Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

contacting ox-social.bidsystem.com..Virus?


  • Please log in to reply

#1
ksitech

ksitech

    New Member

  • Member
  • Pip
  • 6 posts
For the last few weeks I have been getting the following message when deleting junk emails from Outlook 2010
"contacting ox-social.bidsystem.com\w\1.0"
It does not happen all the time, but when it does it hangs up Outlook for several minutes. I have no idea what it is doing during that time.
I have run a total system scan using Microsoft Security Essentials...it found nothing.
I have run a total system scan using Norton 360...it found nothing.

Does anyone know what this is and how I can get rid of it?

TIA
Mike

Edited by ksitech, 30 April 2013 - 07:03 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Could you provide an OTL log so I can see what is going on? Step 2 in the top post in this forum.
http://www.geekstogo...cleaning-guide/

If you get an Extras log please add it too.

Ron
  • 0

#3
ksitech

ksitech

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for the quick response. Here are the logs. I did get and Extras log...

OTL logfile created on: 5/1/2013 8:46:26 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mike\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.23 Gb Available Physical Memory | 53.77% Memory free
12.00 Gb Paging File | 7.36 Gb Available in Paging File | 61.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172.79 Gb Total Space | 98.43 Gb Free Space | 56.96% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 208.40 Gb Free Space | 71.13% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 112.88 Gb Free Space | 24.24% Space Free | Partition Type: NTFS
Drive H: | 74.52 Gb Total Space | 13.18 Gb Free Space | 17.68% Space Free | Partition Type: NTFS
Drive I: | 2794.51 Gb Total Space | 1619.91 Gb Free Space | 57.97% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 144.91 Gb Free Space | 31.11% Space Free | Partition Type: NTFS

Computer Name: WIN7-ULT-64 | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/01 08:45:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mike\Desktop\OTL.exe
PRC - [2013/04/11 22:40:10 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/04/01 21:48:11 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013/02/18 15:57:10 | 000,611,400 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_user_customer.exe
PRC - [2013/02/18 15:57:10 | 000,611,400 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_system_customer.exe
PRC - [2013/02/18 15:57:10 | 000,611,400 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_service.exe
PRC - [2013/02/18 15:57:10 | 000,611,400 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_comm_customer.exe
PRC - [2013/02/12 13:03:42 | 000,611,400 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\498\g2ax_user_expert.exe
PRC - [2013/02/12 13:03:42 | 000,611,400 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\498\g2ax_start.exe
PRC - [2013/02/12 13:03:42 | 000,611,400 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\498\g2ax_comm_expert.exe
PRC - [2012/12/23 23:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccsvchst.exe
PRC - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/04/02 16:50:14 | 000,351,888 | ---- | M] (NDS Technologies) -- C:\Users\mike\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
PRC - [2012/04/02 16:49:58 | 000,686,208 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
PRC - [2012/03/28 21:54:08 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/06/16 17:00:28 | 000,315,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/03/09 01:49:43 | 000,422,912 | ---- | M] () -- C:\Program Files (x86)\UPS\WSTD\WSTDMessaging.exe
PRC - [2010/12/09 15:40:28 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\UPS\WSTD\UPSNA1Msgr.exe
PRC - [2010/10/12 18:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 18:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/10/12 17:44:00 | 000,071,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
PRC - [2010/05/21 14:40:36 | 000,746,864 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2010/05/21 14:40:24 | 001,406,320 | ---- | M] (Flexera Software, Inc.) -- C:\ProgramData\FLEXnet\Connect\11\agent.exe
PRC - [2009/10/13 14:00:00 | 000,495,432 | R--- | M] (WinZip Computing, S.L.) -- H:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/01/06 23:25:02 | 000,689,464 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2009/01/06 23:24:54 | 000,656,696 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2008/04/23 03:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/02/28 19:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2006/12/19 11:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/11 22:40:10 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/04/01 21:48:11 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\wincfi39.dll
MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012/04/02 16:52:04 | 000,091,240 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\z.dll
MOD - [2012/04/02 16:51:50 | 001,402,488 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\libxml2-2.dll
MOD - [2012/04/02 16:51:32 | 000,688,264 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
MOD - [2012/04/02 16:50:40 | 006,809,720 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\gsttspplugin.dll
MOD - [2012/04/02 16:50:30 | 000,273,528 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\ndsLogStore.dll
MOD - [2012/04/02 16:50:24 | 000,051,864 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\boost_thread-vc90-mt-1_39.dll
MOD - [2012/04/02 16:50:22 | 002,049,152 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\XferManagerDll.dll
MOD - [2012/04/02 16:50:20 | 001,945,704 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\TSB.dll
MOD - [2012/04/02 16:50:08 | 002,721,920 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\PCShowServerDll.dll
MOD - [2012/04/02 16:49:58 | 000,686,208 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
MOD - [2012/04/02 16:49:56 | 001,988,216 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\DrmSingleton.dll
MOD - [2012/04/02 16:49:52 | 001,226,872 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\CatalogDll.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/09 01:49:43 | 000,422,912 | ---- | M] () -- C:\Program Files (x86)\UPS\WSTD\WSTDMessaging.exe
MOD - [2010/12/09 15:40:28 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\UPS\WSTD\UPSNA1Msgr.exe
MOD - [2010/12/09 15:40:26 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\UPS\WSTD\POLICYMGR\UPS.Components.NA1MessengerServer.dll
MOD - [2010/12/09 15:39:44 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\UPS\WSTD\POLICYMGR\Microsoft.ApplicationBlocks.Data.dll
MOD - [2010/12/09 15:39:42 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\UPS\WSTD\POLICYMGR\UPS.Components.PolicyHolder.dll
MOD - [2010/12/09 14:57:30 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\UPS\WSTD\UPSResourceManager.dll
MOD - [2010/11/07 09:35:18 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7e94064464380c8a5d7315c8b5d312aa\System.EnterpriseServices.ni.dll
MOD - [2010/11/07 09:35:17 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\935ac020241e59cab3287d5eb38c592d\System.Data.ni.dll
MOD - [2010/11/07 09:35:17 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\c744f0f95227e75796b8689801740d4b\System.Transactions.ni.dll
MOD - [2010/11/07 09:34:56 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll
MOD - [2010/11/07 09:34:51 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll
MOD - [2010/11/07 09:34:34 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll
MOD - [2010/11/07 09:34:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll
MOD - [2010/11/07 09:34:30 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll
MOD - [2010/11/07 09:34:25 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll
MOD - [2009/07/13 17:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 17:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2009/06/10 17:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/10 17:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/06/24 22:16:40 | 000,140,152 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files\SQL Anywhere 11\Bin64\dbsrv11.exe -- (SQLANYs_shopmate)
SRV:64bit: - [2010/11/11 15:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 15:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2002/10/28 20:10:12 | 000,077,824 | ---- | M] (iAnywhere Solutions, Inc.) [On_Demand | Stopped] -- C:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe -- (ASANYs_sm_ver8)
SRV - [2013/04/11 22:40:10 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/01 21:48:11 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/18 15:57:10 | 000,611,400 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_service.exe -- (GoToAssist Remote Support Customer)
SRV - [2012/12/23 23:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe -- (N360)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/03/28 21:54:08 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2012/01/24 10:02:53 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\759\g2aservice.exe -- (GoToAssist)
SRV - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/02/09 17:24:30 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$UPSWSDBSERVER)
SRV - [2009/01/06 23:25:02 | 000,689,464 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2006/12/19 11:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/26 08:29:54 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/01/30 23:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/01/30 23:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/01/28 21:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/01/28 21:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/01/21 22:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds64.sys -- (SymDS)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/15 22:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/11/15 22:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/18 13:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/10/24 22:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/07/14 13:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/07 14:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 14:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/04/25 19:59:02 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130430.024\ex64.sys -- (NAVEX15)
DRV - [2013/04/25 19:59:02 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/04/25 19:59:02 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220)
DRV - [2013/04/25 19:59:02 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130430.024\eng64.sys -- (NAVENG)
DRV - [2013/04/25 15:32:44 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130430.002\IDSviA64.sys -- (IDSVia64)
DRV - [2013/04/12 19:53:05 | 001,390,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130412.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/12/18 11:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF 30 BA 76 7A 42 CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rchTerms}&r=531
IE - HKCU\..\SearchScopes\{34DB3D0C-8393-4CEA-AF98-E99EC2BC8C7A}: "URL" = http://www.google.co...1I7ADFA_enUS404
IE - HKCU\..\SearchScopes\{6350963F-6D18-4CFB-A86D-584FC1D59E01}: "URL" = http://search.yahoo....1042,6901,0,8,0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...ct=sb&qsrc=2869
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://ksitech.com/home.html"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Users\mike\AppData\Local\DIRECTV Player\npPCShowPlugin.dll (NDS)
FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\mike\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mike\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mike\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\mike\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn\ [2013/04/26 08:30:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\ [2013/04/26 09:06:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/11 22:40:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/03/31 10:08:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Extensions
[2013/04/25 09:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\cqqcemt4.default\extensions
[2013/04/11 22:40:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/11 22:40:10 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/03/07 10:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/07 10:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe (American Power Conversion Corporation)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [NA1Messenger] C:\Program Files (x86)\UPS\WSTD\UPSNA1Msgr.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Installer] "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r install /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" /w File not found
O4 - HKCU..\Run: [GoToAssist Express Expert] C:\Program Files (x86)\Citrix\GoToAssist Express Expert\403\g2ax_start.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\Run: [GoToAssist Remote Support Expert] C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\498\g2ax_start.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [PCShowServer] C:\Users\mike\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe (NDS Technologies)
O4 - HKCU..\Run: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: globalsign.com ([system] https in Trusted sites)
O15 - HKCU\..Trusted Domains: globalsign.com ([systemeu] https in Trusted sites)
O15 - HKCU\..Trusted Domains: globalsign.com ([www] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.3.0.cab (SysInfo Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007 (Performance Viewer Activex Control)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADEBE017-AFB5-4194-99B3-D1A1C6AD25AE}: DhcpNameServer = 65.32.5.111 65.32.5.112
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\759\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\759\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_winlogonx64.dll) - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/03/11 04:25:46 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/03 16:26:03 | 000,004,845 | ---- | M] () - H:\AutoIssue Log Sample.pdf -- [ NTFS ]
O32 - AutoRun File - [2010/02/15 00:53:50 | 000,000,027 | ---- | M] () - I:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/08/17 19:33:34 | 000,000,141 | ---- | M] () - J:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/01 08:45:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mike\Desktop\OTL.exe
[2013/04/29 14:27:11 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\CrashDumps
[2013/04/26 17:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013/04/26 11:56:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/04/26 08:57:35 | 001,139,800 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa64.sys
[2013/04/26 08:57:35 | 000,796,248 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.sys
[2013/04/26 08:57:35 | 000,493,656 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds64.sys
[2013/04/26 08:57:35 | 000,432,800 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnets.sys
[2013/04/26 08:57:35 | 000,224,416 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ironx64.sys
[2013/04/26 08:57:35 | 000,168,096 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.sys
[2013/04/26 08:57:35 | 000,036,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.sys
[2013/04/26 08:57:35 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symelam.sys
[2013/04/26 08:57:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1403010.016
[2013/04/26 08:29:54 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/04/26 08:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/04/26 08:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/04/26 08:28:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2013/04/26 08:28:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013/04/26 08:28:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2013/04/26 08:28:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/04/25 10:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/04/24 16:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2013/04/13 11:55:34 | 000,000,000 | ---D | C] -- C:\Users\mike\Documents\MFM Images
[2013/04/11 22:40:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/01 21:52:00 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\Macromedia
[2013/04/01 17:00:12 | 000,000,000 | ---D | C] -- C:\test
[31 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/01 08:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/01 08:45:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mike\Desktop\OTL.exe
[2013/05/01 08:07:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1716187155-4178444909-2937509915-1000UA.job
[2013/05/01 07:57:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/30 21:57:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/30 10:07:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1716187155-4178444909-2937509915-1000Core.job
[2013/04/29 15:46:20 | 000,005,522 | ---- | M] () -- C:\Windows\ODBC.INI
[2013/04/29 14:38:46 | 000,000,881 | ---- | M] () -- C:\Users\mike\.jlogon11
[2013/04/29 05:45:44 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/29 05:45:44 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/28 20:01:31 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (SD).job
[2013/04/28 20:00:01 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/04/28 09:40:26 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/04/26 16:07:29 | 000,896,258 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/26 16:07:29 | 000,749,936 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/26 16:07:29 | 000,146,544 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/26 09:06:27 | 001,164,001 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\Cat.DB
[2013/04/26 09:05:42 | 000,002,238 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/04/26 08:29:54 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/04/26 08:29:54 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/04/26 08:29:54 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/04/25 15:29:24 | 000,000,259 | ---- | M] () -- C:\Windows\wstdUPSWSHIP.INI
[2013/04/25 15:25:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/25 15:25:04 | 536,207,359 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/25 15:12:32 | 000,002,270 | ---- | M] () -- C:\Users\mike\Desktop\Resume ZoneAlarm Security Install.lnk
[2013/04/24 16:34:46 | 000,002,082 | -H-- | M] () -- C:\Users\mike\Documents\Default.rdp
[2013/04/24 14:52:00 | 810,758,144 | ---- | M] () -- C:\Users\mike\Desktop\shopmate.db
[2013/04/10 13:07:39 | 000,002,366 | ---- | M] () -- C:\Users\mike\Desktop\Google Chrome.lnk
[2013/04/05 14:57:41 | 000,213,515 | ---- | M] () -- C:\Users\mike\Desktop\jb_status_det.pdf
[2013/04/05 14:54:49 | 000,056,717 | ---- | M] () -- C:\Users\mike\Desktop\4-5-2013 2-54-16 PM.pdf
[2013/04/03 04:21:26 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\isolate.ini
[2013/04/02 15:34:20 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/04/01 17:19:42 | 000,000,049 | ---- | M] () -- C:\Users\mike\Desktop\no-stealing.gif
[31 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/26 09:06:00 | 001,164,001 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\Cat.DB
[2013/04/26 08:58:19 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\VT20130115.021
[2013/04/26 08:57:35 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symelam64.cat
[2013/04/26 08:57:35 | 000,007,611 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.cat
[2013/04/26 08:57:35 | 000,007,601 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnet64.cat
[2013/04/26 08:57:35 | 000,007,593 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\iron.cat
[2013/04/26 08:57:35 | 000,007,589 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.cat
[2013/04/26 08:57:35 | 000,007,587 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa64.cat
[2013/04/26 08:57:35 | 000,007,585 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.cat
[2013/04/26 08:57:35 | 000,007,581 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds64.cat
[2013/04/26 08:57:35 | 000,003,434 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa.inf
[2013/04/26 08:57:35 | 000,002,852 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds.inf
[2013/04/26 08:57:35 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnet.inf
[2013/04/26 08:57:35 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.inf
[2013/04/26 08:57:35 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.inf
[2013/04/26 08:57:35 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symelam.inf
[2013/04/26 08:57:35 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.inf
[2013/04/26 08:57:35 | 000,000,767 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\iron.inf
[2013/04/26 08:57:18 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\isolate.ini
[2013/04/26 08:29:54 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/04/26 08:29:54 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/04/26 08:29:46 | 000,002,238 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/04/25 10:01:45 | 810,758,144 | ---- | C] () -- C:\Users\mike\Desktop\shopmate.db
[2013/04/24 17:10:53 | 000,002,270 | ---- | C] () -- C:\Users\mike\Desktop\Resume ZoneAlarm Security Install.lnk
[2013/04/05 14:57:02 | 000,213,515 | ---- | C] () -- C:\Users\mike\Desktop\jb_status_det.pdf
[2013/04/05 14:54:16 | 000,056,717 | ---- | C] () -- C:\Users\mike\Desktop\4-5-2013 2-54-16 PM.pdf
[2013/04/02 15:34:20 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/04/02 15:34:20 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/01/23 08:12:06 | 000,009,584 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2013/01/22 17:58:48 | 000,224,092 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/09/11 15:25:33 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\pdfdf.dll
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/01/24 10:02:49 | 000,102,248 | ---- | C] () -- C:\Users\mike\GoToAssistDownloadHelper.exe
[2011/10/28 17:44:08 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/26 11:49:16 | 000,000,259 | ---- | C] () -- C:\Windows\wstdUPSWSHIP.INI
[2011/04/26 23:17:34 | 000,003,584 | ---- | C] () -- C:\Users\mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/31 14:44:02 | 000,003,817 | ---- | C] () -- C:\Users\mike\.SybaseCentralEditor
[2011/03/14 09:24:03 | 000,000,349 | ---- | C] () -- C:\Users\mike\.isqlSettings
[2011/03/09 17:37:11 | 000,003,950 | ---- | C] () -- C:\Users\mike\.SybaseCentralEditor600
[2011/02/28 16:35:46 | 000,000,149 | ---- | C] () -- C:\Users\mike\helpManager.lst
[2011/02/28 16:31:50 | 000,000,585 | ---- | C] () -- C:\Users\mike\.jlogon
[2011/02/28 16:30:23 | 000,000,601 | ---- | C] () -- C:\Users\mike\.scUserPreferences41
[2011/01/11 10:18:00 | 000,015,193 | ---- | C] () -- C:\Users\mike\.isqlHistory11
[2011/01/11 10:17:59 | 000,003,715 | ---- | C] () -- C:\Users\mike\.isqlPreferences11
[2011/01/10 11:21:10 | 000,112,784 | ---- | C] () -- C:\Users\mike\g2ax_expert_downloadhelper_win32_x86.exe
[2010/12/09 11:55:47 | 000,060,304 | ---- | C] () -- C:\Users\mike\g2mdlhlpx.exe
[2010/11/09 18:35:45 | 000,000,318 | ---- | C] () -- C:\Users\mike\.QueryEditor11
[2010/11/09 14:27:43 | 000,110,456 | ---- | C] () -- C:\Users\mike\g2ax_customer_downloadhelper_win32_x86.exe
[2010/11/05 08:59:47 | 000,000,193 | ---- | C] () -- C:\Users\mike\.DBConsole11
[2010/11/04 17:31:38 | 000,000,881 | ---- | C] () -- C:\Users\mike\.jlogon11

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 10:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 10:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/08/01 10:36:10 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Avery
[2012/05/28 16:20:55 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/10 09:59:04 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\ComponentOne
[2011/01/20 11:13:44 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Forte
[2012/05/29 20:10:46 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Garmin
[2011/02/18 12:27:31 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\GetRightToGo
[2011/04/26 14:53:34 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\HandBrake
[2012/02/08 16:27:53 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\HDRsoft
[2010/11/12 15:24:11 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\ICAClient
[2011/01/28 18:32:43 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Leadertech
[2012/02/09 17:14:43 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Memeo
[2012/08/19 17:26:35 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\onOne Software
[2012/01/13 12:24:47 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\PDF Writer
[2011/02/12 11:25:50 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\RhinoSoft.com
[2011/06/29 15:59:05 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\shop mate
[2011/08/11 16:51:59 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\SmartDraw
[2011/01/24 12:03:56 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Stamps.com Internet Postage
[2012/10/20 22:36:25 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Stellarium
[2011/01/14 15:07:19 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\TightVNC
[2013/04/25 14:16:52 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\webex

========== Purity Check ==========



< End of report >





OTL Extras logfile created on: 5/1/2013 8:46:26 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mike\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.23 Gb Available Physical Memory | 53.77% Memory free
12.00 Gb Paging File | 7.36 Gb Available in Paging File | 61.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172.79 Gb Total Space | 98.43 Gb Free Space | 56.96% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 208.40 Gb Free Space | 71.13% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 112.88 Gb Free Space | 24.24% Space Free | Partition Type: NTFS
Drive H: | 74.52 Gb Total Space | 13.18 Gb Free Space | 17.68% Space Free | Partition Type: NTFS
Drive I: | 2794.51 Gb Total Space | 1619.91 Gb Free Space | 57.97% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 144.91 Gb Free Space | 31.11% Space Free | Partition Type: NTFS

Computer Name: WIN7-ULT-64 | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.ini [@ = UltraEdit.ini] -- H:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe (IDM Computer Solutions, Inc.)
.txt [@ = UltraEdit.txt] -- H:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe (IDM Computer Solutions, Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{091B2057-0064-4A1D-94C9-57427A688E02}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{0B54B851-F371-4D12-A3D3-6C43754FABD2}" = lport=445 | protocol=6 | dir=in | app=system |
"{15305DB6-CFF1-400D-AA29-B0CC47FA5755}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{19AD4BDE-5142-4D5B-9302-B5F3C6E6B83C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{19ADD528-9E48-4A3B-BA1F-9F3B2D1ADABE}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1B457106-E72E-4F1E-B0F5-CB29BF3ED685}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1F0EECC0-CF48-48A7-89C9-29FCAECFCD7D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2506CAEA-ED2A-4823-8E9B-ED9A5AC6B184}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{27BE0484-C1A7-422B-BE67-204690F64F09}" = lport=10244 | protocol=6 | dir=in | app=system |
"{2BF41C8A-EE49-47E8-B2FF-718B564655F6}" = lport=3390 | protocol=6 | dir=in | app=system |
"{2F2A0F59-A9E3-407C-B60E-5594D7A96B0A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{30906D77-7A3D-4268-B83A-F0702F290A6C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{32DEB950-E7EF-4ADF-9ABC-7567E0D4DEBC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{34FD7790-ECA0-488C-97A3-17F92A307417}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3FFC2ECF-1238-4235-A5F4-493E6D8A7389}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{446F5371-05A5-4B09-84CC-1F4BE42D5702}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4EB52612-3856-4D03-A5CC-F6FC4036B6D8}" = rport=138 | protocol=17 | dir=out | app=system |
"{4FC6551C-1B84-48D9-92B8-D1058BD7D811}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52B774D2-7A5D-4D45-AF47-ED137BC6B422}" = lport=139 | protocol=6 | dir=in | app=system |
"{581FE1B2-8875-4BB3-A010-827DC7954F2D}" = lport=10244 | protocol=6 | dir=in | app=system |
"{5C09FAB3-D1EC-4058-8C76-CD2D74D88E18}" = rport=137 | protocol=17 | dir=out | app=system |
"{5DD22951-A148-4D0A-9594-474A9DDABFA0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6A70399D-0C11-488D-BC7C-88A3DA828CFB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6C6714F0-BAE9-4F11-AB40-04AC7C773323}" = rport=10243 | protocol=6 | dir=out | app=system |
"{79AE0701-2DCF-4464-A28B-951CFB1926B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7C7E0643-0FD2-4063-A88A-9A2EA2ECCF33}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{802DD9A9-AD57-4DD2-8079-F3AF8EE67052}" = lport=2869 | protocol=6 | dir=in | app=system |
"{872E9AA6-9E6C-4262-BF27-734B27098898}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{89647016-3CC4-4D85-83BA-4F47C4EFCCDE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89A24F27-A6F6-43AF-867A-8F7912723AA1}" = rport=445 | protocol=6 | dir=out | app=system |
"{8E5709DA-8034-4223-B3C9-99222B493778}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{90A96EA4-974B-4D47-8936-1C2B0A34AEB7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{934D2F53-9700-4252-9E27-E9B7BB4E092A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93EEBB79-11EE-4F38-8566-A6A06C85407C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{983915FC-A2C0-40AB-B06C-1E4F03B8C21A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9A851C0C-9310-4738-B638-5D5E23F7ECCE}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9FAD345C-CA41-4F5C-9439-16B35B45560C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A58D619F-C35C-4178-BD0E-FDF4E203EF9C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A5B2DC07-69F1-4F38-877A-595CEF262C1E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B4B85ACF-E8E9-44C9-9EF5-098197CE24AD}" = rport=139 | protocol=6 | dir=out | app=system |
"{B5654E1C-D9BB-48CB-8096-7974C22904DB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C92C8A3B-9F47-48D4-B1AF-D51DDC7A778A}" = lport=138 | protocol=17 | dir=in | app=system |
"{DABBEB38-9BDA-4935-8775-F46D012DE8A0}" = lport=3390 | protocol=6 | dir=in | app=system |
"{DBE89F22-CA01-463C-B7BA-CF8484055E81}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E67E2C5C-D3AD-4831-8A7F-B97BA5208C54}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{F82F00A6-A204-4893-B50B-3CD1B099A2E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F868B6EB-70E2-4E71-81AA-79AD1FAA2348}" = lport=137 | protocol=17 | dir=in | app=system |
"{F9EA7DC8-ABD6-44AC-8E19-12EE789C555C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0483B564-945E-4CE8-846B-15DE59E7C093}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0A532F26-3EB9-47C3-A6D2-0599F63A09E1}" = dir=in | app=h:\program files\skype\phone\skype.exe |
"{1057683D-8D4A-437B-8193-D17F3D41D97A}" = dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe |
"{10E10F26-0F79-406A-9551-6D1D4AFD056A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{12077DD3-2B91-4AB0-9DF9-2CCFB166F111}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{1ACF7E2E-E8B3-4B97-9446-62B8CB48C720}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1EFF2439-1C62-465F-8CA2-3C24928A559C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2484D51C-73F4-48F9-A8AB-68F5A0ED7358}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{31488C5B-23B8-4256-A75F-26CAD312F5AD}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{33DC6DF6-FFA1-4423-B3D6-0ADDA58CB9A4}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{3528AC4E-0722-40C3-AC18-C828EBD769D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4EC1FF64-951C-4035-AA08-4BE357DC08BC}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{53EA5461-9957-44EE-8AEF-49042E191BD4}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{59435239-CEEF-4505-AC9E-E43A29478502}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5C2946F6-3F3C-41B1-B258-8D68EB518818}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5C3BDBFB-E423-40C0-BFDF-E90D3487D644}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{607EDAF3-E9A5-4D5B-B343-CFB993E9F350}" = dir=in | app=h:\program files\skype\phone\skype.exe |
"{64BFC553-F7E6-4FDF-81C8-D079CD6B8AE5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{67CF793B-B538-4A8F-8B80-A02C94F4AF7C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{682378F2-C097-40EE-921E-7EEBD40F738E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68DA2BC1-59E7-4887-A8AA-2266705E30BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A228667-FC62-49B6-ABF0-C7C6DD898211}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{6B844ECF-0B5C-4A55-8F24-3BFBFADDCF3D}" = protocol=6 | dir=out | app=system |
"{71265A06-2B5A-4DC8-9595-1D7A2B109444}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{7845903F-C33D-4040-81BE-DD5C9C3FFF42}" = protocol=1 | dir=in | [email protected],-28543 |
"{7F32EED1-946F-4327-B820-024F4944BA94}" = protocol=1 | dir=out | [email protected],-28544 |
"{821CAF38-A676-41F9-A0B7-A41C6992F174}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{88A87243-B881-4823-8446-36EFEFA5A71F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8D4EA807-9DD2-4E68-9AA9-304B4D45216D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{9D13CD4D-9935-491B-B117-576518B474D5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9FD26404-410D-4AD6-A836-C933784B4563}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A0D989D6-C51D-4F38-A324-D8970B5CBB89}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A61BDA63-6ACE-4285-BAFC-5AF5AD79F76F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A70E988F-4726-4B0A-956B-35C10E212159}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A7957E9E-C8CC-4127-A24F-382C4E5CC3EB}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{A9C70232-6848-4761-AD69-0D431A23CF86}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B6FE144E-2C67-485D-B61B-82A086948C5D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B8C9F8CD-9D54-414F-8340-EDCFBDAB7CCE}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{BBAFE317-3D22-4AAC-B27C-8AC21FA70481}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BBD723F2-56FE-4A75-B84D-9B61B2EB884F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BE36E3C7-4D01-4481-B887-88714BD410AB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C090F145-A5E1-416D-8E79-5FD608BA257C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{CCD99FA3-BD1C-4F7A-83D4-663D9A4C634F}" = protocol=58 | dir=out | [email protected],-28546 |
"{DD9046F2-32C3-40BB-952A-6B65BE506ACF}" = protocol=58 | dir=in | [email protected],-28545 |
"{EC208EC1-FA0E-40D0-9F22-DCB9925FB686}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EFC23F56-0949-449E-AA4E-5E0D73B39C71}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F056F80C-D2E5-48BF-A545-A8B3D93F09EC}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{F15F4B58-77EA-4296-A8F8-80952D46FFAF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F7F2835E-3DDD-4CAC-AEB6-49F23035F68A}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F9DA37FF-6E0F-400F-8BB0-569DCADC6966}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{1111706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 (64-bit)
"{2222706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java™ 7 Update 5 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{64A3A4F4-B792-11D6-A78A-00B0D0170050}" = Java SE Development Kit 7 Update 5 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{70BF6489-4E33-4AFE-90B6-9A8120E6EEA5}" = HP Officejet 6500 E710n-z Product Improvement Study
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}" = Microsoft Image Composite Editor
"{BF09A017-54F4-46BC-AF54-F6DA0D7486D3}" = HP Officejet 6500 E710n-z Basic Device Software
"{C92556F2-4950-48CF-ABA3-F0026B05BCE8}" = Microsoft SQL Server 2005 Backward compatibility
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{ECE263B0-6C8B-404C-B4AC-8FAB1C87AB4A}" = SQL Anywhere 11
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1338
"EPSON WorkForce 1100 Series" = EPSON WorkForce 1100 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"PhotomatixPro41x64_is1" = Photomatix Pro version 4.1.4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0582541B-B456-4CA5-9556-DC2D9CCFE128}" = Surface Central
"{05B613D1-7BD6-4DFA-B54F-1758CD7D71ED}" = SQL Anywhere Studio 8
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0F1F7A90-E71B-4E45-A066-2891619F22E1}" = Citrix online plug-in (PNA)
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{14CD4651-23C3-4D99-9A13-D1DBE4835E16}" = MYOB AccountRight Premier v19
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{1B095252-5EFC-4C63-B982-0519FEAB2F40}" = SQL Anywhere 8 Documentation
"{20CB9D18-1A41-4872-93DA-5895690D6400}" = Shop Mate 6.36 Minor Patch 130308.1
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{26BD952D-11DA-49A2-A962-FB77223A5968}" = Sybase InfoMaker 11.2
"{27C871A0-85C2-4000-971A-DA9391A9A15B}" = KSI HelpDesk
"{2A033A00-FE0D-4609-B0E8-2C49CC494FC8}" = WorldShip
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (UPSWSDBSERVER)
"{2BEB418E-559F-41BD-9C25-D1A8B13F5707}" = Solutions::Schedule for COM
"{2CF4F553-5E00-42DC-85AB-9A1A29C7D9D2}" = Citrix online plug-in (SSON)
"{33035862-543C-4405-9CC6-08593CF2C25F}" = ReportServer
"{34A57696-4662-4D51-A853-F661432FAFD1}" = Shop Mate 6.36 Minor Patch 130429.1
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{390160B4-D276-4A04-8002-8D3101A0D367}" = UPSICC
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3BF8BEA2-7AD4-46BD-8D26-1BADC3A13EF1}" = Shop Mate 6.36 Minor Patch 120404.1
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C5F1B30-B10B-4579-86DD-D00F662E1033}" = Nero 8
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{41BDF476-7DBD-4E92-B686-B16411C23582}" = Shop Mate 6.36 Minor Patch 130321.1
"{427287F5-7B11-4B6F-A2EB-8035759EFB11}" = Shop Mate 6.36 Minor Patch 121217.1
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB7EAF9-376C-4192-A768-AC92698C231C}" = Shop Mate 6.36 Minor Patch 130225.1
"{4AE3EAC8-FAD9-4ECC-A339-BBAD8C72DE71}" = UPSDB
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{55D5A77E-FAAA-4358-B3E5-6565E024F78B}" = MYOB ODBC Direct v10 AUS
"{56B59C2A-EFB8-44AC-88F5-3280171E4522}" = PolicyManager
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57C39411-6747-489C-A226-46885FB0D2D0}" = DriverBoost
"{59679381-3F22-4A40-A7AD-890242D74DF4}" = Perfect Photo Suite 6.1
"{5AE59A84-B2F3-42CC-A246-5AF80F6EE770}" = Reconciler
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5DAF3885-4E24-49D9-ADBF-D3E57C67095D}" = Shop Mate Client 6.35.110208
"{5F3783B7-F809-45A7-8A92-A44B441FDA7C}" = DIRECTV Player
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{68AF09E3-1167-4771-903C-CCCDCF7E171C}" = NRF
"{68EDC987-51D7-4A59-97C7-75968442520C}" = Shop Mate 6.36 Minor Custom 120517.1
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{6C888F91-0FE5-4C04-AC27-3939E5D24B32}" = Shop Mate 6.36 Minor Custom 130104.1
"{6E16EB5A-2EAA-49AF-A386-69DFDAE9A179}" = Edro_MWO
"{6FD6E369-45A1-4114-818F-4AD179916DB9}" = InstallShield 2011 with Hotfix A
"{728CC0E3-2241-4FB6-A5F4-C3F35C51376E}" = Shop Mate 6.36 Minor Patch 120404.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779F647C-D06B-45F8-8C67-5D9F50DD016E}" = test_ini
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{788FB789-FA76-404C-901B-7CBAFBD193FC}" = Shop Mate 6.36 Minor Patch 130116.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79851D13-F370-4026-848C-75B8E603B32E}" = Shop Mate 6.36 Minor Patch 130327.1
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{87801901-864F-45F6-B4C8-30BD6B6310B8}_is1" = Fingerprint SDK 2009
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5BD501-AD5D-4A75-9321-076509B438FC}" = WebHelp
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{953BF5B8-7855-11D4-B53F-00C04F79501F}" = Sybase InfoMaker 8.0
"{95749C5B-BC37-41E3-8D39-EEF4C21A2825}" = CCC
"{95BFC573-7D09-46C9-B458-A75BA947FFCB}" = UPSVC2008MM
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A5763105-D1D5-4862-A3FE-EC058F9AA73E}" = ICCHelp
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B440D659-FECA-4BDD-A12B-5C9F05790FF3}" = Snagit 9.1.2
"{B8A939D7-58A3-45F7-9B18-43299F80E0CE}" = Shop Mate 6.36 Minor Patch 120821.1
"{BC728F95-2D3F-4D05-9E1E-F2A3CEBF3FE8}" = FormsComponent
"{C23415D8-FE94-4F52-B5C4-0FFA2202C6D9}" = UPSVCMM
"{C30E30A6-0AB5-470A-AB67-D322938F5429}" = SupportUtility
"{C4FA4BD3-C5F8-4337-8E50-1EE464BF9A39}" = Shop Mate 6.36 Minor Patch 120307.1
"{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant
"{C9D43B38-34AD-4EC2-B696-46F42D49D174}" = MSIChecker
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CF2962CB-E3E7-4AA5-B6CE-EE59A600ECBE}" = UnifiedPrinting
"{D1210D67-4001-40F1-94AE-232A89C66F2E}" = Sybase PowerBuilder 11.2
"{D22ED12F-19C4-4F18-997F-F328CF804E91}" = PowerBuilder 11.1
"{D44E7219-947E-4F1B-830E-66EF11ACC543}" = NA1Messenger
"{D88DF8F0-B749-4D26-AFBC-A6E588099793}" = Sybase PowerDesigner 15.0
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DB2C58E0-6284-4B48-97F2-22A980B6360B}" = System
"{E2486DE6-CC2E-48C0-AD20-C2C142FA1636}" = APC PowerChute Personal Edition v2.2
"{E2A3C282-BFB0-4A46-8D9A-F867FFA372D7}" = Shop Mate 6.36 Minor Patch 121219.1
"{E306E26C-DE4C-4E69-9A5F-F9F8BB240F33}" = SQL Anywhere 11 Documentation (English)
"{E358CC1E-4953-4E27-ADEB-8B27D8BBC20E}" = UPSlinkHTTP
"{E7A94DD5-E169-45A5-8B6C-ABFB5EAFAA6C}" = Shop Mate 6.36 Minor Custom 120813.1
"{EA9629DA-5715-48BA-B054-28169702B176}" = FOSS
"{EB4CC121-3397-4C7A-99A0-B70164E72D0E}" = Shop Mate 6.36 Minor Patch 130102.1
"{EC13ED5F-207B-4260-B637-A7E073581305}" = Shop Mate 6.36 Minor Patch 121220.1
"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}" = HP Officejet 6500 E710n-z Help
"{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F4A99139-821F-48E1-8435-3FA87D587204}" = Shop Mate 6.36 Minor Patch 130225.1
"{F8BAF421-F742-4B67-942B-21A1F3788034}" = InfoMaker 11.1
"{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
"{FA5DC0D6-D7EC-43CF-A723-367E25B437AB}" = Shop Mate 6.36 Minor Patch 120912.1
"{FB0628CC-8CDA-4BE0-B463-9E4CFBF6BDF7}" = Shop Mate 6.36 Minor Patch 120806.1
"{FBF93039-71F2-4F28-BFAC-646A97A44D1D}" = Shop Mate 6.36 Minor Patch 120430.1
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows 7 Signed Files
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Android SDK Tools" = Android SDK Tools
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CitrixOnlinePluginFull" = Citrix online plug-in
"ComponentOne Doc-To-Help 6.0" = ComponentOne Doc-To-Help
"Forte Agent" = Forté Agent
"FTP Voyager_is1" = FTP Voyager 15.2
"GoToAssist" = GoToAssist Corporate
"GoToAssist Express Customer" = GoToAssist Customer 1.6.0.498
"HDR Darkroom" = HDR Darkroom Windows Version v2.2.0
"InstallShield_{14CD4651-23C3-4D99-9A13-D1DBE4835E16}" = MYOB AccountRight Premier v19
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"InstallShield_{55D5A77E-FAAA-4358-B3E5-6565E024F78B}" = MYOB ODBC Direct v10 AUS
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"Network MagicUninstall" = Network Magic
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Professional 2010
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"PST Walker_is1" = PST Walker 5.09.1
"SmartDraw 2008" = SmartDraw 2008
"Stamps.com" = Stamps.com
"Stellarium_is1" = Stellarium 0.11.4
"UPS WorldShip" = UPS WorldShip
"vShare" = vShare Plugin

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToAssist Remote Support Expert" = GoToAssist Expert 1.6.0.498
"GoToMeeting" = GoToMeeting 5.1.0.880
"NetAssistant 3.8.3" = Freeze.com NetAssistant

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/29/2013 2:33:03 PM | Computer Name = WIN7-ULT-64 | Source = SQLANY64 11.0 | ID = 1
Description = SQLANYs_shopmate: Cannot access "G:\SM_Custom_11\SpSpring\Database\shopmate.db":
file does not exist

Error - 4/29/2013 2:33:08 PM | Computer Name = WIN7-ULT-64 | Source = SQLANY64 11.0 | ID = 1
Description = SQLANYs_shopmate: Could not start server

Error - 4/29/2013 3:44:23 PM | Computer Name = WIN7-ULT-64 | Source = SQLANY64 11.0 | ID = 1
Description = SQLANYs_shopmate: Cannot access "G:\SM_Custom_11\SpSpring\Database\shopmate.db":
file does not exist

Error - 4/29/2013 3:44:30 PM | Computer Name = WIN7-ULT-64 | Source = SQLANY64 11.0 | ID = 1
Description = SQLANYs_shopmate: Could not start server

Error - 4/30/2013 12:30:51 AM | Computer Name = WIN7-ULT-64 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 4/30/2013 12:30:53 AM | Computer Name = WIN7-ULT-64 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
PhotoSnap\PhotoSnap.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 4/30/2013 12:30:53 AM | Computer Name = WIN7-ULT-64 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
PhotoSnap\PhotoSnapViewer.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 4/30/2013 3:26:02 PM | Computer Name = WIN7-ULT-64 | Source = Application Hang | ID = 1002
Description = The program PB110.EXE version 11.1.0.8123 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: f00 Start
Time: 01ce45d04a8b60a0 Termination Time: 29 Application Path: C:\Program Files (x86)\Sybase\PowerBuilder
11.0\PB110.EXE Report Id: c8ff37fc-b1cb-11e2-9b59-0021859bee8e

Error - 5/1/2013 12:30:47 AM | Computer Name = WIN7-ULT-64 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 5/1/2013 12:30:50 AM | Computer Name = WIN7-ULT-64 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
PhotoSnap\PhotoSnap.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 5/1/2013 12:30:50 AM | Computer Name = WIN7-ULT-64 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
PhotoSnap\PhotoSnapViewer.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

[ Media Center Events ]
Error - 4/28/2013 7:10:34 PM | Computer Name = WIN7-ULT-64 | Source = MCUpdate | ID = 0
Description = 7:10:31 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


[ System Events ]
Error - 4/25/2013 3:12:34 PM | Computer Name = WIN7-ULT-64 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR4.

Error - 4/25/2013 3:12:35 PM | Computer Name = WIN7-ULT-64 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR4.

Error - 4/25/2013 3:14:34 PM | Computer Name = WIN7-ULT-64 | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 4/25/2013 3:14:34 PM | Computer Name = WIN7-ULT-64 | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 4/25/2013 3:25:27 PM | Computer Name = WIN7-ULT-64 | Source = Service Control Manager | ID = 7000
Description = The AST Service service failed to start due to the following error:
%%2

Error - 4/25/2013 3:27:58 PM | Computer Name = WIN7-ULT-64 | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 4/25/2013 3:27:58 PM | Computer Name = WIN7-ULT-64 | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 4/26/2013 9:05:23 AM | Computer Name = WIN7-ULT-64 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 4/28/2013 1:52:13 PM | Computer Name = WIN7-ULT-64 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk7\DR7.

Error - 4/28/2013 1:52:13 PM | Computer Name = WIN7-ULT-64 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk7\DR7.


< End of report >
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Uninstall

Freeze.com NetAssistant

Then just to make sure it's gone:

Copy the next 3 lines:

%SYSTEMROOT%\system32\msiexec.exe /qn /x {C792A75A-2A1F-4991-9B85-291745478A79}
WMIC USERACCOUNT WHERE "Name='UpdatusUser'" SET PasswordExpires=FALSE
sc config ast start= disabled

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied lines should appear.
Hit Enter. Close the command window. (First line uninstalls Freeze.com's adware. Second one fixes a problem with your NVIDIA Update Service. 3rd stops the broken asp service from trying to run.

Also uninstall all obsolete Java programs:

"{1111706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 (64-bit)
"{2222706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java™ 7 Update 5 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170050}" = Java SE Development Kit 7 Update 5 (64-bit)

(If you need a new version of a 64 bit Java, then use your 64 bit IE to visit Java.com. Uncheck the foistware like the Ask toolbar and McAfee Security before downloading or installing.)

Adjust your security to the highest

http://java.com/en/d...cp_security.xml

or if you can live without it, uncheck Enable Java Content in Browser.

Clear your Java Cache:
http://www.java.com/...lugin_cache.xml

You are running two anti-viruses. Uninstall either Norton or Microsoft Security Essentials. They will fight each other and slow down your PC.

I would also uninstall Nero 8. It didn't install correctly and is causing errors.


Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
    Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.


1. Double-click My Computer, and then right-click the hard disk that you want to check. D:
then G: then I: and then J:

2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
IF the drive is busy you will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet. (Normally these instructions are for the C: drive which always needs a reboot. If a drive is not in use it shouldn't need a reboot. In any case I only want the following done once after the last drive that needs a reboot. I would do all of the drives that don't need reboots first and save the busy drives until last.)

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.


Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Run OTL, Quickscan and post the log.

Are you still seeing "contacting ox-social.bidsystem.com\w\1.0"

Ron
  • 0

#5
ksitech

ksitech

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ron,
I really appreciate the time & effort you are taking to help me with this.
I executed your instructions and the logs are posted below. After completing the process I opened Outlook and deleted 200 junk emails. The 'contacting ox-social...." message did not appear. However, I do not get it every time I deleted messages...it was sporadic. If I don't see it for the rest of the week I will assume it is gone.

# AdwCleaner v2.300 - Logfile created 05/05/2013 at 08:05:55
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Ultimate (64 bits)
# User : mike - WIN7-ULT-64
# Boot Mode : Normal
# Running from : C:\Users\mike\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\vShare
Folder Deleted : C:\Users\mike\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\mike\AppData\LocalLow\vShare

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\vShare
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol
Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1
Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
Key Deleted : HKLM\Software\Description
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16722

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\cqqcemt4.default\prefs.js

C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\cqqcemt4.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5071 octets] - [05/05/2013 08:05:55]

########## EOF - C:\AdwCleaner[S1].txt - [5131 octets] ##########




Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 05/05/2013 9:08:25 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/05/2013 12:09:22 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AST Service service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 05/05/2013 12:01:02 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AST Service service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 05/05/2013 11:58:06 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 05/05/2013 11:57:29 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 03/05/2013 12:47:25 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk5\DR10.

Log: 'System' Date/Time: 28/04/2013 5:52:13 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk7\DR7.

Log: 'System' Date/Time: 28/04/2013 5:52:13 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk7\DR7.

Log: 'System' Date/Time: 26/04/2013 1:05:23 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk3\DR3.

Log: 'System' Date/Time: 25/04/2013 7:27:58 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 25/04/2013 7:27:58 PM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 25/04/2013 7:25:27 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AST Service service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 25/04/2013 7:14:34 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 25/04/2013 7:14:34 PM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 25/04/2013 7:12:35 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk4\DR4.

Log: 'System' Date/Time: 25/04/2013 7:12:34 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk4\DR4.

Log: 'System' Date/Time: 25/04/2013 7:10:51 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The AST Service service failed to start due to the following error: The system cannot find the file specified.

Log: 'System' Date/Time: 25/04/2013 7:09:16 PM
Type: Error Category: 0
Event: 2001 Source: Microsoft Antimalware
The event description cannot be found.

Log: 'System' Date/Time: 25/04/2013 7:09:16 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Log: 'System' Date/Time: 25/04/2013 7:01:04 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 25/04/2013 6:59:31 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/05/2013 11:52:38 AM
Type: Warning Category: 0
Event: 1002 Source: Microsoft Antimalware
The event description cannot be found.

Log: 'System' Date/Time: 01/05/2013 9:01:49 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name speedtest.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 29/04/2013 5:00:08 AM
Type: Warning Category: 0
Event: 36 Source: Microsoft-Windows-Time-Service
The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.

Log: 'System' Date/Time: 28/04/2013 5:52:13 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk7\DR7 during a paging operation.

Log: 'System' Date/Time: 28/04/2013 5:52:13 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk7\DR7 during a paging operation.

Log: 'System' Date/Time: 28/04/2013 5:52:13 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk7\DR7 during a paging operation.

Log: 'System' Date/Time: 28/04/2013 5:52:13 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk7\DR7 during a paging operation.

Log: 'System' Date/Time: 28/04/2013 5:52:13 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk7\DR7 during a paging operation.

Log: 'System' Date/Time: 28/04/2013 5:52:13 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk7\DR7 during a paging operation.

Log: 'System' Date/Time: 28/04/2013 5:52:13 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk7\DR7 during a paging operation.

Log: 'System' Date/Time: 28/04/2013 5:52:13 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk7\DR7 during a paging operation.

Log: 'System' Date/Time: 28/04/2013 5:52:13 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk7\DR7 during a paging operation.

Log: 'System' Date/Time: 28/04/2013 5:52:13 PM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk7\DR7 during a paging operation.

Log: 'System' Date/Time: 28/04/2013 3:31:25 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name monitor.networkmagic.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 25/04/2013 7:23:43 PM
Type: Warning Category: 0
Event: 1073 Source: USER32
The attempt by user WIN7-ULT-64\mike to restart/shutdown computer WIN7-ULT-64 failed

Log: 'System' Date/Time: 25/04/2013 5:07:52 PM
Type: Warning Category: 0
Event: 1002 Source: Microsoft Antimalware
The event description cannot be found.

Log: 'System' Date/Time: 25/04/2013 2:02:20 PM
Type: Warning Category: 0
Event: 1002 Source: Microsoft Antimalware
The event description cannot be found.

Log: 'System' Date/Time: 22/04/2013 1:16:55 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.sixsigmais.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 17/04/2013 5:19:02 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 17/04/2013 5:06:28 AM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on ''. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The requested name is valid, but no data of the requested type was found. (0x80072AFC)




Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.05.05.04

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
mike :: WIN7-ULT-64 [administrator]

5/5/2013 9:17:10 AM
mbam-log-2013-05-05 (09-17-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 287172
Time elapsed: 5 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCR\CLSID\{35B7E48B-9D81-4C6C-9578-5FD4F620D886} (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.
HKCR\Setup.Player.2K2 (PUP.Spyware.MarketScore) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\mike\Documents\Downloads\dp_genius.exe (PUP.Adware.Agent) -> Quarantined and deleted successfully.

(end)


OTL logfile created on: 5/5/2013 9:40:42 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mike\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.67 Gb Available Physical Memory | 61.24% Memory free
12.00 Gb Paging File | 7.98 Gb Available in Paging File | 66.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172.79 Gb Total Space | 97.81 Gb Free Space | 56.61% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 208.40 Gb Free Space | 71.13% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 112.87 Gb Free Space | 24.23% Space Free | Partition Type: NTFS
Drive H: | 74.52 Gb Total Space | 13.18 Gb Free Space | 17.68% Space Free | Partition Type: NTFS
Drive I: | 2794.51 Gb Total Space | 1623.60 Gb Free Space | 58.10% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 144.90 Gb Free Space | 31.11% Space Free | Partition Type: NTFS
Drive Y: | 128.00 Gb Total Space | 25.59 Gb Free Space | 19.99% Space Free | Partition Type: NTFS

Computer Name: WIN7-ULT-64 | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/01 08:45:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mike\Desktop\OTL.exe
PRC - [2013/04/11 22:40:10 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/04/01 21:48:11 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013/02/18 15:57:10 | 000,611,400 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_user_customer.exe
PRC - [2013/02/18 15:57:10 | 000,611,400 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_system_customer.exe
PRC - [2013/02/18 15:57:10 | 000,611,400 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_service.exe
PRC - [2013/02/18 15:57:10 | 000,611,400 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_comm_customer.exe
PRC - [2013/02/12 13:03:42 | 000,611,400 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\498\g2ax_user_expert.exe
PRC - [2013/02/12 13:03:42 | 000,611,400 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\498\g2ax_start.exe
PRC - [2013/02/12 13:03:42 | 000,611,400 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\498\g2ax_comm_expert.exe
PRC - [2012/12/23 23:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccsvchst.exe
PRC - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/04/02 16:50:14 | 000,351,888 | ---- | M] (NDS Technologies) -- C:\Users\mike\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
PRC - [2012/04/02 16:49:58 | 000,686,208 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
PRC - [2012/03/28 21:54:08 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/03/09 01:49:43 | 000,422,912 | ---- | M] () -- C:\Program Files (x86)\UPS\WSTD\WSTDMessaging.exe
PRC - [2010/12/09 15:40:28 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\UPS\WSTD\UPSNA1Msgr.exe
PRC - [2010/10/12 18:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 18:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/10/12 17:44:00 | 000,071,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
PRC - [2009/10/13 14:00:00 | 000,495,432 | R--- | M] (WinZip Computing, S.L.) -- H:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/01/06 23:25:02 | 000,689,464 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2009/01/06 23:24:54 | 000,656,696 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2008/04/23 03:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/11 22:40:10 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/04/01 21:48:11 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\wincfi39.dll
MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012/04/02 16:52:04 | 000,091,240 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\z.dll
MOD - [2012/04/02 16:51:50 | 001,402,488 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\libxml2-2.dll
MOD - [2012/04/02 16:51:32 | 000,688,264 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
MOD - [2012/04/02 16:50:40 | 006,809,720 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\gsttspplugin.dll
MOD - [2012/04/02 16:50:30 | 000,273,528 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\ndsLogStore.dll
MOD - [2012/04/02 16:50:24 | 000,051,864 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\boost_thread-vc90-mt-1_39.dll
MOD - [2012/04/02 16:50:22 | 002,049,152 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\XferManagerDll.dll
MOD - [2012/04/02 16:50:20 | 001,945,704 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\TSB.dll
MOD - [2012/04/02 16:50:08 | 002,721,920 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\PCShowServerDll.dll
MOD - [2012/04/02 16:49:58 | 000,686,208 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
MOD - [2012/04/02 16:49:56 | 001,988,216 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\DrmSingleton.dll
MOD - [2012/04/02 16:49:52 | 001,226,872 | ---- | M] () -- C:\Users\mike\AppData\Local\DIRECTV Player\CatalogDll.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/09 01:49:43 | 000,422,912 | ---- | M] () -- C:\Program Files (x86)\UPS\WSTD\WSTDMessaging.exe
MOD - [2010/12/09 15:40:28 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\UPS\WSTD\UPSNA1Msgr.exe
MOD - [2010/12/09 15:40:26 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\UPS\WSTD\POLICYMGR\UPS.Components.NA1MessengerServer.dll
MOD - [2010/12/09 15:39:44 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\UPS\WSTD\POLICYMGR\Microsoft.ApplicationBlocks.Data.dll
MOD - [2010/12/09 15:39:42 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\UPS\WSTD\POLICYMGR\UPS.Components.PolicyHolder.dll
MOD - [2010/12/09 14:57:30 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\UPS\WSTD\UPSResourceManager.dll
MOD - [2010/11/07 09:35:18 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7e94064464380c8a5d7315c8b5d312aa\System.EnterpriseServices.ni.dll
MOD - [2010/11/07 09:35:17 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\935ac020241e59cab3287d5eb38c592d\System.Data.ni.dll
MOD - [2010/11/07 09:35:17 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\c744f0f95227e75796b8689801740d4b\System.Transactions.ni.dll
MOD - [2010/11/07 09:34:56 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll
MOD - [2010/11/07 09:34:51 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll
MOD - [2010/11/07 09:34:34 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll
MOD - [2010/11/07 09:34:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll
MOD - [2010/11/07 09:34:30 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll
MOD - [2010/11/07 09:34:25 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll
MOD - [2009/07/13 17:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 17:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2009/06/10 17:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/10 17:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/06/24 22:16:40 | 000,140,152 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files\SQL Anywhere 11\Bin64\dbsrv11.exe -- (SQLANYs_shopmate)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2002/10/28 20:10:12 | 000,077,824 | ---- | M] (iAnywhere Solutions, Inc.) [On_Demand | Stopped] -- C:\Program Files\Sybase\SQL Anywhere 8\win32\dbsrv8.exe -- (ASANYs_sm_ver8)
SRV - [2013/04/11 22:40:10 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/01 21:48:11 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/18 15:57:10 | 000,611,400 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_service.exe -- (GoToAssist Remote Support Customer)
SRV - [2012/12/23 23:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ccSvcHst.exe -- (N360)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/05/15 06:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/03/28 21:54:08 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2012/01/24 10:02:53 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\759\g2aservice.exe -- (GoToAssist)
SRV - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/02/09 17:24:30 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$UPSWSDBSERVER)
SRV - [2009/01/06 23:25:02 | 000,689,464 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/26 08:29:54 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/01/30 23:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/01/30 23:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/01/28 21:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/01/28 21:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/01/21 22:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds64.sys -- (SymDS)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/15 22:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/11/15 22:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/18 13:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/07/14 13:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/07 14:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 14:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/04/25 19:59:02 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130504.007\ex64.sys -- (NAVEX15)
DRV - [2013/04/25 19:59:02 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/04/25 19:59:02 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/04/25 19:59:02 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\VirusDefs\20130504.007\eng64.sys -- (NAVENG)
DRV - [2013/04/25 15:32:44 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\IPSDefs\20130505.002\IDSviA64.sys -- (IDSVia64)
DRV - [2013/04/12 19:53:05 | 001,390,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\Definitions\BASHDefs\20130412.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/12/18 11:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 06 0B CF 2F 48 CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rchTerms}&r=531
IE - HKCU\..\SearchScopes\{34DB3D0C-8393-4CEA-AF98-E99EC2BC8C7A}: "URL" = http://www.google.co...1I7ADFA_enUS404
IE - HKCU\..\SearchScopes\{6350963F-6D18-4CFB-A86D-584FC1D59E01}: "URL" = http://search.yahoo....1042,6901,0,8,0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://ksitech.com/home.html"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Users\mike\AppData\Local\DIRECTV Player\npPCShowPlugin.dll (NDS)
FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\mike\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mike\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mike\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\mike\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\IPSFFPlgn\ [2013/04/26 08:30:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.0.36\coFFPlgn\ [2013/05/05 09:33:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/11 22:40:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/03/31 10:08:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Extensions
[2013/04/25 09:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\cqqcemt4.default\extensions
[2013/04/11 22:40:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/11 22:40:10 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/03/07 10:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/07 10:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Display] C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe (American Power Conversion Corporation)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [NA1Messenger] C:\Program Files (x86)\UPS\WSTD\UPSNA1Msgr.exe ()
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Installer] "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r install /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" /w File not found
O4 - HKCU..\Run: [GoToAssist Express Expert] C:\Program Files (x86)\Citrix\GoToAssist Express Expert\403\g2ax_start.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\Run: [GoToAssist Remote Support Expert] C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\498\g2ax_start.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 File not found
O4 - HKCU..\Run: [PCShowServer] C:\Users\mike\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe (NDS Technologies)
O4 - HKCU..\Run: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: globalsign.com ([system] https in Trusted sites)
O15 - HKCU\..Trusted Domains: globalsign.com ([systemeu] https in Trusted sites)
O15 - HKCU\..Trusted Domains: globalsign.com ([www] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.3.0.cab (SysInfo Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007 (Performance Viewer Activex Control)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADEBE017-AFB5-4194-99B3-D1A1C6AD25AE}: DhcpNameServer = 65.32.5.111 65.32.5.112
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\759\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\759\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_winlogonx64.dll) - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/03/11 04:25:46 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/03 16:26:03 | 000,004,845 | ---- | M] () - H:\AutoIssue Log Sample.pdf -- [ NTFS ]
O32 - AutoRun File - [2010/02/15 00:53:50 | 000,000,027 | ---- | M] () - I:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/08/17 19:33:34 | 000,000,141 | ---- | M] () - J:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{8b2401a5-e86d-11df-aa5b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8b2401a5-e86d-11df-aa5b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\CD_Start.exe
O33 - MountPoints2\{cd95e50c-addd-11e2-9b59-0021859bee8e}\Shell - "" = AutoRun
O33 - MountPoints2\{cd95e50c-addd-11e2-9b59-0021859bee8e}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk /r \??\I:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/05 09:15:58 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\Malwarebytes
[2013/05/05 09:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/05 09:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/05 09:15:39 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/05/05 09:15:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/05/05 07:56:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/05/02 13:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SHOP MATE
[2013/05/01 16:23:51 | 000,000,000 | ---D | C] -- C:\Users\mike\Documents\House Stuff
[2013/05/01 08:45:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mike\Desktop\OTL.exe
[2013/04/29 14:27:11 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\CrashDumps
[2013/04/26 17:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013/04/26 11:56:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/04/26 08:57:35 | 001,139,800 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa64.sys
[2013/04/26 08:57:35 | 000,796,248 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.sys
[2013/04/26 08:57:35 | 000,493,656 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds64.sys
[2013/04/26 08:57:35 | 000,432,800 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnets.sys
[2013/04/26 08:57:35 | 000,224,416 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ironx64.sys
[2013/04/26 08:57:35 | 000,168,096 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.sys
[2013/04/26 08:57:35 | 000,036,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.sys
[2013/04/26 08:57:35 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symelam.sys
[2013/04/26 08:57:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1403010.016
[2013/04/26 08:29:54 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/04/26 08:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/04/26 08:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/04/26 08:28:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2013/04/26 08:28:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013/04/26 08:28:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2013/04/26 08:28:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/04/25 10:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/04/24 16:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2013/04/13 11:55:34 | 000,000,000 | ---D | C] -- C:\Users\mike\Documents\MFM Images
[2013/04/11 22:40:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[31 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/05 09:39:33 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/05 09:39:33 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/05 09:37:24 | 000,892,886 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/05 09:37:24 | 000,747,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/05 09:37:24 | 000,145,544 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/05 09:33:03 | 000,000,259 | ---- | M] () -- C:\Windows\wstdUPSWSHIP.INI
[2013/05/05 09:31:33 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (SD).job
[2013/05/05 09:31:31 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/05 09:31:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/05 09:31:08 | 536,207,359 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/05 09:15:43 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/05 09:14:21 | 000,000,032 | ---- | M] () -- C:\Windows\CD_Start.INI
[2013/05/05 09:07:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1716187155-4178444909-2937509915-1000UA.job
[2013/05/05 08:57:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/05 08:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/05 07:56:16 | 000,001,024 | ---- | M] () -- C:\Users\mike\.rnd
[2013/05/05 07:56:00 | 000,000,090 | ---- | M] () -- C:\Windows\Irremote.ini
[2013/05/05 07:53:02 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/05/05 07:52:23 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/05/04 10:07:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1716187155-4178444909-2937509915-1000Core.job
[2013/05/02 13:44:34 | 000,000,009 | ---- | M] () -- C:\Windows\SysWow64\PROTOCOL.INI
[2013/05/01 16:44:07 | 000,002,082 | -H-- | M] () -- C:\Users\mike\Documents\Default.rdp
[2013/05/01 08:45:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mike\Desktop\OTL.exe
[2013/04/29 15:46:20 | 000,005,522 | ---- | M] () -- C:\Windows\ODBC.INI
[2013/04/29 14:38:46 | 000,000,881 | ---- | M] () -- C:\Users\mike\.jlogon11
[2013/04/28 09:40:26 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/04/26 09:06:27 | 001,164,001 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\Cat.DB
[2013/04/26 09:05:42 | 000,002,238 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/04/26 08:29:54 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/04/26 08:29:54 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/04/26 08:29:54 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/04/25 15:12:32 | 000,002,270 | ---- | M] () -- C:\Users\mike\Desktop\Resume ZoneAlarm Security Install.lnk
[2013/04/24 14:52:00 | 810,758,144 | ---- | M] () -- C:\Users\mike\Desktop\shopmate.db
[2013/04/10 13:07:39 | 000,002,366 | ---- | M] () -- C:\Users\mike\Desktop\Google Chrome.lnk
[2013/04/05 14:57:41 | 000,213,515 | ---- | M] () -- C:\Users\mike\Desktop\jb_status_det.pdf
[2013/04/05 14:54:49 | 000,056,717 | ---- | M] () -- C:\Users\mike\Desktop\4-5-2013 2-54-16 PM.pdf
[31 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/05 09:15:43 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/05 09:14:21 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2013/05/05 07:56:35 | 000,774,144 | ---- | C] () -- C:\Windows\SysWow64\NEROINSTAEC43759.DB
[2013/05/05 07:56:14 | 000,001,024 | ---- | C] () -- C:\Users\mike\.rnd
[2013/04/26 09:06:00 | 001,164,001 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\Cat.DB
[2013/04/26 08:58:19 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\VT20130115.021
[2013/04/26 08:57:35 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symelam64.cat
[2013/04/26 08:57:35 | 000,007,611 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.cat
[2013/04/26 08:57:35 | 000,007,601 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnet64.cat
[2013/04/26 08:57:35 | 000,007,593 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\iron.cat
[2013/04/26 08:57:35 | 000,007,589 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.cat
[2013/04/26 08:57:35 | 000,007,587 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa64.cat
[2013/04/26 08:57:35 | 000,007,585 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.cat
[2013/04/26 08:57:35 | 000,007,581 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds64.cat
[2013/04/26 08:57:35 | 000,003,434 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa.inf
[2013/04/26 08:57:35 | 000,002,852 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds.inf
[2013/04/26 08:57:35 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnet.inf
[2013/04/26 08:57:35 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.inf
[2013/04/26 08:57:35 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.inf
[2013/04/26 08:57:35 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symelam.inf
[2013/04/26 08:57:35 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.inf
[2013/04/26 08:57:35 | 000,000,767 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\iron.inf
[2013/04/26 08:57:18 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\isolate.ini
[2013/04/26 08:29:54 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/04/26 08:29:54 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/04/26 08:29:46 | 000,002,238 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/04/25 10:01:45 | 810,758,144 | ---- | C] () -- C:\Users\mike\Desktop\shopmate.db
[2013/04/24 17:10:53 | 000,002,270 | ---- | C] () -- C:\Users\mike\Desktop\Resume ZoneAlarm Security Install.lnk
[2013/04/05 14:57:02 | 000,213,515 | ---- | C] () -- C:\Users\mike\Desktop\jb_status_det.pdf
[2013/04/05 14:54:16 | 000,056,717 | ---- | C] () -- C:\Users\mike\Desktop\4-5-2013 2-54-16 PM.pdf
[2013/01/23 08:12:06 | 000,009,584 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2013/01/22 17:58:48 | 000,224,092 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/09/11 15:25:33 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\pdfdf.dll
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/01/24 10:02:49 | 000,102,248 | ---- | C] () -- C:\Users\mike\GoToAssistDownloadHelper.exe
[2011/10/28 17:44:08 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/26 11:49:16 | 000,000,259 | ---- | C] () -- C:\Windows\wstdUPSWSHIP.INI
[2011/04/26 23:17:34 | 000,003,584 | ---- | C] () -- C:\Users\mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/31 14:44:02 | 000,003,817 | ---- | C] () -- C:\Users\mike\.SybaseCentralEditor
[2011/03/14 09:24:03 | 000,000,349 | ---- | C] () -- C:\Users\mike\.isqlSettings
[2011/03/09 17:37:11 | 000,003,950 | ---- | C] () -- C:\Users\mike\.SybaseCentralEditor600
[2011/02/28 16:35:46 | 000,000,149 | ---- | C] () -- C:\Users\mike\helpManager.lst
[2011/02/28 16:31:50 | 000,000,585 | ---- | C] () -- C:\Users\mike\.jlogon
[2011/02/28 16:30:23 | 000,000,601 | ---- | C] () -- C:\Users\mike\.scUserPreferences41
[2011/01/11 10:18:00 | 000,015,193 | ---- | C] () -- C:\Users\mike\.isqlHistory11
[2011/01/11 10:17:59 | 000,003,715 | ---- | C] () -- C:\Users\mike\.isqlPreferences11
[2011/01/10 11:21:10 | 000,112,784 | ---- | C] () -- C:\Users\mike\g2ax_expert_downloadhelper_win32_x86.exe
[2010/12/09 11:55:47 | 000,060,304 | ---- | C] () -- C:\Users\mike\g2mdlhlpx.exe
[2010/11/09 18:35:45 | 000,000,318 | ---- | C] () -- C:\Users\mike\.QueryEditor11
[2010/11/09 14:27:43 | 000,110,456 | ---- | C] () -- C:\Users\mike\g2ax_customer_downloadhelper_win32_x86.exe
[2010/11/05 08:59:47 | 000,000,193 | ---- | C] () -- C:\Users\mike\.DBConsole11
[2010/11/04 17:31:38 | 000,000,881 | ---- | C] () -- C:\Users\mike\.jlogon11

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 10:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 10:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/08/01 10:36:10 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Avery
[2012/05/28 16:20:55 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/10 09:59:04 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\ComponentOne
[2011/01/20 11:13:44 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Forte
[2012/05/29 20:10:46 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Garmin
[2011/02/18 12:27:31 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\GetRightToGo
[2011/04/26 14:53:34 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\HandBrake
[2012/02/08 16:27:53 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\HDRsoft
[2010/11/12 15:24:11 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\ICAClient
[2011/01/28 18:32:43 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Leadertech
[2012/02/09 17:14:43 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Memeo
[2012/08/19 17:26:35 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\onOne Software
[2012/01/13 12:24:47 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\PDF Writer
[2011/02/12 11:25:50 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\RhinoSoft.com
[2011/06/29 15:59:05 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\shop mate
[2011/08/11 16:51:59 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\SmartDraw
[2011/01/24 12:03:56 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Stamps.com Internet Postage
[2012/10/20 22:36:25 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Stellarium
[2011/01/14 15:07:19 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\TightVNC
[2013/04/25 14:16:52 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\webex

========== Purity Check ==========



< End of report >
  • 0

#6
ksitech

ksitech

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ron,
I received the "ox-social" message today when deleting some junk emails. Is it possible that the problem is not a "virus", but that it is something embedded in specific emails? I'm not sure how deleting an email would trigger it. Your thoughts?

Mike
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Do you know what this service is?

The AST Service service failed to start due to the following error: The system cannot find the file specified.


Think it's related to this:

http://trustedactivation.com/

but not sure.

What email program are you using?

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Besides the previous post:

It looks like you probably use Outlook 2010 for your email so:

Outlook

On the Tools menu, click Trust Center, and then click Add-ins.
In the Add-ins box, identify the add-in that you want to enable or disable and note the Add-in type located in the Type column.
Select the Add-in type in the Manage box and then click Go.
Select or clear the check box for the Add-in that you want enable or disable and then click OK.

Basically we want to disable any add-ons you do not recognize and see if that stops the contacting ox-social.bidsystem.com
  • 0

#9
ksitech

ksitech

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ron,
I will run the scans and send them to you. The only 2 add-ins have are ones I trust (Avery, Snag-it). However, I have isolated a specific email that consistently causes the problem when I open it. Can I attach it to a post for you to look at? I don't want to attach anything that will cause problems for you or the site.

Thanks,
Mike
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
best to zip it up if you can then attach it.
  • 0

#11
ksitech

ksitech

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ron,
Here is the zipped email.

Attached Files


  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
I think this is some sort of ad tracking system that is not working correctly. Apparently the company behind ox-social.bidsystem.com is Adknowledge.

Adknowledge is a digital marketing company that works with brands, agencies and publishers. It promises to “Unlock your digital audience” through social media, email, display ads, mobile, apps, video and sponsored content.

Adknowledge operates the largest privately held online marketplace, allowing advertisers to bid for traffic in websites, email and smaller search engines. Publishers can show Adknowledge ads by utilizing AdStation on their website, email list, or search engine.

I don't use Outlook so I'm at bit of a disadvantage but I wonder if we reroute it in the hosts file what will happen.

Download HostsXpert from http://www.funkytoad...HostsXpert.zip. Save the file then right click and Extract All. It will create a new folder in the same place. In the folder find HostsXpert.exe and right click on it and Run As Administrator.

It will take a few seconds to appear. If the top line in the left column says Make Writeable, click on it and it should change to Make Read Only? If it already says Make Read Only? that's OK just go on to the next step.
Click on Editing. There should be a little box under Add Line. Type in: 127.0.0.1 ox-social.bidsystem.com
Then click on the Add Line. The line should appear in the right pane.
Click on File Handling then
Click on the Make Read Only? entry then close HostXpert.

Try deleting another email (or restore the one you sent me and delete it). If it causes Outlook to hang:
If the top line in the left column says Make Writeable, click on it and it should change to Make Read Only? If it already says Make Read Only? that's OK just go on to the next step.
Now click on the left column entry that says: Restore MSHosts file. Click on the Make Read Only? entry then close HostXpert.

Another possibility because a lot of programs look to IE is to go Tools (or click on the gear), Internet Options, Security, Restricted Sites, Sites and add ox-social.bidsystem.com
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP