 20:03:50 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd
[2014/11/02 21:58:27 | 000,000,162 | -H-- | C] () -- C:\Users\Sheyenne Alvarez\Documents\~$eyenne Resume.dotx
[2014/11/02 21:58:20 | 000,166,563 | ---- | C] () -- C:\Users\Sheyenne Alvarez\Documents\Sheyenne Resume.dotx
[2014/07/20 13:55:04 | 000,000,110 | ---- | C] () -- C:\Users\Sheyenne Alvarez\jobq.dat
[2014/01/17 09:33:02 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2013/10/12 21:42:05 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lexlog.dll
[2012/03/10 00:18:51 | 000,000,632 | RHS- | C] () -- C:\Users\Sheyenne Alvarez\ntuser.pol
[2012/01/04 19:01:57 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/24 15:32:47 | 000,000,000 | ---- | C] () -- C:\ProgramData\dc435C.dat
[2011/07/04 16:57:32 | 000,001,854 | ---- | C] () -- C:\Users\Sheyenne Alvarez\AppData\Roaming\GhostObjGAFix.xml
[2011/03/08 17:47:58 | 000,017,408 | ---- | C] () -- C:\Users\Sheyenne Alvarez\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 20:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 19:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/09/10 15:43:37 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\.minecraft
[2013/12/15 14:31:33 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\.mono
[2012/07/29 11:12:44 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\1C47E
[2014/04/21 13:41:25 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\1O1L1I1PtF1F1C1N
[2011/06/11 10:00:33 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Amazon
[2012/01/13 09:51:37 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Azureus
[2012/09/01 14:00:57 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\com.amazon.music.uploader
[2011/12/27 12:45:27 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\com.jakks.spynet
[2014/12/01 06:52:13 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Dropbox
[2014/05/19 18:00:51 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\GoPro
[2011/08/20 14:00:00 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\InstallJammer Registry
[2012/01/01 23:07:15 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\iPodder
[2011/11/05 15:28:54 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Leadertech
[2011/03/20 13:06:40 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\MAGIX
[2014/01/17 10:31:55 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\McGraw-HillLicensing
[2014/12/01 06:52:44 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\MotoCast
[2013/08/19 19:05:19 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Motorola
[2013/08/19 19:06:42 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Motorola Mobility
[2011/05/25 23:34:46 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\MyPublisher
[2013/06/29 22:05:29 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Oracle
[2014/04/21 14:21:11 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\OverDrive
[2012/02/02 22:12:12 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Panda Security
[2011/03/05 23:08:08 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\PictureMover
[2011/08/18 17:08:28 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\PlayFirst
[2011/08/20 16:07:43 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Riverpoint Writer
[2014/09/02 18:55:25 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Search Protection
[2011/05/14 09:28:49 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Unity
[2011/03/07 08:30:33 | 000,000,000 | ---D | M] -- C:\Users\Sheyenne Alvarez\AppData\Roaming\V715w
 
========== Purity Check ==========
 
 
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:054203E4
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
 


  • 0

Advertisements

#2
sheyennelilly
Posted 02 December 2014 - 01:15 PM

sheyennelilly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

Here is the extras:

 

OTL Extras logfile created on: 12/2/2014 12:51:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sheyenne Alvarez\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 56.29% Memory free
7.50 Gb Paging File | 4.53 Gb Available in Paging File | 60.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.50 Gb Total Space | 140.06 Gb Free Space | 15.25% Space Free | Partition Type: NTFS
Drive E: | 12.92 Gb Total Space | 1.59 Gb Free Space | 12.28% Space Free | Partition Type: NTFS
Drive K: | 465.65 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: FAT32
 
Computer Name: SHEYENNEALVAREZ | User Name: Sheyenne Alvarez | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0217D07E-2847-4F66-851B-0162B39EF907}" = rport=137 | protocol=17 | dir=out | app=system |
"{0F8F6E53-5175-4C6B-86B4-DF5164D0545D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{120537A5-CA34-49F2-B7C3-5E673993A709}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{22D134B4-9408-4CAF-86F4-74F776713B33}" = lport=445 | protocol=6 | dir=in | app=system |
"{295D57AA-CAB2-483C-9F70-813A0D071403}" = lport=137 | protocol=17 | dir=in | app=system |
"{2A6792FF-E041-4882-A422-CB30ED0178CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{323BE51D-6794-448A-808D-2FB65092530D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A3B34AA-DD8E-4B16-88ED-A53DC9AC7764}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3C78AA1A-C3E9-4FE9-B05B-1518C66BF75F}" = rport=138 | protocol=17 | dir=out | app=system |
"{41A269ED-02C7-40F3-8C30-9C0480362205}" = lport=139 | protocol=6 | dir=in | app=system |
"{5E4FA2EE-9F84-4CBA-A2A0-D36A2B19944F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{620DD33E-624B-426E-A031-3291961D1E6E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{73369B5A-9B67-4A9A-805C-2711C00AF9DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7BB25D78-AA63-4180-9A0A-DB40D9974B47}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{81D22EE9-275E-41A7-88C1-94DAB8AE093C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D377456-6DB9-40C1-BADA-83A471D80E82}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{93956D8A-C8F9-4605-AA5A-164F79608846}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9A6C339B-B306-4406-892F-6FF316237794}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9C729B37-BC91-4D8B-9F81-039503AFD346}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A3AAA55D-EC90-4615-9108-27FE74B06483}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A3CB8FF6-5E70-4D88-BB47-04499C0AEC4C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AA27FD4D-98C2-45E7-AE5D-1C8352EFA839}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B5FBE9DF-95E5-47E3-A6BE-479E1B4E11D1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BB36BB2A-5F45-476B-9BC2-7A83FBFEDB9C}" = rport=139 | protocol=6 | dir=out | app=system |
"{CE22AFD1-3D33-4253-A488-05C29056E0AD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{E7EBDE40-6431-4522-8B6C-37B17F05644B}" = rport=445 | protocol=6 | dir=out | app=system |
"{FDEB9530-485F-4DA5-8344-B37FA782CB29}" = lport=138 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015725BA-B672-4192-9519-B0954068AA7C}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{02C4BDC6-C43E-426E-B7B8-74EF596EA1C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{05209EBF-AAC4-46B5-83FE-E6325DD944F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{08313823-3E3D-40D9-ACEF-DFD320ADF600}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{0AA8C640-9094-4E5D-BC8C-D2C390BE4C99}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v520 series\dkabscw.dll |
"{0AB6E144-3C98-4669-AB32-1D99AC427BF0}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\psu\dkpsu.exe |
"{0C50038B-E9E9-4ADA-837E-CC3F920414BB}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{11FF62F6-8E50-4BC4-B599-CFCD6B97DAB4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{12EAB644-9D86-4B00-95FC-0270304B4E80}" = protocol=17 | dir=in | app=c:\program files (x86)\istation\istation.exe |
"{17576305-7383-4D40-B478-C59E2F4EFBBB}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\wirelesssetup\dkwpss.exe |
"{1A4FB1C2-4F29-4771-A202-40A5A51D6395}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{1F310715-14BC-4F48-8667-062F458D6737}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{25B8C68D-E4E5-4267-8F91-3D4E5489A90C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2A62BA59-9AEE-49D9-865B-CAF30085CAEB}" = protocol=58 | dir=out | [email protected],-28546 |
"{2ADE397B-662B-4E04-B0F6-47CEA336ACFB}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe |
"{2ADE3BA9-5861-44DE-9ABD-46734FC06518}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2C139DDF-1B47-4FD2-ABD7-23DC0222C9A9}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{2C7B37E6-06FE-43AC-872B-E9721160811D}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{3473FB5F-D5A7-4305-BBDD-27F5EB493303}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\networktwain\dkzzz_32__bc.dll |
"{36CAD408-4628-455A-839B-F662BA9C7FC0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{39E93176-A484-4E41-B8FC-F20DBDF87FE4}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v520 series\dkadglscn.exe |
"{3E7D2C5E-DE53-47D6-AAFF-E7EC9F8CAD7F}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\status center\dksmc.exe |
"{43C8096B-B2BC-43BD-B27D-06A82ECA2F5B}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{456437DF-7DC9-41B5-B8B5-E2295890951F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4CA1FAD6-A872-4B07-8ABE-5FF8BD77B02F}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\networktwain\dkzzz_32serv.dll |
"{615E68F0-1DBA-4EF9-88D1-0C462DCB08BB}" = dir=in | app=c:\program files (x86)\motorola mobility\motocast\motocast.exe |
"{623505FE-A37C-4ED9-883C-2B1B01E6943E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{669730C1-5CAF-46F9-BD9C-E5A94EB819F7}" = protocol=17 | dir=in | app=c:\users\sheyenne alvarez\appdata\roaming\dropbox\bin\dropbox.exe |
"{6832F279-FE12-4380-8026-1F1CB6B37F36}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\networktwain\dkzzz_32__bc.dll |
"{698F6ED6-4540-45E9-BF66-17BD6BF7D17B}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v520 series\dkadgmon.exe |
"{6AACBBFA-44AD-4DDA-9D73-610B08904FEB}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{6C2A1F62-4215-4349-8238-5D58232ED902}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{6CAB6026-6554-428A-AE15-F7F1485646D7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6FD121C4-B0AD-426C-994E-4AD54A8B1A5A}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{74CD9FC5-0B63-422A-A31C-AAAC394CDDAC}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{75FD2403-49C8-4A44-B24E-5172AA0AC099}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v520 series\dkadglscn.exe |
"{7D73657C-32EF-44F5-8630-29320BEE73D0}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{7DEBC5EB-C30E-411B-A48B-ADB2DC0B0092}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F163E16-1930-455B-A4D8-D1E01D3362F4}" = protocol=6 | dir=in | app=c:\users\sheyenne alvarez\appdata\roaming\dropbox\bin\dropbox.exe |
"{7F3CC9A8-474E-491A-ACE2-6825F6956E6C}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\wirelesssetup\dkwpss.exe |
"{85F43C2E-1F9B-4808-84E2-3255940DAD91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8A92A3F7-104A-4F10-B508-DC26C3034CA6}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\networktwain\dkzzz_32serv.dll |
"{8C297FA3-AE51-4E6A-A1A2-D33823283C83}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{900C04AA-296C-47B3-941C-2549B7EBF502}" = protocol=1 | dir=in | [email protected],-28543 |
"{919EF03C-B04C-4958-A40D-63DEE6C820A2}" = protocol=58 | dir=in | [email protected],-28545 |
"{921B4B15-43F0-4BD9-8088-4393A7064A3C}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\psu\dkpsu.exe |
"{9243AE1E-13F3-4D79-B534-342C3CE6EB08}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v715w\dleefax.exe |
"{92BD3546-DE9B-4495-89E5-6982870EC87F}" = dir=in | app=c:\program files\cyberlink\powerdirector11\pdr10.exe |
"{938550E8-84A4-4E4F-9A9F-F6A17DCF9AF7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{98108DEB-659E-46C8-AF82-2961A6CE1668}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{9975FA3E-9FE4-4FDE-B21F-C413DB9994BF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9AD34C29-443F-4BA4-845C-ED69ABE6A42C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A1D9F003-3C59-4F79-A3E2-D97B60272A70}" = dir=in | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe |
"{A47275E2-D497-422E-8D18-E7084B1A3079}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{A5619A51-3746-496F-A4E9-AC1F6440AE2B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AA1971F5-02EF-4783-A199-4D275EF0FD07}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v520 series\dkabscw.dll |
"{AEADCF38-0779-409A-818F-C8D872749F94}" = dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe |
"{AFD7D6AF-3A6E-4A25-ABCB-B13CCF628891}" = dir=out | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe |
"{B2EDAD9F-B3CA-4A04-969B-470740C2FF21}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{BA87643C-A0A1-4D68-99D8-109E42DC5EBA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
"{BD37E3CF-78C6-414E-B9E8-5EF226E63B9C}" = protocol=6 | dir=in | app=c:\program files (x86)\istation\istation.exe |
"{C88EC975-538D-4C14-9DEA-D3534C05112A}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{C900839E-E0FE-4178-ABEB-22014E053864}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C9236770-B1F1-4122-A68E-BEAD4797B3FD}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{CD2E7D35-3494-4BED-81C0-8195B7FD0E1E}" = protocol=6 | dir=out | app=system |
"{CDEDF75F-62B9-4A39-A9FB-E8B705341E36}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D02123ED-5E8F-4118-B947-807CE2D5FDDA}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{D1213211-0036-4316-9FB1-CB89B7D0F4C1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D370E6EF-7DB8-48F4-8E4C-9DCDBB3E0026}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{D540C9E2-9AFA-4AB7-9651-27AEFBBBCC54}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D960FFB3-9C38-4564-BBF2-90BAFDBB6E4B}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{D9B9F2F9-73B6-4197-9E37-D73E0C99429B}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v715w\dleefax.exe |
"{E3F11EC3-738D-4C85-9481-D0010841430B}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\status center\dksmc.exe |
"{E5C3D9AD-43EA-4848-AB49-85910EA67C0A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E60B046F-6DF2-4155-9136-2ACA05BF2715}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{E85F05A4-DD2B-4437-BB06-23E8BBC10EB7}" = protocol=1 | dir=out | [email protected],-28544 |
"{E8C2A138-9AEE-4743-9674-873B693C0D6B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EFA5B9C7-7204-4214-BA87-63C8DB38A02D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F02558D6-2352-4D3B-AD06-F6905B1649BA}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v520 series\dkadgmon.exe |
"{F089C0DB-3F8B-4851-9052-0011F5AE696D}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{FB77812B-5620-4490-97F0-020FE2E962C4}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe |
"{FBCE3C27-BB80-47A9-987F-FEC84616B94F}" = dir=out | app=c:\program files (x86)\motorola mobility\motocast\motocast.exe |
"TCP Query User{32AA0357-981F-44DE-9C6C-1E063ABD5564}C:\program files (x86)\dell v520 series\dkadgmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell v520 series\dkadgmon.exe |
"TCP Query User{39910165-1CC7-4942-A44C-09AC71B34964}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe |
"TCP Query User{56383AE5-2DA5-42FF-9214-44F404E00DBE}C:\program files (x86)\logitech\logitech alert\logitech alert commander.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech alert\logitech alert commander.exe |
"TCP Query User{69A28820-C253-46EE-A7C3-D0053D536EF8}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"TCP Query User{ADFD8775-9D06-4BB4-8092-B3496A7E37F9}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{FBDB5EB6-1C28-47D3-AE4E-0580F59E81CF}C:\program files (x86)\logitech\logitech alert\logitech alert commander.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech alert\logitech alert commander.exe |
"UDP Query User{1FB6FFAA-C5E8-4342-B797-2D37CD3480ED}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{26402D91-72D8-4D5F-8BE1-6420D857126B}C:\program files (x86)\logitech\logitech alert\logitech alert commander.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech alert\logitech alert commander.exe |
"UDP Query User{4527AB7A-F347-4835-8C26-25967CE14AF1}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe |
"UDP Query User{AAA6B8C6-59DF-44AB-B944-73525D434323}C:\program files (x86)\logitech\logitech alert\logitech alert commander.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech alert\logitech alert commander.exe |
"UDP Query User{AAC9ACB9-537F-43A2-A55B-7F539ECCE5BC}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"UDP Query User{ED70CA1A-BF6B-43EA-AB03-6637CE5E8D23}C:\program files (x86)\dell v520 series\dkadgmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell v520 series\dkadgmon.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{2599B6F1-92AC-472C-BE60-9F17565E4938}" = PowerDirector
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E7CCB76-687B-4C53-9A5E-08780AF3A551}" = Motorola Mobile Drivers Installation 5.9.0
"{551F492A-01B0-4DC4-866F-875EC4EDC0A8}" = CyberLink PowerDirector 11
"{5A68A656-979F-4168-8795-E2E368AA4DC2}" = iTunes
"{5E94829C-D2B9-3779-BA6C-1ACCDED3800E}" = Microsoft .NET Framework 4.5.1 (ITA)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E166235-49F3-4DFA-A102-1E86675ABD11}" = Z Cinema
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}" = ATI Catalyst Install Manager
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036" = Microsoft .NET Framework 4.5.1 (Français)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040" = Microsoft .NET Framework 4.5.1 (Italiano)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043" = Microsoft .NET Framework 4.5.1 (Nederlands)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082" = Microsoft .NET Framework 4.5.1 (español)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EBB0AF2-4AD2-3ABA-95EF-977EBEA1CB09}" = Microsoft .NET Framework 4.5.1 (NLD)
"{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2913230-094D-4F41-9EEF-CE9571C450D8}" = SpyroPortalDriver
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C22759DB-BA8B-30E7-99EE-8B47DB43AE56}" = Microsoft .NET Framework 4.5.1 (FRA)
"{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU)
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D6E5E5FE-83CF-3CFC-AF7A-11F05613705B}" = Microsoft .NET Framework 4.5.1 (ESN)
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{FD9560A8-CB02-1F28-CB9C-487244A28A8B}" = ccc-utility64
"0B624A43DD66DBF5CF3EDFA9741A364E688062A4" = Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 )
"Dell V520 Series" = Dell V520 Series Uninstaller
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"NewBlue Art Effects for PowerDirector" = Newblue Art Effects for PowerDirector
"O365ProPlusRetail - en-us" = Microsoft Office 365 ProPlus - en-us
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0181AC3F-9B88-940C-2016-C17D2185E413}" = Amazon Music Importer
"{0655C185-FD48-5EBA-484A-CD530291F44D}" = CCC Help Hungarian
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{09B71986-2AC5-482d-B6CB-42EA34F4F85B}" = Dell Toolbar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BF71387-5AFD-F71B-7353-3AEBD3E8F5F3}" = Catalyst Control Center Graphics Full Existing
"{0C667580-EA2C-4EC2-A233-D52468A1D7D9}" = MAGIX Speed 2 (MSI)
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0E04DC91-AC15-4632-B545-B9AA9519E6AE}" = Pantech PCSuite
"{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}" = ccc-core-static
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B01541D-B1B8-8B7E-E82B-70551A1AF961}" = CCC Help Chinese Standard
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F22808B-156F-44FB-B56B-9E8F8C8DC8F5}" = Motorola Device Software Update
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26070CDA-A7C5-2114-0533-38DE06C65E7F}" = CCC Help Polish
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 67
"{2726B6FF-D8F9-8F29-2A7D-8192AAE79D3F}" = Catalyst Control Center Localization All
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}" = HP MediaSmart/TouchSmart Netflix
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3088B508-7EE1-EC64-4FFD-C4901378CE7D}" = CCC Help Russian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3778B802-8E2C-04B0-2C1B-7C2A8F981824}" = CCC Help Finnish
"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4
"{48CA048A-3C5B-391E-7FF0-F36F434CB1B6}" = CCC Help Thai
"{48E3D369-48AA-4585-AE91-E64667682508}_is1" = Flyff
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{52CD3425-C5E8-C49D-B776-AC85F018C0F6}" = Catalyst Control Center Graphics Previews Vista
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{597CE475-4F62-89EE-A81E-DB509DA0CBB2}" = CCC Help English
"{5E7A925A-CCE1-4ED5-A0DD-4A821A3F9BC2}" = Catalyst Control Center Core Implementation
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{674DAE26-3C3C-2D20-1BB4-82B380142E78}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69187EC5-F5CF-4B2C-B920-5A17F44D9685}" = Pantech PCSuite
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A9EF47E-D49A-2EFC-20A1-A92DE7F826DF}" = CCC Help Czech
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A9C67EF-05A8-499F-56A2-C467A4FE6DEE}" = CCC Help Italian
"{7DA0C5CE-9817-CDB2-F061-F72D0CB6EEB3}" = CCC Help German
"{7DB63154-92A4-12AE-364F-DE9C7B459720}" = CCC Help Spanish
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{814B1C30-2FFC-4F23-90A8-22C7A3E95F8D}" = MAGIX Movie Edit Pro 17
"{824B6B39-758A-46B8-913A-6699C22620B1}" = MAGIX Screenshare
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1" = ClipGrab 3.4.7
"{8D2A81D8-AABF-673B-08BE-EF7A80295F14}" = CCC Help French
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{912CED74-88D3-4C5B-ACB0-13231864975E}" = PressReader
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{981F6BCD-252E-6A64-9C6D-4E3B10B1B126}" = Catalyst Control Center InstallProxy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C815CCE-8A56-4C1E-A3CA-D1BA519882BC}" = Logitech Alert Commander
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7CEA571-43AC-95FE-4F08-22C401FC2824}" = CCC Help Japanese
"{A826CCC4-C0BA-97B4-F1DB-E68CD45D1133}" = CCC Help Danish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)
"{AC9A3F48-8936-40CD-A0B2-7CFA76906143}" = Catalyst Control Center Graphics Full New
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}" = HP Support Assistant
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B68D391C-32C6-798E-C78F-83C1797B162A}" = CCC Help Swedish
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
"{BAE06076-DB3F-4936-8864-249A7B2AA662}" = Intel® Integrated Performance Primitives Run-Time Installer 5.1 for Windows* on IA-32 Intel® Architecture
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}" = Fitbit Connect
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9DAD0FF-495A-472B-9F10-BAE430A26682}" = Apple Application Support
"{DC47D46D-8874-D83A-6612-9DA3175861B2}" = CCC Help Korean
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DF09BCD9-3556-77A6-8984-1CA95F8E1078}" = CCC Help Portuguese
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0DE2996-A443-5FEA-30B7-9395E0F3A7CC}" = CCC Help Chinese Traditional
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EDFA892D-594D-C921-35FF-B6E5CFD2487C}" = CCC Help Dutch
"{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}" = PL-2303 Vista Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F56BBEB1-E982-0A07-0004-1CBC8E5B534E}" = CCC Help Turkish
"{F600ED39-BA0C-A127-EAB7-057DF0A327E0}" = CCC Help Norwegian
"{F84B7A2F-2328-A610-89F6-2CC78CF00FFE}" = Catalyst Control Center Graphics Light
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"0591-8077-9297-0833" = FamilySearch Indexing 3.24.2
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"com.amazon.music.uploader" = Amazon Music Importer
"FileHippo.com" = FileHippo.com Update Checker
"GoPro Studio" = GoPro Studio 2.0.1
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}" = CyberLink PowerDirector 11
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Kobo" = Kobo
"Macromedia Director 7" = Macromedia Director 7
"MAGIX_MSI_Videodeluxe17" = MAGIX Movie Edit Pro 17
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Media Player - Codec Pack" = Media Player Codec Pack 4.2.0
"Mozilla Firefox 33.1 (x86 en-US)" = Mozilla Firefox 33.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PDF Complete" = PDF Complete Special Edition
"Picasa 3" = Picasa 3
"Quicken WillMaker Plus 2008" = Quicken WillMaker Plus 2008
"The Imagination Station" = The Imagination Station (remove only)
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 4.0 [64-Bit]
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"23ab716f18849b6f" = Amazon Cloud Drive
"Amazon Amazon Music" = Amazon Music
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
"FF389026-F961-42C5-BACD-B4A3AA73E0F3" = Riverpoint Writer
"Google+ Auto Backup" = Google+ Auto Backup
"SOE-Free Realms" = Free Realms
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/24/2014 6:54:18 PM | Computer Name = SheyenneAlvarez | Source = Application Error | ID = 1000
Description = Faulting application name: Neuz.exe, version: 3.8.22.1, time stamp:
 0x544da8d8  Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp:
 0x521ea8e7  Exception code: 0xc0000005  Fault offset: 0x00038e19  Faulting process id:
 0x494  Faulting application start time: 0x01d0083993625d58  Faulting application path:
 C:\Program Files\Webzen\FlyFF\Neuz.exe  Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
 Id: d1f82f13-742c-11e4-aa9c-6431502d79d5
 
Error - 11/24/2014 6:54:24 PM | Computer Name = SheyenneAlvarez | Source = Application Error | ID = 1000
Description = Faulting application name: Neuz.exe, version: 3.8.22.1, time stamp:
 0x544da8d8  Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp:
 0x521ea8e7  Exception code: 0xc0000005  Fault offset: 0x00038e19  Faulting process id:
 0x1ac4  Faulting application start time: 0x01d0083997ae1916  Faulting application path:
 C:\Program Files\Webzen\FlyFF\Neuz.exe  Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
 Id: d580b9fa-742c-11e4-aa9c-6431502d79d5
 
Error - 11/28/2014 12:03:01 AM | Computer Name = SheyenneAlvarez | Source = Windows Search Service | ID = 3100
Description =
 
Error - 11/28/2014 10:43:02 AM | Computer Name = SheyenneAlvarez | Source = Microsoft Office 15 | ID = 2011
Description = Office Subscription licensing exception: Error Code: 0x803D0006; CorrelationId:
 {BBD3F8DC-3464-46C7-B46B-136AB5F97A28}
 
Error - 11/28/2014 10:43:02 AM | Computer Name = SheyenneAlvarez | Source = Office 2013 Licensing Service | ID = 0
Description =
 
Error - 11/28/2014 4:18:17 PM | Computer Name = SheyenneAlvarez | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
 when process Performance extension counter provider. The BaseIndex value from the
 Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
 the Data section.
 
Error - 11/28/2014 4:18:17 PM | Computer Name = SheyenneAlvarez | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The first DWORD in the Data section contains the error code.
 
Error - 11/29/2014 2:52:58 AM | Computer Name = SheyenneAlvarez | Source = System Restore | ID = 8200
Description =
 
Error - 11/29/2014 4:44:37 AM | Computer Name = SheyenneAlvarez | Source = System Restore | ID = 8193
Description =
 
Error - 11/29/2014 4:44:37 AM | Computer Name = SheyenneAlvarez | Source = System Restore | ID = 8211
Description =
 
Error - 11/29/2014 10:20:51 AM | Computer Name = SheyenneAlvarez | Source = System Restore | ID = 8210
Description =
 
Error - 11/30/2014 2:53:34 AM | Computer Name = SheyenneAlvarez | Source = Windows Search Service | ID = 3100
Description =
 
Error - 11/30/2014 9:02:32 AM | Computer Name = SheyenneAlvarez | Source = Office 2013 Licensing Service | ID = 0
Description =
 
Error - 11/30/2014 10:27:45 PM | Computer Name = SheyenneAlvarez | Source = Windows Backup | ID = 4104
Description =
 
[ Hewlett-Packard Events ]
Error - 3/14/2011 6:25:49 PM | Computer Name = SheyenneAlvarez | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031114052539.xml
 File not created by asset agent
 
Error - 4/4/2011 6:58:28 PM | Computer Name = SheyenneAlvarez | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041104055820.xml
 File not created by asset agent
 
Error - 4/25/2011 6:49:00 PM | Computer Name = SheyenneAlvarez | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041125054852.xml
 File not created by asset agent
 
[ Media Center Events ]
Error - 11/30/2014 3:55:13 PM | Computer Name = SheyenneAlvarez | Source = MCUpdate | ID = 0
Description = 1:50:31 PM - Failed to retrieve NetTV (Error: Unable to connect to
 the remote server)  
 
Error - 11/30/2014 3:55:36 PM | Computer Name = SheyenneAlvarez | Source = MCUpdate | ID = 0
Description = 1:55:36 PM - Failed to retrieve SportsSchedule (Error: Unable to connect
 to the remote server)  
 
Error - 11/30/2014 11:14:19 PM | Computer Name = SheyenneAlvarez | Source = MCUpdate | ID = 0
Description = 9:08:19 PM - Failed to retrieve NetTV (Error: Unable to connect to
 the remote server)  
 
Error - 12/1/2014 4:25:22 AM | Computer Name = SheyenneAlvarez | Source = MCUpdate | ID = 0
Description = 2:25:22 AM - Failed to retrieve NetTV (Error: Unable to connect to
 the remote server)  
 
Error - 12/1/2014 4:26:00 AM | Computer Name = SheyenneAlvarez | Source = MCUpdate | ID = 0
Description = 2:25:53 AM - Failed to retrieve Broadband (Error: Unable to connect
 to the remote server)  
 
Error - 12/1/2014 5:26:26 AM | Computer Name = SheyenneAlvarez | Source = MCUpdate | ID = 0
Description = 3:26:25 AM - Failed to retrieve Broadband (Error: Unable to connect
 to the remote server)  
 
Error - 12/1/2014 6:26:52 AM | Computer Name = SheyenneAlvarez | Source = MCUpdate | ID = 0
Description = 4:26:51 AM - Failed to retrieve Broadband (Error: Invalid security
 token.)  
 
Error - 12/1/2014 7:27:16 AM | Computer Name = SheyenneAlvarez | Source = MCUpdate | ID = 0
Description = 5:27:15 AM - Failed to retrieve Broadband (Error: Unable to connect
 to the remote server)  
 
Error - 12/1/2014 1:30:02 PM | Computer Name = SheyenneAlvarez | Source = MCUpdate | ID = 0
Description = 11:30:01 AM - Failed to retrieve SportsSchedule (Error: Unable to
connect to the remote server)  
 
Error - 12/2/2014 1:24:17 AM | Computer Name = SheyenneAlvarez | Source = MCUpdate | ID = 0
Description = 11:24:17 PM - Failed to retrieve MCEClientUX (Error: Unable to connect
 to the remote server)  
 
[ System Events ]
Error - 11/30/2014 11:06:02 PM | Computer Name = SheyenneAlvarez | Source = DCOM | ID = 10016
Description =
 
Error - 11/30/2014 11:06:07 PM | Computer Name = SheyenneAlvarez | Source = DCOM | ID = 10016
Description =
 
Error - 11/30/2014 11:16:15 PM | Computer Name = SheyenneAlvarez | Source = DCOM | ID = 10010
Description =
 
Error - 12/1/2014 4:23:03 AM | Computer Name = SheyenneAlvarez | Source = DCOM | ID = 10016
Description =
 
Error - 12/1/2014 4:23:06 AM | Computer Name = SheyenneAlvarez | Source = DCOM | ID = 10016
Description =
 
Error - 12/1/2014 8:52:03 AM | Computer Name = SheyenneAlvarez | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the MBAMService service.
 
Error - 12/2/2014 4:34:45 AM | Computer Name = SheyenneAlvarez | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
 on volume C:.
 
Error - 12/2/2014 3:03:31 PM | Computer Name = SheyenneAlvarez | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume OS.
 
Error - 12/2/2014 3:03:31 PM | Computer Name = SheyenneAlvarez | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume OS.
 
Error - 12/2/2014 3:03:31 PM | Computer Name = SheyenneAlvarez | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume OS.
 
 
< End of report >
 


  • 0

#3
Biscuithd
Posted 04 December 2014 - 07:34 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi There :)

 

I don't think you've been helped yet, so let me have a look at your log and I'll be back :thumbsup:


  • 0

#4
Biscuithd
Posted 04 December 2014 - 09:03 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi Again,

 

Ok, I'm seeing a few oddities on your machine. First, it looks like you either have a Dropbox infection or you accidentally installed part or all of Dropbox from a Temp folder. It's kind of difficult to tell completely from a scan. What I'm going to do is remove the Temp location portions and see how it goes. Worse case, you can re-install the Dropbox software after we've completely cleaned the machine and anything we do to the machine, does not touch the contents of the Dropbox within the Cloud.

 

Next, I am going to post my Peer to Peer warning next. Please read it and hopefully refrain from further use of that mode of operation. It is without question, the vehicle from where your infections originated!

 

I've spotted signs of a P2P program installed on your machine.



icon_exclaim.gifBe warned:

P2P programs, as they are legal itself, are often used to obtain some illegal downloads. Currently it's one of the best ways to get infected: unsecured ports, downloaded cracks... There have been some extreme cases in which passwords, private or financial data was exposed to file sharing network because of bad P2P configuration.

I'm rather sure that if you'll continue using P2P, you'll be often visiting our Malware Removal Forum.
I strongly recommend full uninstallation of any P2P apps (if so, please do it from the Control Panel > Add/Remove Programs), but if you want to leave them on your OS (cause this is optional), at least please refrain from using it until we finish our work with cleaning your computer now.
 

My friendly advice: at least, when downloading any files from P2P network, scan them at Jotti or VirScan.

 

 

Next, you appear to have multiple Anti-Virus (A/V) programs running. Unfortunately, more than one is not a good thing. They tend to squabble with each other and then miss more things than they find. So, pick one. If you pick McAfee, then Disable Microsoft Security Essentials (MSE). If you pick MSE, then uninstall McAfee. (Sometime's I am asked my opinion, if you case, I would pick MSE. It's free and works as well, if not better, than McAfee. McAfee unnecessarily consumes resources and is unnecessarily expensive.)

 

Last, here is your first fix. Please be aware that it will not fix all of the problems. I am trying carefully extract the infection while not harming your remain programs, so this will likely take a few tools and a few attempts.

 

51a5d669693dd-icon_OTL.png Fix with OTL

Please re-run OTL with this removal script included.



icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
    
:Commands

[CreateRestorePoint]
:OTL

MOD - [2014/12/01 07:02:50 | 000,553,984 | ---- | M] () -- C:\Users\Sheyenne Alvarez\AppData\Local\Temp\zumotaglib.dll7000694649529791781.lib

MOD - [2014/12/01 06:53:30 | 000,160,256 | ---- | M] () -- C:\Users\Sheyenne Alvarez\AppData\Local\Temp\ZumoLocalGateway.dll2056677331032952862.lib

MOD - [2014/12/01 06:53:19 | 000,314,368 | ---- | M] () -- C:\Users\Sheyenne Alvarez\AppData\Local\Temp\WindowsFolderWatcher.dll4292676265308765660.lib

MOD - [2014/12/01 06:52:03 | 000,205,824 | ---- | M] () -- C:\Users\Sheyenne Alvarez\AppData\Local\Temp\WindowsAPI.dll8808630298038366323.lib

MOD - [2014/12/01 06:52:03 | 000,043,008 | ---- | M] () -- c:\Users\Sheyenne Alvarez\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyr7ak5.dll

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKCU\..\SearchScopes,DefaultScope = {A95C09AC-0593-4FEF-898E-A147C363BCAB}

IE - HKCU\..\SearchScopes\{4408C5D3-D063-47B7-F412-10B06D154E1C}: "URL" = http://bdlr.startnow...eferrer:source}

FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.2.6.20140805113039

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Sheyenne Alvarez\AppData\Roaming\Mozilla\Firefox\Profiles\kn59s6jm.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll File not found

[2012/05/08 13:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Mozilla\Extensions

[2014/11/18 11:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Mozilla\Firefox\Profiles\btxhxadl.default-1415987071767\extensions

[2014/11/14 18:39:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Mozilla\Firefox\Profiles\btxhxadl.default-1415987071767\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2014/11/18 11:17:29 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Sheyenne Alvarez\AppData\Roaming\Mozilla\Firefox\Profiles\btxhxadl.default-1415987071767\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2014/11/10 08:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2014/11/10 08:38:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\osf - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

[2011/07/04 16:57:32 | 000,001,854 | ---- | C] () -- C:\Users\Sheyenne Alvarez\AppData\Roaming\GhostObjGAFix.xml

[2011/03/08 17:47:58 | 000,017,408 | ---- | C] () -- C:\Users\Sheyenne Alvarez\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:054203E4

@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:D1B5B4F1:Commands

[ResetHosts]

[EmptyTemp]

[Reboot]
  • Push Run Fix and wait patiently.
  • If asked to reboot, please allow it to.
  • A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

Please include the content of this logfile in your next reply.

 

 

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.



  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;

shortcutfix;
emptyalltemp;
autoclean;
symlinksfix;
process;
services-list;
systemspecs;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
filesrcm;
installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

 

Let's do just this much and see how it goes. I also see disk errors, but we might be able to clean those up with CHKDSK after we've gotten the computer clean.


  • 0

#5
sheyennelilly
Posted 04 December 2014 - 10:08 AM

sheyennelilly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

Biscuithd,

  Thank you so much for your help.  I wasn't aware I had any P2P software on my computer.  My husband said he had uTorrent installed before but removed it.  I removed one called FileHippo.  Could that be it?  If not, I'm not sure what else to remove.  I also uninstalled McAfee.  Thanks for that advice. 

 

Here is the OTL log. I'll do the other stuff next.

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4408C5D3-D063-47B7-F412-10B06D154E1C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4408C5D3-D063-47B7-F412-10B06D154E1C}\ not found.
Prefs.js: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.2.6.20140805113039 removed from extensions.enabledAddons
Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1 removed from extensions.enabledAddons
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3\ deleted successfully.
C:\Users\Sheyenne Alvarez\AppData\Roaming\Mozilla\Extensions folder moved successfully.
C:\Users\Sheyenne Alvarez\AppData\Roaming\Mozilla\Firefox\Profiles\btxhxadl.default-1415987071767\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\Sheyenne Alvarez\AppData\Roaming\Mozilla\Firefox\Profiles\btxhxadl.default-1415987071767\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\Sheyenne Alvarez\AppData\Roaming\Mozilla\Firefox\Profiles\btxhxadl.default-1415987071767\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\Sheyenne Alvarez\AppData\Roaming\Mozilla\Firefox\Profiles\btxhxadl.default-1415987071767\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\Sheyenne Alvarez\AppData\Roaming\Mozilla\Firefox\Profiles\btxhxadl.default-1415987071767\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\Sheyenne Alvarez\AppData\Roaming\Mozilla\Firefox\Profiles\btxhxadl.default-1415987071767\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\Sheyenne Alvarez\AppData\Roaming\Mozilla\Firefox\Profiles\btxhxadl.default-1415987071767\extensions folder moved successfully.
Folder C:\Users\Sheyenne Alvarez\AppData\Roaming\Mozilla\Firefox\Profiles\btxhxadl.default-1415987071767\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\ not found.
File C:\Users\Sheyenne Alvarez\AppData\Roaming\Mozilla\Firefox\Profiles\btxhxadl.default-1415987071767\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully.
Folder C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\osf\ deleted successfully.
File Protocol\Handler\osf - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Sheyenne Alvarez\AppData\Roaming\GhostObjGAFix.xml moved successfully.
C:\Users\Sheyenne Alvarez\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
ADS C:\ProgramData\Temp:054203E4 deleted successfully.
Unable to delete ADS C:\ProgramData\Temp:D1B5B4F1:Commands .
File setHosts] not found.
File ptyTemp] not found.
File boot] not found.
 
OTL by OldTimer - Version 3.2.69.0 log created on 12042014_093941

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 


  • 0

#6
sheyennelilly
Posted 04 December 2014 - 11:00 AM

sheyennelilly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

Here is the log from Zoek:

 

 

Zoek.exe v5.0.0.0 Updated 03-December-2014
Tool run by Sheyenne Alvarez on Thu 12/04/2014 at 10:17:53.94.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Sheyenne Alvarez\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

12/4/2014 10:19:00 AM Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\7EEB7 deleted successfully
C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\PROGRA~2\Panda Security deleted successfully
C:\PROGRA~2\WiLife Command Center deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Program Files\Google deleted successfully
C:\PROGRA~3\DellUpdate deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\Sheyenne Alvarez\AppData\Roaming\.minecraft deleted successfully
C:\Users\Sheyenne Alvarez\AppData\Roaming\1C47E deleted successfully
C:\Users\Sheyenne Alvarez\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Sheyenne Alvarez\AppData\Roaming\Search Protection deleted successfully
C:\Users\Sheyenne Alvarez\AppData\Roaming\u33pmGG5aQJ6WKf deleted successfully
C:\Users\Sheyenne Alvarez\AppData\Roaming\U33ppmG55aJ deleted successfully
C:\Users\Dario Jr\AppData\Local\PDFC deleted successfully
C:\Users\Gabriella\AppData\Local\PDFC deleted successfully
C:\Users\Gabriella\AppData\Local\{206E64B8-FA44-483C-B655-DAABC1562ABB} deleted successfully
C:\Users\Gabriella\AppData\Local\{4C4AA798-BE59-4088-93D6-1B59E3BDC459} deleted successfully
C:\Users\Gabriella\AppData\Local\{94D41433-4832-41F8-90C9-90B0ACE70DD5} deleted successfully
C:\Users\Sheyenne Alvarez\AppData\Local\HP MediaSmart Video deleted successfully
C:\Users\Sheyenne Alvarez\AppData\Local\HuluDesktop deleted successfully
C:\Users\Sheyenne Alvarez\AppData\Local\PDFC deleted successfully
C:\Users\Sheyenne Alvarez\AppData\Local\Unity deleted successfully

==== Checking Systemdrive for Symlinks ======================

 Volume in drive C is OS
 Volume Serial Number is 1C47-EEB7

 Directory of C:\

07/13/2009  11:08 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes

 Directory of C:\ProgramData

07/13/2009  11:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  11:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  11:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  11:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  11:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  11:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of C:\Users

07/13/2009  11:08 PM    <SYMLINKD>     All Users [C:\ProgramData]
07/13/2009  11:08 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes

 Directory of C:\Users\All Users

07/13/2009  11:08 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  11:08 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  11:08 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  11:08 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  11:08 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  11:08 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of C:\Users\Dario Jr

03/14/2012  08:22 AM    <JUNCTION>     Application Data [C:\Users\Dario Jr\AppData\Roaming]
03/14/2012  08:22 AM    <JUNCTION>     Cookies [C:\Users\Dario Jr\AppData\Roaming\Microsoft\Windows\Cookies]
03/14/2012  08:22 AM    <JUNCTION>     Local Settings [C:\Users\Dario Jr\AppData\Local]
03/14/2012  08:22 AM    <JUNCTION>     My Documents [C:\Users\Dario Jr\Documents]
03/14/2012  08:22 AM    <JUNCTION>     NetHood [C:\Users\Dario Jr\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/14/2012  08:22 AM    <JUNCTION>     PrintHood [C:\Users\Dario Jr\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/14/2012  08:22 AM    <JUNCTION>     Recent [C:\Users\Dario Jr\AppData\Roaming\Microsoft\Windows\Recent]
03/14/2012  08:22 AM    <JUNCTION>     SendTo [C:\Users\Dario Jr\AppData\Roaming\Microsoft\Windows\SendTo]
03/14/2012  08:22 AM    <JUNCTION>     Start Menu [C:\Users\Dario Jr\AppData\Roaming\Microsoft\Windows\Start Menu]
03/14/2012  08:22 AM    <JUNCTION>     Templates [C:\Users\Dario Jr\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of C:\Users\Dario Jr\AppData\Local

03/14/2012  08:22 AM    <JUNCTION>     Application Data [C:\Users\Dario Jr\AppData\Local]
03/14/2012  08:22 AM    <JUNCTION>     History [C:\Users\Dario Jr\AppData\Local\Microsoft\Windows\History]
03/14/2012  08:22 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Dario Jr\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes

 Directory of C:\Users\Dario Jr\AppData\LocalLow

09/15/2012  12:12 PM    <JUNCTION>     PlayReady [C:\ProgramData\Microsoft\PlayReady]
               0 File(s)              0 bytes

 Directory of C:\Users\Dario Jr\Documents

03/14/2012  08:22 AM    <JUNCTION>     My Music [C:\Users\Dario Jr\Music]
03/14/2012  08:22 AM    <JUNCTION>     My Pictures [C:\Users\Dario Jr\Pictures]
03/14/2012  08:22 AM    <JUNCTION>     My Videos [C:\Users\Dario Jr\Videos]
               0 File(s)              0 bytes

 Directory of C:\Users\Default

07/13/2009  11:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009  11:08 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009  11:08 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/13/2009  11:08 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/13/2009  11:08 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009  11:08 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009  11:08 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009  11:08 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009  11:08 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009  11:08 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of C:\Users\Default\AppData\Local

07/13/2009  11:08 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/13/2009  11:08 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009  11:08 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes

 Directory of C:\Users\Default\Documents

07/13/2009  11:08 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/13/2009  11:08 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/13/2009  11:08 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes

 Directory of C:\Users\Gabriella

03/14/2012  10:30 AM    <JUNCTION>     Application Data [C:\Users\Gabriella\AppData\Roaming]
03/14/2012  10:30 AM    <JUNCTION>     Cookies [C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Cookies]
03/14/2012  10:30 AM    <JUNCTION>     Local Settings [C:\Users\Gabriella\AppData\Local]
03/14/2012  10:30 AM    <JUNCTION>     My Documents [C:\Users\Gabriella\Documents]
03/14/2012  10:30 AM    <JUNCTION>     NetHood [C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/14/2012  10:30 AM    <JUNCTION>     PrintHood [C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/14/2012  10:30 AM    <JUNCTION>     Recent [C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Recent]
03/14/2012  10:30 AM    <JUNCTION>     SendTo [C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\SendTo]
03/14/2012  10:30 AM    <JUNCTION>     Start Menu [C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Start Menu]
03/14/2012  10:30 AM    <JUNCTION>     Templates [C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of C:\Users\Gabriella\AppData\Local

03/14/2012  10:30 AM    <JUNCTION>     Application Data [C:\Users\Gabriella\AppData\Local]
03/14/2012  10:30 AM    <JUNCTION>     History [C:\Users\Gabriella\AppData\Local\Microsoft\Windows\History]
03/14/2012  10:30 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Gabriella\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes

 Directory of C:\Users\Gabriella\AppData\LocalLow

08/03/2012  11:58 AM    <JUNCTION>     PlayReady [C:\ProgramData\Microsoft\PlayReady]
               0 File(s)              0 bytes

 Directory of C:\Users\Gabriella\Documents

03/14/2012  10:30 AM    <JUNCTION>     My Music [C:\Users\Gabriella\Music]
03/14/2012  10:30 AM    <JUNCTION>     My Pictures [C:\Users\Gabriella\Pictures]
03/14/2012  10:30 AM    <JUNCTION>     My Videos [C:\Users\Gabriella\Videos]
               0 File(s)              0 bytes

 Directory of C:\Users\Public\Documents

07/13/2009  11:08 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/13/2009  11:08 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/13/2009  11:08 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes

 Directory of C:\Users\Roman

03/29/2012  03:13 PM    <JUNCTION>     Application Data [C:\Users\Roman\AppData\Roaming]
03/29/2012  03:13 PM    <JUNCTION>     Cookies [C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Cookies]
03/29/2012  03:13 PM    <JUNCTION>     Local Settings [C:\Users\Roman\AppData\Local]
03/29/2012  03:13 PM    <JUNCTION>     My Documents [C:\Users\Roman\Documents]
03/29/2012  03:13 PM    <JUNCTION>     NetHood [C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/29/2012  03:13 PM    <JUNCTION>     PrintHood [C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/29/2012  03:13 PM    <JUNCTION>     Recent [C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Recent]
03/29/2012  03:13 PM    <JUNCTION>     SendTo [C:\Users\Roman\AppData\Roaming\Microsoft\Windows\SendTo]
03/29/2012  03:13 PM    <JUNCTION>     Start Menu [C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu]
03/29/2012  03:13 PM    <JUNCTION>     Templates [C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of C:\Users\Roman\AppData\Local

03/29/2012  03:13 PM    <JUNCTION>     Application Data [C:\Users\Roman\AppData\Local]
03/29/2012  03:13 PM    <JUNCTION>     History [C:\Users\Roman\AppData\Local\Microsoft\Windows\History]
03/29/2012  03:13 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes

 Directory of C:\Users\Roman\Documents

03/29/2012  03:13 PM    <JUNCTION>     My Music [C:\Users\Roman\Music]
03/29/2012  03:13 PM    <JUNCTION>     My Pictures [C:\Users\Roman\Pictures]
03/29/2012  03:13 PM    <JUNCTION>     My Videos [C:\Users\Roman\Videos]
               0 File(s)              0 bytes

 Directory of C:\Users\Sheyenne Alvarez

03/05/2011  11:03 PM    <JUNCTION>     Application Data [C:\Users\Sheyenne Alvarez\AppData\Roaming]
03/05/2011  11:03 PM    <JUNCTION>     Cookies [C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Cookies]
03/05/2011  11:03 PM    <JUNCTION>     Local Settings [C:\Users\Sheyenne Alvarez\AppData\Local]
03/05/2011  11:03 PM    <JUNCTION>     My Documents [C:\Users\Sheyenne Alvarez\Documents]
03/05/2011  11:03 PM    <JUNCTION>     NetHood [C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/05/2011  11:03 PM    <JUNCTION>     PrintHood [C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/05/2011  11:03 PM    <JUNCTION>     Recent [C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Recent]
03/05/2011  11:03 PM    <JUNCTION>     SendTo [C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\SendTo]
03/05/2011  11:03 PM    <JUNCTION>     Start Menu [C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu]
03/05/2011  11:03 PM    <JUNCTION>     Templates [C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes

 Directory of C:\Users\Sheyenne Alvarez\AppData\Local

03/05/2011  11:03 PM    <JUNCTION>     Application Data [C:\Users\Sheyenne Alvarez\AppData\Local]
03/05/2011  11:03 PM    <JUNCTION>     History [C:\Users\Sheyenne Alvarez\AppData\Local\Microsoft\Windows\History]
03/05/2011  11:03 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Sheyenne Alvarez\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes

 Directory of C:\Users\Sheyenne Alvarez\Documents

03/05/2011  11:03 PM    <JUNCTION>     My Music [C:\Users\Sheyenne Alvarez\Music]
03/05/2011  11:03 PM    <JUNCTION>     My Pictures [C:\Users\Sheyenne Alvarez\Pictures]
03/05/2011  11:03 PM    <JUNCTION>     My Videos [C:\Users\Sheyenne Alvarez\Videos]
               0 File(s)              0 bytes

 Directory of C:\Windows

11/11/2011  12:46 PM    <JUNCTION>     system64 [c:\users]
               0 File(s)              0 bytes

 Directory of C:\Windows\System32\config\systemprofile

04/04/2011  08:26 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
04/04/2011  08:26 AM    <JUNCTION>     Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
04/04/2011  08:26 AM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
               0 File(s)              0 bytes

 Directory of C:\Windows\System32\config\systemprofile\AppData\Local

04/04/2011  08:26 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
04/04/2011  08:26 AM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
04/04/2011  08:26 AM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes

 Directory of C:\Windows\SysWOW64\config\systemprofile

04/04/2011  08:26 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
04/04/2011  08:26 AM    <JUNCTION>     Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
04/04/2011  08:26 AM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
               0 File(s)              0 bytes

 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local

04/04/2011  08:26 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
04/04/2011  08:26 AM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
04/04/2011  08:26 AM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes

     Total Files Listed:
               0 File(s)              0 bytes
             113 Dir(s)  152,635,920,384 bytes free


==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3854915487-3061028145-266851286-1000\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint  
ABBYY FineReader 9.0 Sprint  
ActiveCheck component for HP Active Support Library  
Adobe AIR  
Adobe Flash Player 15 ActiveX  
Adobe Flash Player 15 Plugin  
Adobe Reader XI (11.0.09)  
Amazon Cloud Drive  
Amazon MP3 Downloader 1.0.17  
Amazon Music  
Amazon Music Importer  
Apple Application Support  
Apple Mobile Device Support  
ATI Catalyst Install Manager  
Bing Rewards Client Installer  
Catalyst Control Center - Branding  
Catalyst Control Center Core Implementation  
Catalyst Control Center Graphics Full Existing  
Catalyst Control Center Graphics Full New  
Catalyst Control Center Graphics Light  
Catalyst Control Center Graphics Previews Vista  
Catalyst Control Center InstallProxy  
Catalyst Control Center Localization All  
ccc-core-static  
ccc-utility64  
CCC Help Chinese Standard  
CCC Help Chinese Traditional  
CCC Help Czech  
CCC Help Danish  
CCC Help Dutch  
CCC Help English  
CCC Help Finnish  
CCC Help French  
CCC Help German  
CCC Help Greek  
CCC Help Hungarian  
CCC Help Italian  
CCC Help Japanese  
CCC Help Korean  
CCC Help Norwegian  
CCC Help Polish  
CCC Help Portuguese  
CCC Help Russian  
CCC Help Spanish  
CCC Help Swedish  
CCC Help Thai  
CCC Help Turkish  
CDDRV_Installer  
ClipGrab 3.4.7  
CyberLink DVD Suite Deluxe  
CyberLink PowerDirector 11  
D3DX10  
Definition Update for Microsoft Office 2010 (KB2899521) 32-Bit Edition  
Dell Driver Download Manager  
Dell Toolbar  
Dell V520 Series Uninstaller  
Dropbox  
DVD Menu Pack for HP MediaSmart Video  
erLT  
FamilySearch Indexing 3.24.2  
Firebird SQL Server - MAGIX Edition  
Fitbit Connect  
Flyff  
Free Realms  
Google Earth  
Google Update Helper  
Google+ Auto Backup  
GoPro Studio 2.0.1  
HP Auto  
HP Client Services  
HP Customer Experience Enhancements  
HP MediaSmart DVD  
HP MediaSmart Music  
HP MediaSmart Photo  
HP MediaSmart SmartMenu  
HP MediaSmart/TouchSmart Netflix  
HP MovieStore  
HP Odometer  
HP Setup  
HP Setup Manager  
HP Support Assistant  
HP Support Information  
HP Update  
HP Vision Hardware Diagnostics  
HPAsset component for HP Active Support Library  
iCloud  
Intel® Integrated Performance Primitives Run-Time Installer 5.1 for Windows* on IA-32 Intel® Architecture  
Internet TV for Windows Media Center  
iTunes  
Java 7 Update 67  
Java Auto Updater  
Junk Mail filter update  
KhalInstallWrapper  
Kobo  
LabelPrint  
LightScribe System Software  
Logitech Alert Commander  
Logitech SetPoint  
Macromedia Director 7  
MAGIX Speed 2 (MSI)  
Malwarebytes Anti-Malware version 2.0.4.1028  
Media Player Codec Pack 4.2.0  
Microsoft .NET Framework 4.5.1  
Microsoft .NET Framework 4.5.1 (DEU)  
Microsoft .NET Framework 4.5.1 (Deutsch)  
Microsoft .NET Framework 4.5.1 (ESN)  
Microsoft .NET Framework 4.5.1 (espa¤ol)  
Microsoft .NET Framework 4.5.1 (FRA)  
Microsoft .NET Framework 4.5.1 (Fran‡ais)  
Microsoft .NET Framework 4.5.1 (ITA)  
Microsoft .NET Framework 4.5.1 (Italiano)  
Microsoft .NET Framework 4.5.1 (Nederlands)  
Microsoft .NET Framework 4.5.1 (NLD)  
Microsoft Application Error Reporting  
Microsoft Default Manager  
Microsoft IntelliPoint 8.2  
Microsoft Office 365 ProPlus - en-us  
Microsoft Office Access MUI (English) 2010  
Microsoft Office Access Setup Metadata MUI (English) 2010  
Microsoft Office Excel MUI (English) 2010  
Microsoft Office Home and Student 2010  
Microsoft Office Office 64-bit Components 2010  
Microsoft Office OneNote MUI (English) 2010  
Microsoft Office Outlook MUI (English) 2010  
Microsoft Office PowerPoint MUI (English) 2010  
Microsoft Office Proof (English) 2010  
Microsoft Office Proof (French) 2010  
Microsoft Office Proof (Spanish) 2010  
Microsoft Office Proofing (English) 2010  
Microsoft Office Publisher MUI (English) 2010  
Microsoft Office Shared 64-bit MUI (English) 2010  
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010  
Microsoft Office Shared MUI (English) 2010  
Microsoft Office Shared Setup Metadata MUI (English) 2010  
Microsoft Office Single Image 2010  
Microsoft Office Word MUI (English) 2010  
Microsoft Security Client  
Microsoft Security Essentials  
Microsoft Silverlight  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053  
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2005 Redistributable (x64)  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft WSE 3.0 Runtime  
MotoCast  
Motorola Device Manager  
Motorola Device Software Update  
MOTOROLA MEDIA LINK  
Motorola Mobile Drivers Installation 5.9.0  
Movie Theme Pack for HP MediaSmart Video  
Mozilla Firefox 33.1 (x86 en-US)  
Mozilla Maintenance Service  
MSVCRT  
MSVCRT_amd64  
MSXML 4.0 SP2 (KB954430)  
MSXML 4.0 SP2 (KB973688)  
MSXML 4.0 SP2 Parser and SDK  
MSXML 4.0 SP3 Parser  
MSXML 4.0 SP3 Parser (KB2758694)  
Netflix in Windows Media Center  
Newblue Art Effects for PowerDirector  
Norton Online Backup  
NTI Backup Now EZ  
Office 15 Click-to-Run Extensibility Component  
Office 15 Click-to-Run Licensing Component  
Office 15 Click-to-Run Localization Component  
Pantech PCSuite  
PDF Complete Special Edition  
PhotoNow  
Picasa 3  
PictureMover  
PL-2303 Vista Driver Installer  
PlayReady PC Runtime amd64  
PlayReady PC Runtime x86  
Power2Go  
PressReader  
Quicken WillMaker Plus 2008  
QuickTime 7  
Ralink RT2860 Wireless LAN Card  
Realtek High Definition Audio Driver  
Recovery Manager  
Riverpoint Writer  
RoxioNow Player  
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)  
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition  
Security Update for Microsoft Word 2010 (KB2883013) 32-Bit Edition  
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition  
SmartSound Quicktracks 5  
Spybot - Search & Destroy  
SpyroPortalDriver  
swMSM  
The Imagination Station (remove only)  
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition  
Update for Microsoft Excel 2010 (KB2889935) 32-Bit Edition  
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition  
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2494150)  
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition  
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition  
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition  
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition  
Update for Microsoft PowerPoint 2010 (KB2878251) 32-Bit Edition  
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition  
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition  
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition  
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 )  
Windows Essentials Media Codec Pack 4.0 [64-Bit]  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Family Safety  
Windows Live ID Sign-in Assistant  
Windows Live Installer  
Windows Live Language Selector  
Windows Live Mail  
Windows Live Messenger  
Windows Live MIME IFilter  
Windows Live Movie Maker  
Windows Live Photo Common  
Windows Live Photo Gallery  
Windows Live PIMT Platform  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  
Windows Live Writer  
Windows Live Writer Resources  
Windows Media Encoder 9 Series  
Windows Media Player Firefox Plugin  
Wizard101  
Yahoo BrowserPlus 2.9.8  
Yahoo Install Manager  
Yahoo Internet Mail  
Yahoo Mail Advisor  
Yahoo Software Update  
Yahoo Toolbar  
Z Cinema  
Zinio Reader 4  

==== Running Processes ======================

C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Dell\ErrorApp\dkab1err.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Users\Sheyenne Alvarez\AppData\Local\Amazon Music\Amazon Music Helper.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Users\Sheyenne Alvarez\AppData\Local\Apps\2.0\C52Q8JWR.CDD\6A344DJW.HND\amaz..tion_f2fa081ea2183235_0002.0004_9f25fd1982bf3008\LocalServiceJre\bin\AmazonCloudDriveW.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Users\Sheyenne Alvarez\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==== Services(whitelist) ======================
Powered by E Dev

R2 - [ABBYY.Licensing.FineReader.Sprint.9.0] - ABBYY FineReader 9.0 Sprint Licensing Service - c:\program files (x86)\common files\abbyy\finereadersprint\9.00\licensing\networklicenseserver.exe
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
R2 - [ClickToRunSvc] - Microsoft Office ClickToRun Service - c:\program files\microsoft office 15\clientx64\officeclicktorun.exe
R2 - [DeviceMonitorService] - DeviceMonitorService - c:\program files (x86)\motorola media link\lite\nserviceentry.exe
R2 - [Fabs] - FABS - Helping agent for MAGIX media database - c:\program files (x86)\common files\magix services\database\bin\fabs.exe
R2 - [Fitbit Connect] - Fitbit Connect Service - c:\program files (x86)\fitbit connect\fitbitconnectservice.exe
R2 - [LBTServ] - Logitech Bluetooth Service - c:\program files\common files\logishrd\bluetooth\lbtserv.exe
R2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe
R2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe
R2 - [Motorola Device Manager] - Motorola Device Manager Service - c:\program files (x86)\motorola mobility\motorola device manager\motohelperservice.exe
R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe
R2 - [NOBU] - Norton Online Backup - c:\program files (x86)\symantec\norton online backup\nobuagent.exe
R2 - [RichVideo64] - Cyberlink RichVideo64 Service(CRVS) - c:\program files\cyberlink\shared files\richvideo64.exe
R2 - [SBSDWSCService] - SBSD Security Center Service - c:\program files (x86)\spybot - search & destroy\sdwinsec.exe
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [iPod Service] - iPod Service - c:\program files\ipod\bin\ipodservice.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [fsssvc] - Windows Live Family Safety Service - c:\program files (x86)\windows live\family safety\fsssvc.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [gusvc] - Google Software Updater - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [NisSrv] - Microsoft Network Inspection - c:\program files\microsoft security client\nissrv.exe
S3 - [ose] - Office  Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe
S4 - [FirebirdServerMAGIXInstance] - Firebird Server - MAGIX Instance - c:\program files (x86)\common files\magix services\database\bin\fbserver.exe
S4 - [HP Health Check Service] - HP Health Check Service - c:\program files (x86)\hewlett-packard\hp health check\hphc_service.exe
S4 - [HPClientSvc] - HP Client Services - c:\program files\hewlett-packard\hp client services\hpclientservices.exe
S4 - [HPDrvMntSvc.exe] - HP Quick Synchronization Service - c:\program files (x86)\hewlett-packard\shared\hpdrvmntsvc.exe
S4 - [hpqwmiex] - HP Software Framework Service - c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe
S4 - [LightScribeService] - LightScribeService Direct Disc Labeling Service - c:\program files (x86)\common files\lightscribe\lssrvc.exe
S4 - [pdfcDispatcher] - PDF Document Manager - c:\program files (x86)\pdf complete\pdfsvc.exe
S4 - [YahooAUService] - Yahoo! Updater - c:\program files (x86)\yahoo!\softwareupdate\yahooauservice.exe

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\YahooAUService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\YahooAUService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\YahooAUService deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\DARIOJ~1\AppData\Roaming\Mozilla\Firefox\Profiles\jxnoht0o.default

user.js not found
---- Lines Search  modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}\":{\"descriptor\":\"C:\\\\
---- FireFox user.js and prefs.js backups ----

prefs_20141204_1037_.backup

ProfilePath: C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\fdnb7ntl.default

user.js not found
---- Lines Search  modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}\":{\"descriptor\":\"C:\\\\
---- FireFox user.js and prefs.js backups ----

prefs_20141204_1037_.backup

ProfilePath: C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\ivj6ttxk.default

user.js not found
---- Lines Search  modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}\":{\"descriptor\":\"C:\\\\
---- FireFox user.js and prefs.js backups ----

prefs_20141204_1037_.backup

ProfilePath: C:\Users\SHEYEN~1\AppData\Roaming\Mozilla\Firefox\Profiles\btxhxadl.default-1415987071767

user.js not found
---- Lines Search  modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}\":{\"descriptor\":\"C:\\\\
---- FireFox user.js and prefs.js backups ----

prefs_20141204_1037_.backup

==== Batch Command(s) Run By Tool======================

C:\Windows\system32\appdata deleted

==== Deleting Files \ Folders ======================

C:\Windows\syswow64\appdata deleted
C:\PROGRA~2\FreeFileViewer deleted
C:\PROGRA~2\Yahoo! deleted
C:\Users\Gabriella\AppData\Roaming\Yahoo! deleted
C:\Users\Sheyenne Alvarez\AppData\Roaming\MAGIX deleted
C:\Users\Sheyenne Alvarez\AppData\Roaming\Yahoo! deleted
C:\PROGRA~3\UpdaterLog.txt deleted
C:\PROGRA~3\SPL1357.tmp deleted
C:\PROGRA~3\SPL2961.tmp deleted
C:\PROGRA~3\SPL3D14.tmp deleted
C:\PROGRA~3\SPL5E90.tmp deleted
C:\PROGRA~3\SPL7BCA.tmp deleted
C:\PROGRA~3\SPL9EA3.tmp deleted
C:\PROGRA~3\SPLD75B.tmp deleted
C:\PROGRA~3\SPLE82B.tmp deleted
C:\PROGRA~3\SPLEC7B.tmp deleted
C:\PROGRA~3\SPLED78.tmp deleted
C:\PROGRA~3\dc435C.dat deleted
C:\PROGRA~3\hash.dat deleted
C:\PROGRA~3\Yahoo! deleted
C:\PROGRA~3\Yahoo! Companion deleted
C:\PROGRA~3\MAGIX deleted
C:\Users\Sheyenne Alvarez\AppData\Local\FileTypeAssistant deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FamilySearch deleted
C:\Users\Dario Jr\AppData\LocalLow\pandasecuritytb deleted
C:\Users\Dario Jr\AppData\LocalLow\Yahoo! deleted
C:\Users\Dario Jr\AppData\LocalLow\Yahoo! Companion deleted
C:\Users\Gabriella\AppData\LocalLow\pandasecuritytb deleted
C:\Users\Gabriella\AppData\LocalLow\Yahoo! deleted
C:\Users\Gabriella\AppData\LocalLow\Yahoo! Companion deleted
C:\Users\Roman\AppData\LocalLow\pandasecuritytb deleted
C:\Users\Roman\AppData\LocalLow\Yahoo! deleted
C:\Users\Roman\AppData\LocalLow\Yahoo! Companion deleted
C:\Users\Sheyenne Alvarez\AppData\LocalLow\Yahoo! deleted
C:\Users\Sheyenne Alvarez\AppData\LocalLow\Yahoo! Companion deleted
C:\Windows\SysNative\config\systemprofile\AppData\LocalLow\pandasecuritytb deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\pandasecuritytb deleted
C:\Windows\WinInit.Ini deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Windows\Syswow64\GroupPolicy\Machine deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\fdnb7ntl.default\extensions\staged deleted
C:\Users\SHEYEN~1\AppData\Roaming\Mozilla\Firefox\Profiles\btxhxadl.default-1415987071767\Invalidprefs.js deleted
"C:\PROGRA~3\B7E85B32006C744366063720B4EB2367\B7E85B32006C744366063720B4EB2367" deleted
"C:\PROGRA~3\B7E85B32006C744366063720B4EB2367" deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 3840 MB
CPU Info: AMD Phenom™ II X4 840T Processor
CPU Speed: 2961.4 MHz
Sound Card: Speakers (3- Z Cinéma with TruS |
Realtek Digital Output (Realtek |
Display Adapters: ATI Radeon HD 4200  | ATI Radeon HD 4200  | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Acer P193W |
Screen Resolution: 1440 X 900 - 32 bit
Network: Network Present
Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Realtek PCIe FE Family Controller | 802.11n Wireless LAN Card
CD / DVD Drives: 1x (F: | ) F: hp      CDDVDW TS-H653T
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 12 Button Wheel Mouse Present
Hard Disks: C:  918.5GB | E:  12.9GB | K:  465.6GB
Hard Disks - Free: C:  141.9GB | E:  1.6GB | K:  2.5MB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 08/16/32 | HPQOEM - 20110118
Time Zone: Central Standard Time
Motherboard *: FOXCONN 2AB1
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Firefox    33.1
Internet Explorer Version: 11.0.9600.17420
Mozilla Firefox version: 33.1 (x86 en-US)
Adobe Reader version: 11.0.9.29
Sun Java version: 1.7.0_67 (32-bit)
Flash Player version: 15.0.0.239

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\SHEYEN~1\AppData\Local\Temp ====
2014-12-04 16:06:14    11DE7AC5B18CCDD77E47A258D506A87D    347147    ----a-w-    C:\Users\Sheyenne Alvarez\AppData\Local\Temp\jna6403043631255983935.dll
2014-12-04 16:03:28    EB4686F6F4BE2B00AA40978D551F66C4    43008    ----a-w-    C:\Users\Sheyenne Alvarez\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8pppif.dll
2014-12-04 15:23:51    CF95932C00190451115C782E139DE582    264488    ----a-w-    C:\Users\Sheyenne Alvarez\AppData\Local\Temp\MSS\3.8.150.1\McInstallerRes.dll
2014-12-04 15:23:51    87AA773F15D90973090D4DF76F8E60EF    565808    ----a-w-    C:\Users\Sheyenne Alvarez\AppData\Local\Temp\MSS\3.8.150.1\mcbrwsr2.dll
2014-12-04 15:23:51    2AA753368BF68871962D2E99B8692985    153760    ----a-w-    C:\Users\Sheyenne Alvarez\AppData\Local\Temp\MSS\3.8.150.1\McInstallerRes_LD.dll
2014-12-04 15:23:51    14E9947D26B0A418AA02F87741E4B40B    769736    ----a-w-    C:\Users\Sheyenne Alvarez\AppData\Local\Temp\MSS\3.8.150.1\McInstallerStartup.dll
2014-12-04 15:23:50    C4CF03B998D4D758B89CD07F22D7A7F9    645168    ----a-w-    C:\Users\Sheyenne Alvarez\AppData\Local\Temp\MSS\3.8.150.1\McUICnt.exe
2014-12-04 14:58:31    11DE7AC5B18CCDD77E47A258D506A87D    347147    ----a-w-    C:\Users\Sheyenne Alvarez\AppData\Local\Temp\jna7486548422233186638.dll
2014-12-03 01:19:29    11DE7AC5B18CCDD77E47A258D506A87D    347147    ----a-w-    C:\Users\Sheyenne Alvarez\AppData\Local\Temp\jna7325465431768274958.dll
2014-12-01 12:54:37    11DE7AC5B18CCDD77E47A258D506A87D    347147    ----a-w-    C:\Users\Sheyenne Alvarez\AppData\Local\Temp\jna2261945437405602070.dll
2014-11-30 02:52:17    11DE7AC5B18CCDD77E47A258D506A87D    347147    ----a-w-    C:\Users\Sheyenne Alvarez\AppData\Local\Temp\jna549382025572558089.dll
2014-11-29 22:25:46    11DE7AC5B18CCDD77E47A258D506A87D    347147    ----a-w-    C:\Users\Sheyenne Alvarez\AppData\Local\Temp\jna8466339283410097016.dll
2014-11-29 21:39:50    11DE7AC5B18CCDD77E47A258D506A87D    347147    ----a-w-    C:\Users\Sheyenne Alvarez\AppData\Local\Temp\jna2377341871394454322.dll
2014-11-29 19:04:10    11DE7AC5B18CCDD77E47A258D506A87D    347147    ----a-w-    C:\Users\Sheyenne Alvarez\AppData\Local\Temp\jna1768446004098390546.dll
2014-11-29 14:22:57    11DE7AC5B18CCDD77E47A258D506A87D    347147    ----a-w-    C:\Users\Sheyenne Alvarez\AppData\Local\Temp\jna8413202799737167308.dll
2014-11-28 20:13:41    11DE7AC5B18CCDD77E47A258D506A87D    347147    ----a-w-    C:\Users\Sheyenne Alvarez\AppData\Local\Temp\jna7484001645186374533.dll
2014-11-28 18:43:59    11DE7AC5B18CCDD77E47A258D506A87D    347147    ----a-w-    C:\Users\Sheyenne Alvarez\AppData\Local\Temp\jna25767491262589546.dll
2014-11-24 14:35:14    11DE7AC5B18CCDD77E47A258D506A87D    347147    ----a-w-    C:\Users\Sheyenne Alvarez\AppData\Local\Temp\jna172970797157040067.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2014-11-12 11:41:19    41774FF331F609EF442B7398EE6202B1    155064    ----a-w-    C:\Windows\Sysnative\drivers\ksecpkg.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\Sheyenne Alvarez\AppData\Roaming ======
2014-11-09 03:06:41    --------    d-----w-    C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music
2014-11-09 03:06:33    --------    d-----w-    C:\Users\Sheyenne Alvarez\AppData\Local\Amazon Music
====== C:\Users\Sheyenne Alvarez ======
2014-12-02 18:47:37    4ADCFEE16EE9978F06157634669D36FB    602112    ----a-w-    C:\Users\Sheyenne Alvarez\Downloads\OTL.exe
2014-11-29 22:26:33    1747A50E01D0FDB324F9F50E025FDB66    401920    ----a-w-    C:\Users\Sheyenne Alvarez\Downloads\MiniToolBox.exe
2014-11-25 20:25:06    2EDE6612B7042D8582819CAB084E6883    13087456    ----a-w-    C:\Users\Sheyenne Alvarez\Downloads\Silverlight_x64(3).exe

====== C: exe-files ==
2014-12-04 15:23:50    C4CF03B998D4D758B89CD07F22D7A7F9    645168    ----a-w-    C:\Users\Sheyenne Alvarez\AppData\Local\Temp\MSS\3.8.150.1\McUICnt.exe
2014-12-02 18:47:37    4ADCFEE16EE9978F06157634669D36FB    602112    ----a-w-    C:\Users\Sheyenne Alvarez\Downloads\OTL.exe
2014-11-29 22:26:33    1747A50E01D0FDB324F9F50E025FDB66    401920    ----a-w-    C:\Users\Sheyenne Alvarez\Downloads\MiniToolBox.exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3854915487-3061028145-266851286-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"DKab1err"="C:\Program Files (x86)\Dell\ErrorApp\DKab1err.exe"
"DKADGmon"="C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe"
"Google+ Auto Backup"="C:\Users\Sheyenne Alvarez\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe /autostart"
"Fitbit Connect"="C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe /autorun"
"Amazon Music"="C:\Users\Sheyenne Alvarez\AppData\Local\Amazon Music\Amazon Music Helper.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn /f"
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn /f"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn /f"
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn /f"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BackupNowEZtray"="C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe -k"
"DKADGmon"="C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"Fitbit Connect"="C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe /autorun"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"DKab1err"="C:\Program Files (x86)\Dell\ErrorApp\DKab1err.exe"
"DKADGmon"="C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe"
"Google+ Auto Backup"="C:\Users\Sheyenne Alvarez\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe /autostart"
"Fitbit Connect"="C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe /autorun"
"Amazon Music"="C:\Users\Sheyenne Alvarez\AppData\Local\Amazon Music\Amazon Music Helper.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent"
"DKADGmon"="C:\Program Files (x86)\Dell V520 Series\DKADGmon.exe"
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dell V715w]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dell V715w"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Dell V715w\\fm3032.exe\" /s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dleemon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dleemon.exe"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Dell V715w\\dleemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EzPrint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EzPrint"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Dell V715w\\ezprint.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Software Update"
"hkey"="HKLM"
"command"="c:\\Program Files (x86)\\HP\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hpsysdrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpsysdrv"
"hkey"="HKLM"
"command"="c:\\program files (x86)\\hewlett-packard\\HP odometer\\hpsysdrv.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Default Manager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Microsoft Default Manager"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft\\Search Enhancement Pack\\Default Manager\\DefMgr.exe\" -resume"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norton Online Backup]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Norton Online Backup"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\NOBuClient.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PDF Complete]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDF Complete"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\PDF Complete\\pdfsty.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmartMenu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SmartMenu"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hewlett-Packard\\HP MediaSmart\\SmartMenu.exe /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SmileboxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SmileboxTray"
"hkey"="HKCU"
"command"="\"C:\\Users\\Sheyenne Alvarez\\AppData\\Roaming\\Smilebox\\SmileboxTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StartCCC"
"hkey"="HKLM"
"command"="\"c:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TkBellExe"
"hkey"="HKLM"
"command"="\"c:\\program files (x86)\\real\\realplayer\\Update\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TrayServer]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TrayServer"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\MAGIX\\Movie_Edit_Pro_17\\TrayServer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WiLife Command Center]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WiLife Command Center"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\WiLife Command Center\\Werks.exe\" /logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YMailAdvisor]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YMailAdvisor"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Yahoo!\\Common\\YMailAdvisor.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Snapfish PictureMover.lnk"
"backup"="C:\\Windows\\pss\\Snapfish PictureMover.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\PICTUR~1\\Bin\\PICTUR~1.EXE -det"
"item"="Snapfish PictureMover"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AMD External Events Utility]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\dleeCATSCustConnectService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\dlee_device]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FirebirdServerMAGIXInstance]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\GameConsoleService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gusvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HP Health Check Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HPClientSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HPDrvMntSvc.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\hpqwmiex]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LightScribeService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NOBU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\pdfcDispatcher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RoxioNow Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\YahooAUService]


==== Startup Folders ======================

2014-03-18 21:39:42    408    ----a-w-    C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms
2013-12-17 00:57:56    1071    ----a-w-    C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2013-01-25 03:44:28    1254    ----a-w-    C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
2013-01-19 21:17:34    3143    ----a-w-    C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Z Cinema.lnk
2014-05-19 20:23:16    1172    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk
2012-11-29 02:19:46    1847    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11/26/2014 04:36 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [03/29/2014 07:11 PM]
C:\Windows\tasks\HPCeeScheduleForSheyenne Alvarez.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [09/14/2010 12:15 AM]
C:\Windows\tasks\HPCeeScheduleForSHEYENNEALVAREZ$.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [09/14/2010 12:15 AM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\DellPUDCTask" [C:\Program Files\Dell\ProductUpdate\DKprodupdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForSheyenne Alvarez" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForSHEYENNEALVAREZ$" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\MotoCast Update" ["C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe"]
"C:\Windows\SysNative\tasks\Motorola Device Manager Engine" ["C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]
"C:\Windows\SysNative\tasks\Motorola Device Manager Initial Update" ["C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]
"C:\Windows\SysNative\tasks\Motorola Device Manager Update" ["C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]
"C:\Windows\SysNative\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3854915487-3061028145-266851286-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3854915487-3061028145-266851286-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3854915487-3061028145-266851286-1000" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3854915487-3061028145-266851286-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3854915487-3061028145-266851286-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-3854915487-3061028145-266851286-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-3854915487-3061028145-266851286-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\Registration" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]
"C:\Windows\SysNative\tasks\Windows Codec Update Service" ["C:\Program Files (x86)\Essentials Codec Pack\WECPUpdate.exe"]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\GetAssistance Maintenance Events" ["%programfiles(x86)%\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPSAObjUtil.exe"]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Norton AntiVirus\Norton Error Analyzer" [C:\Program Files (x86)\Norton AntiVirus\Engine\19.1.1.3\SymErr.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\DARIOJ~1\AppData\Roaming\Mozilla\Firefox\Profiles\jxnoht0o.default
- Yahoo Toolbar - C:\Users\Dario Jr\AppData\Roaming\Mozilla\Firefox\Profiles\jxnoht0o.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
- Yahoo Toolbar - %ProfilePath%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

ProfilePath: C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\fdnb7ntl.default
- Yahoo Toolbar - C:\Users\Gabriella\AppData\Roaming\Mozilla\Firefox\Profiles\fdnb7ntl.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
- Yahoo Toolbar - %ProfilePath%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

ProfilePath: C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\ivj6ttxk.default
- Yahoo Toolbar - %ProfilePath%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

==== Firefox Plugins ======================

Profilepath: C:\Users\Sheyenne Alvarez\AppData\Roaming\Mozilla\Firefox\Profiles\btxhxadl.default-1415987071767
8303B3CEC05500F763B4FA75210598BB    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll -    Shockwave Flash
D6ED6EB98E759460AD8C66DE23070132    - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll -    Microsoft Office 2013
18CF51689186AEB9D1D149AEB0E92D03    - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL -    Microsoft Office 2013
E638C845403AB63112673A0C72C07789    - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll -    RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit)
0C316A33BBE35CD1097936393A177656    - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll -    RealPlayer™ HTML5VideoShim Plug-In (32-bit)


==== Deleted Firefox Extensions ======================

C:\Users\Dario Jr\AppData\Roaming\Mozilla\Firefox\Profiles\jxnoht0o.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} deleted
C:\Users\Gabriella\AppData\Roaming\Mozilla\Firefox\Profiles\fdnb7ntl.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} deleted
C:\Users\Roman\AppData\Roaming\Mozilla\Firefox\Profiles\ivj6ttxk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} deleted

==== Chromium Startpages ======================

C:\Users\Sheyenne Alvarez\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/",
"urls_to_restore_on_startup": [ "http://www.google.com/" ]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page Restore"="http://my.yahoo.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page Restore"="http://go.microsoft..../?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.co...={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/...ox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown  Url="Not_Found"
{A95C09AC-0593-4FEF-898E-A147C363BCAB} Google  Url="http://www.google.co...rlz=1I7ADSA_en"
{d43b3890-80c7-4010-a95d-1e77b5924dc3} Wikipedia  Url="http://en.wikipedia....={searchTerms}"
{d944bb61-2e34-4dbf-a683-47e505c587dc} eBay  Url="http://rover.ebay.co...}&mfe=Desktops"
{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} Bing  Url="http://www.bing.com/...c=IE-SearchBox"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3854915487-3061028145-266851286-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_USERS\S-1-5-21-3854915487-3061028145-266851286-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_USERS\S-1-5-21-3854915487-3061028145-266851286-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully
HKEY_USERS\S-1-5-21-3854915487-3061028145-266851286-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_USERS\S-1-5-21-3854915487-3061028145-266851286-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_USERS\S-1-5-21-3854915487-3061028145-266851286-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_USERS\S-1-5-21-3854915487-3061028145-266851286-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_USERS\S-1-5-21-3854915487-3061028145-266851286-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3854915487-3061028145-266851286-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{ABDE892B-13A8-4d1b-88E6-365A6E755758} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Dario Jr\Desktop\Media Player Classic.lnk - C:\Program Files (x86)\Essentials Codec Pack\MPC\mpc-hc64.exe
C:\Users\Dario Jr\Desktop\Quicken WillMaker Plus 2008.lnk - C:\Program Files (x86)\Quicken WillMaker Plus 2008\qwp.exe
C:\Users\Gabriella\Desktop\Media Player Classic.lnk - C:\Program Files (x86)\Essentials Codec Pack\MPC\mpc-hc64.exe
C:\Users\Gabriella\Desktop\Pantech PC Suite(P7040).lnk - C:\Users\Gabriella\AppData\Roaming\Pantech\Pantech PC Suite\P7040\Launcher.exe
C:\Users\Gabriella\Desktop\Quicken WillMaker Plus 2008.lnk - C:\Program Files (x86)\Quicken WillMaker Plus 2008\qwp.exe
C:\Users\Roman\Desktop\Media Player Classic.lnk - C:\Program Files (x86)\Essentials Codec Pack\MPC\mpc-hc64.exe
C:\Users\Roman\Desktop\Quicken WillMaker Plus 2008.lnk - C:\Program Files (x86)\Quicken WillMaker Plus 2008\qwp.exe
C:\Users\Sheyenne Alvarez\Desktop\Amazon Music.lnk - C:\Users\Sheyenne Alvarez\AppData\Local\Amazon Music\Amazon Music.exe
C:\Users\Sheyenne Alvarez\Desktop\Dropbox.lnk - C:\Users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Sheyenne Alvarez\Desktop\Flyff.lnk - C:\Program Files\Webzen\FlyFF\Flyff.exe
C:\Users\Sheyenne Alvarez\Desktop\GoPro Studio.lnk - C:\Program Files (x86)\GoPro\Tools\GoPro Studio.exe
C:\Users\Sheyenne Alvarez\Desktop\MyPublisher.lnk - C:\Program Files (x86)\MyPublisher\MyPublisher\MyPublisher40.exe
C:\Users\Sheyenne Alvarez\Desktop\Quicken WillMaker Plus 2008.lnk - C:\Program Files (x86)\Quicken WillMaker Plus 2008\qwp.exe
C:\Users\Sheyenne Alvarez\Desktop\Riverpoint Writer.lnk - C:\Users\Sheyenne Alvarez\AppData\Roaming\Riverpoint Writer\Riverpoint.dot
C:\Users\Sheyenne Alvarez\Desktop\Spybot - Search & Destroy.lnk - C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\Sheyenne Alvarez\Desktop\Z Cinema.lnk - C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Installer\{6E166235-49F3-4DFA-A102-1E86675ABD11}\DesktopShortcut_6E16623549F34DFAA1021E86675ABD11.exe
C:\Users\Sheyenne Alvarez\Desktop\chatTemp\Flyff.lnk - C:\Program Files\Webzen\FlyFF\Flyff.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Amazon Cloud Player.lnk - C:\Program Files (x86)\Amazon\MP3 Downloader\Amazon Cloud Player.url
C:\Users\Public\Desktop\Amazon Music Importer.lnk - C:\Program Files (x86)\Amazon\Utilities\Amazon Music Importer\Amazon Music Importer.exe
C:\Users\Public\Desktop\Blio.lnk - C:\Program Files (x86)\K-NFB Reading Technology Inc\Blio\KNFB.Reader.exe
C:\Users\Public\Desktop\ClipGrab.lnk - C:\Program Files (x86)\ClipGrab\ClipGrab.exe
C:\Users\Public\Desktop\CyberLink PowerDirector 11.lnk - C:\Program Files\CyberLink\PowerDirector11\PDR11.exe
C:\Users\Public\Desktop\Dell Printer Home.LNK - C:\Program Files (x86)\Dell\Dashboard\dl__Dashboard.exe
C:\Users\Public\Desktop\FamilySearch Indexing.lnk - C:\Program Files (x86)\FamilySearch Indexing\indexing.familysearch.org\indexing.exe
C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Public\Desktop\HP Music.lnk - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe /MS /Rhapsody
C:\Users\Public\Desktop\HP Support Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
C:\Users\Public\Desktop\Logitech Alert Commander.lnk - C:\Program Files (x86)\Logitech\Logitech Alert\Logitech Alert Commander.exe
C:\Users\Public\Desktop\Logitech Mouse and Keyboard Settings.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe /s
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\NTI Backup Now EZ.lnk - C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZ.exe
C:\Users\Public\Desktop\Pantech PC Suite(P7040).lnk - C:\Program Files (x86)\Pantech\Pantech PC Suite\P7040\Launcher.exe
C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\Public\Desktop\rr.lnk - C:\ProgramData\KingsIsle Entertainment\Wizard101\Wizard101.exe
C:\Users\Public\Desktop\Snapfish PictureMover.lnk - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Users\Public\Desktop\The Imagination Station.lnk - C:\Program Files (x86)\istation\IStation.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music\Amazon Music.lnk - C:\Users\Sheyenne Alvarez\AppData\Local\Amazon Music\Amazon Music.exe
C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music\Uninstall Amazon Music.lnk - C:\Users\Sheyenne Alvarez\AppData\Local\Amazon Music\Uninstall.exe
C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Sheyenne Alvarez\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk - C:\Program Files (x86)\Microsoft Security Client\msseces.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab\ClipGrab.lnk - C:\Program Files (x86)\ClipGrab\ClipGrab.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab\Uninstall ClipGrab.lnk - C:\Program Files (x86)\ClipGrab\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flyff\Flyff - uninstall.lnk - C:\Program Files\Webzen\FlyFF\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flyff\Flyff.lnk - C:\Program Files\Webzen\FlyFF\Flyff.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse\Connect Mouse for Bluetooth.lnk - C:\Windows\Installer\{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}\Help.ico Mouse bluetoothwizard
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse\Microsoft Mouse.lnk - C:\Windows\Installer\{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}\Mouse.ico mouse cpl
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse\Mouse Healthy Computing Guide.lnk - C:\Windows\Installer\{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}\HCG.ico mouse hcg
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse\Mouse Help.lnk - C:\Windows\Installer\{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}\UserGuide.ico mouse help
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse\Quality Settings.lnk - C:\Windows\Installer\{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}\IPITP.ico /DISPLAY_TYPE SETTING /PRODUCT_TYPE IP

==== shortcuts in Quick Launch ======================

C:\Users\Dario Jr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Dario Jr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Dario Jr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Dario Jr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\hpDST.lnk - C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe
C:\Users\Dario Jr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Dario Jr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Dario Jr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP Download Store.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe http://redirect.hp.c...us&bd=all&c=111
C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP MediaSmart.lnk - C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\hpDST.lnk - C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe
C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Roman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Roman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Roman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Roman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP Download Store.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe http://redirect.hp.c...us&bd=all&c=111
C:\Users\Roman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP MediaSmart.lnk - C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Users\Roman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\hpDST.lnk - C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe
C:\Users\Roman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Roman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Roman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Roman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Riverpoint Writer.lnk - C:\Users\Sheyenne Alvarez\AppData\Roaming\Riverpoint Writer\Riverpoint.dot
C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk - C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\hpDST.lnk - C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe
C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spybot - Search & Destroy.lnk - C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Sheyenne Alvarez\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

==== shortcuts After Repair ======================

C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP Download Store.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe
C:\Users\Roman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP Download Store.lnk - C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell V715w deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dleemon.exe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WiLife Command Center deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dario Jr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dario Jr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Dario Jr\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gabriella\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gabriella\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Gabriella\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gabriella\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Roman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Roman\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sheyenne Alvarez\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sheyenne Alvarez\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Sheyenne Alvarez\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sheyenne Alvarez\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sheyenne Alvarez\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Dario Jr\AppData\Local\Mozilla\Firefox\Profiles\jxnoht0o.default\Cache emptied successfully
C:\Users\Gabriella\AppData\Local\Mozilla\Firefox\Profiles\fdnb7ntl.default\Cache emptied successfully
C:\Users\Roman\AppData\Local\Mozilla\Firefox\Profiles\ivj6ttxk.default\Cache emptied successfully
C:\Users\Roman\AppData\Local\Mozilla\Firefox\Profiles\ivj6ttxk.default\cache2 emptied successfully
C:\Users\Sheyenne Alvarez\AppData\Local\Mozilla\Firefox\Profiles\btxhxadl.default-1415987071767\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Sheyenne Alvarez\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=598 folders=113 2377200097 bytes)

==== Empty Temp Folders ======================

C:\Users\Dario Jr\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Gabriella\AppData\Local\Temp emptied successfully
C:\Users\Roman\AppData\Local\Temp emptied successfully
C:\Users\Sheyenne Alvarez\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\SHEYEN~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Sheyenne Alvarez\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8SFSFQ6P\www.miniclip.com"  not found

==== EOF on Thu 12/04/2014 at 10:56:05.71 ======================
 


  • 0

#7
sheyennelilly
Posted 04 December 2014 - 12:17 PM

sheyennelilly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

My Flash player is crashing over and over now...


  • 0

#8
Biscuithd
Posted 04 December 2014 - 12:25 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

My Flash player is crashing over and over now...

Hmmm...hadn't thought I did anything with Flash, but you never know. Uninstal the old one via Control Panel, add/remove programs.

 

Then, head over to the Adobe site here and upgrade your Flash. If that doesn't fix it, then I'll know it's something else.


  • 0

#9
sheyennelilly
Posted 04 December 2014 - 01:06 PM

sheyennelilly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

I uninstalled and re-installed and I'm still having issues.  It's crashing, I'm getting pop-ups that say Shockwave Flash may be busy or has stopped responding, and then I'm getting a box that says it can't find the plug-in and giving me the option of manually installing it. 


  • 0

#10
Biscuithd
Posted 04 December 2014 - 01:08 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Which browser(s)? It's likely that we'll have to reset them. Do you have your bookmarks and all that backed up?


  • 0

Advertisements

#11
sheyennelilly
Posted 04 December 2014 - 01:41 PM

sheyennelilly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

I use Firefox.  I tried resetting it a week or two ago after reading how on another website, and there was no improvement.  I don't know how to back up my bookmarks...

 

Okay, it told me to update Firefox so I did that.  Seems to be better now, but I've only been on for a few minutes. 


Edited by sheyennelilly, 04 December 2014 - 01:44 PM.

  • 0

#12
Biscuithd
Posted 04 December 2014 - 01:44 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I use Firefox. I tried resetting it a week or two ago after reading how on another website, and there was no improvement.

Doesn't look like it got completely reset. Don't worry, I I'll get it reset after backup you bookmarks

 

I don't know how to back up my bookmarks...

Here


  • 0

#13
sheyennelilly
Posted 04 December 2014 - 02:27 PM

sheyennelilly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

Sorry, but when I click that link it just takes me to the top of this page.  Am I missing something?


  • 0

#14
Biscuithd
Posted 04 December 2014 - 02:37 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Let's try again. Here


  • 0

#15
sheyennelilly
Posted 04 December 2014 - 02:41 PM

sheyennelilly

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts

Thank you.  Bookmarks are backed up in an html file now.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP