I just reopened Chrome a few minutes ago and suddenly it's turning up my homepage to http://search.conduit.com/ and added a entrusted toolbar which looks like its from there too. I tried removing it via my settings on Chrome and it's still there. Running windows 7, latest version of Chrome.
Thanks in advance,
~Lisa
Here's my OTL results
OTL logfile created on: 02/05/2013 12:34:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lisa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
8.00 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 30.45% Memory free
16.00 Gb Paging File | 10.20 Gb Available in Paging File | 63.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 734.33 Gb Total Space | 553.84 Gb Free Space | 75.42% Space Free | Partition Type: NTFS
Drive D: | 673.17 Gb Total Space | 338.26 Gb Free Space | 50.25% Space Free | Partition Type: NTFS
Drive E: | 15.37 Gb Total Space | 3.12 Gb Free Space | 20.30% Space Free | Partition Type: NTFS
Drive F: | 14.20 Gb Total Space | 2.01 Gb Free Space | 14.15% Space Free | Partition Type: NTFS
Drive M: | 1298.30 Gb Total Space | 1240.95 Gb Free Space | 95.58% Space Free | Partition Type: NTFS
Drive N: | 244.14 Gb Total Space | 28.44 Gb Free Space | 11.65% Space Free | Partition Type: NTFS
Computer Name: DDUB | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/05/01 23:31:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Downloads\OTL.exe
PRC - [2013/04/11 08:28:08 | 002,730,784 | ---- | M] (Conduit) -- C:\Users\Lisa\AppData\Roaming\SearchProtect\bin\cltmng.exe
PRC - [2013/04/11 08:28:08 | 000,093,984 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
PRC - [2013/02/28 18:20:27 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2013/02/28 15:03:38 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Users\Lisa\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/17 22:38:34 | 000,128,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
PRC - [2012/07/13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/11/20 06:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/10/16 18:42:54 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2009/10/16 18:39:32 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2009/10/16 18:37:22 | 001,325,936 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/09/15 18:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2009/09/08 15:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
========== Modules (No Company Name) ==========
MOD - [2013/04/09 02:57:07 | 000,390,096 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 02:57:06 | 013,130,704 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013/04/09 02:57:05 | 004,050,896 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 02:56:15 | 000,598,480 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 02:56:14 | 000,124,368 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 02:56:13 | 001,606,096 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2012/08/17 22:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/03/04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011/03/04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011/03/04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/10/16 17:59:30 | 001,328,480 | ---- | M] () -- C:\Program Files (x86)\Seagate\DiscWizard\fox.dll
MOD - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
========== Services (SafeList) ==========
SRV:64bit: - [2010/11/30 14:27:58 | 000,336,824 | ---- | M] (arvato digital services llc) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64)
SRV:64bit: - [2009/10/07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/15 10:13:06 | 000,127,272 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/07/15 10:13:02 | 005,414,184 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/11 08:28:08 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/28 18:20:27 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/16 18:39:50 | 000,606,048 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/09/08 15:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/04/23 14:04:39 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/04/23 14:04:39 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013/04/23 14:04:39 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012/11/02 16:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/11/01 22:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/10/25 18:40:22 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012/10/25 18:40:22 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/02 16:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/06/19 18:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/13 18:32:57 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/10/13 18:32:57 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2011/10/13 18:32:56 | 000,235,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/10/13 18:32:53 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2011/08/10 16:40:58 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/29 06:31:18 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 13:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/04/30 17:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/04/30 16:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2009/04/30 16:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2008/07/26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/02/16 13:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007/02/15 18:11:26 | 000,012,976 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 7A 30 F2 7A 26 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lisa\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lisa\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/23 14:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/23 14:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/23 14:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/23 14:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/23 14:04:42 | 000,000,000 | ---D | M]
[2012/04/29 17:26:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.condui...2331340300&UM=2
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Logitech Device Detection (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\npLogitechDeviceDetection.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Lisa\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Logitech Device Detection = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\
CHR - Extension: Safe Money = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Content Blocker = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtual Keyboard = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: entrusted = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk\10.15.2.24_0\
CHR - Extension: Gmail = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [SearchProtect] C:\Users\Lisa\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.153.176.1 75.153.176.9 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{589E8FFC-6356-461E-8BEE-2053D34F3B7D}: DhcpNameServer = 75.153.176.1 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6542EECC-8C14-4A15-8DAA-B1036E2E015A}: DhcpNameServer = 75.153.176.1 75.153.176.9 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4851d184-f5fc-11e0-9753-002618330986}\Shell - "" = AutoRun
O33 - MountPoints2\{4851d184-f5fc-11e0-9753-002618330986}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -a
O33 - MountPoints2\{8142e507-0fb4-11e1-a6c7-002618330986}\Shell - "" = AutoRun
O33 - MountPoints2\{8142e507-0fb4-11e1-a6c7-002618330986}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/05/01 19:37:36 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\sigil-ebook
[2013/05/01 19:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sigil
[2013/05/01 17:46:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/05/01 17:45:56 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\SearchProtect
[2013/05/01 17:45:53 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\CRE
[2013/05/01 17:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigil
[2013/05/01 17:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Sigil
[2013/05/01 17:44:18 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\OpenCandy
[2013/05/01 15:12:59 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{9396040A-B962-49A9-AC48-F2E1BF13B106}
[2013/05/01 03:03:24 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{6BB3B46B-1348-4AF6-98DD-F3305517780B}
[2013/04/30 15:03:11 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{D32760CB-8CFF-43F2-9E75-E134F9B4B167}
[2013/04/29 18:12:42 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{48C6321B-29E0-43AB-8A9A-41F82B25B2CB}
[2013/04/28 15:27:41 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{B2304EA7-DC07-4AD1-B9D8-62EBB4C5AE84}
[2013/04/27 13:08:30 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{BD130947-1D00-4811-9509-D09D44AD40F9}
[2013/04/26 20:33:45 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\vlc
[2013/04/26 20:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/04/26 14:18:47 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{70A3DF65-9CCE-4BEC-AC56-8AE0A3A49A76}
[2013/04/25 16:57:20 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{138FB2BC-CEB6-4A3C-B274-12782718CC27}
[2013/04/24 14:04:08 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{5C3395AC-AB5A-4A63-9880-D52B2309A0A1}
[2013/04/23 13:51:57 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{AE6BF51C-3C0A-4A4C-8D45-473D37D3D6CA}
[2013/04/22 16:02:58 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{455F884C-AFFE-48D7-A1FC-3F4C7CBBEEF3}
[2013/04/22 15:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/04/21 15:19:04 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{6DA64E04-DB38-4E7F-BBE4-C3265D5D4758}
[2013/04/20 14:06:53 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{F00675F0-3ADB-4A61-BD2B-497056FB3145}
[2013/04/19 16:10:43 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{387E13B1-7D9D-44BD-B7CB-AD0A028BA394}
[2013/04/18 14:22:10 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{E6D19B89-DAA1-4FCA-81FA-98253C1B1DBC}
[2013/04/17 16:17:29 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{95650CBC-350A-42E1-85BB-E65E3BE4A29D}
[2013/04/16 16:41:35 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{43275280-AD3E-4E49-8909-1830A289273A}
[2013/04/15 16:21:51 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{347EBF75-9E24-4E3D-BC00-017C1D64C9E4}
[2013/04/14 15:28:27 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{D8BF6617-1A41-4E8B-A075-CD8D33366C5E}
[2013/04/13 17:39:52 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{B854B4F5-54AE-4938-94D9-B074585144CA}
[2013/04/12 19:27:56 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{56F7DB91-D18D-443E-9806-E087CC37ECFF}
[2013/04/09 15:16:33 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{2ED1921A-098D-44F0-8FB3-E1ECC07A1DF5}
[2013/04/07 21:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/04/07 15:25:02 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{07D72DFA-6C73-432E-A864-C02DDD08785B}
[2013/04/06 14:32:40 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{CCD2DCA5-40D3-4BC9-8443-AC5F6638E575}
[2013/04/05 18:10:59 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\Superfood honey and bee pollen- prevent disease, heal, and clear your mind_files
[2013/04/05 15:54:04 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{B3D9F705-A239-45B8-BA64-02FF6DAFD818}
[2013/04/04 14:17:07 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{B67EA3E9-B112-49C0-8852-EE746EB35313}
[2013/04/03 14:38:10 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{F18C6DF9-D5AA-4E89-8E88-5FC8A4F75155}
[2013/04/02 17:03:03 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{2ED9B6A1-41CB-4961-974A-841D2AE25311}
[2011/11/02 19:28:42 | 000,465,264 | ---- | C] (Corel) -- C:\Program Files (x86)\Common Files\AppFramework.dll
[2011/11/02 19:28:42 | 000,332,144 | ---- | C] (Corel) -- C:\Program Files (x86)\Common Files\MediaOrganizer.dll
[2011/11/02 19:28:42 | 000,033,136 | ---- | C] (Corel-V1E) -- C:\Program Files (x86)\Common Files\FlickrProvider.dll
========== Files - Modified Within 30 Days ==========
[2013/05/02 00:11:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3772248215-4264361790-2601894061-1001UA.job
[2013/05/01 19:36:36 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\Sigil.lnk
[2013/05/01 17:46:56 | 000,000,009 | ---- | M] () -- C:\END
[2013/05/01 15:11:36 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/01 15:11:36 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/01 15:04:22 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013/05/01 15:03:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/01 15:02:53 | 2146,836,479 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/27 14:11:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3772248215-4264361790-2601894061-1001Core.job
[2013/04/26 20:33:39 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/24 14:43:38 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/24 14:43:38 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/24 14:43:38 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/23 14:04:39 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/04/23 14:04:39 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2013/04/23 14:04:39 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013/04/23 14:04:38 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/04/12 19:23:38 | 004,905,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/04 19:54:56 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
========== Files Created - No Company Name ==========
[2013/05/01 17:44:35 | 000,000,009 | ---- | C] () -- C:\END
[2013/05/01 17:44:21 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\Sigil.lnk
[2013/04/26 20:33:39 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/12/13 18:20:56 | 000,009,643 | ---- | C] () -- C:\Users\Lisa\A-COBXdCAAA6CT4.jpg
[2012/12/13 18:18:16 | 000,018,982 | ---- | C] () -- C:\Users\Lisa\A-CHV4zCAAAnV-e.jpg
[2012/12/08 17:27:01 | 000,000,132 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/11/01 23:25:26 | 000,017,408 | ---- | C] () -- C:\Users\Lisa\AppData\Local\WebpageIcons.db
[2012/10/31 15:25:58 | 000,505,774 | ---- | C] () -- C:\Users\Lisa\canadianpassportformwithinfo.pdf
[2012/10/31 15:17:28 | 000,488,609 | ---- | C] () -- C:\Users\Lisa\canadianpassportform.pdf
[2012/10/24 23:49:43 | 000,054,578 | ---- | C] () -- C:\Users\Lisa\A6B5RgICAAAjs6C.jpg
[2012/10/23 23:01:59 | 000,021,968 | ---- | C] () -- C:\Users\Lisa\A5adlBfCcAAzzY6.jpg-large
[2012/10/23 22:59:31 | 000,056,730 | ---- | C] () -- C:\Users\Lisa\A5wHnAFCUAArOcn.jpg-large
[2012/10/23 22:59:20 | 000,025,033 | ---- | C] () -- C:\Users\Lisa\A5wIaBBCIAAVLBm.jpg-large
[2012/07/29 03:51:09 | 000,003,584 | ---- | C] () -- C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/19 18:09:21 | 000,000,268 | RH-- | C] () -- C:\ProgramData\grep
[2012/07/19 18:09:21 | 000,000,268 | RH-- | C] () -- C:\Users\Lisa\AppData\Roaming\designjet
[2012/07/19 18:09:21 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2012/07/19 18:09:21 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Abstract
[2012/07/19 18:07:00 | 000,000,268 | RH-- | C] () -- C:\Users\Lisa\AppData\Roaming\Workflows
[2012/07/19 18:07:00 | 000,000,268 | RH-- | C] () -- C:\ProgramData\docInfo
[2012/07/19 18:07:00 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/11/02 19:28:42 | 000,402,800 | ---- | C] () -- C:\Program Files (x86)\Common Files\facebook.dll
[2011/11/02 19:28:42 | 000,148,177 | ---- | C] () -- C:\Program Files (x86)\Common Files\BookViewer.xap
[2011/11/02 19:28:42 | 000,130,416 | ---- | C] () -- C:\Program Files (x86)\Common Files\PluginCommon.dll
[2011/11/02 19:23:12 | 000,645,752 | ---- | C] () -- C:\Users\Lisa\DSCN6696.JPG
[2011/10/30 17:37:06 | 000,786,504 | ---- | C] () -- C:\Windows\SysWow64\CNQ9602N.DAT
[2011/10/30 17:37:06 | 000,296,064 | ---- | C] () -- C:\Windows\SysWow64\CNQ9602W.DAT
[2011/10/13 18:14:24 | 000,000,367 | ---- | C] () -- C:\Users\Lisa\pdf.gif
[2011/10/13 15:34:10 | 000,221,279 | ---- | C] () -- C:\Users\Lisa\1467859115.pdf
[2011/10/13 15:23:48 | 000,460,291 | ---- | C] () -- C:\Users\Lisa\1468308454.pdf
[2011/10/10 12:45:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
========== ZeroAccess Check ==========
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/08/27 00:24:35 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Auslogics
[2013/02/28 18:11:07 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\calibre
[2011/10/30 17:37:47 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Canon
[2012/12/16 00:03:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\com.masque.slots.IGTSlotsLilLady
[2012/08/26 15:54:50 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\GlarySoft
[2012/02/23 16:12:49 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\IMVU
[2012/02/09 00:11:29 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\IMVUClient
[2012/01/18 23:53:07 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Leadertech
[2012/12/16 18:18:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Masque
[2012/11/07 13:40:53 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Nikon
[2013/05/01 17:44:22 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\OpenCandy
[2011/10/12 13:29:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\OpenOffice.org
[2013/05/01 17:51:49 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\SearchProtect
[2011/10/17 12:28:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/10/18 22:21:17 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WinBatch
[2011/10/10 22:05:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Windows Live Writer
[2011/11/24 17:46:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WTouch
========== Purity Check ==========
< End of report >
Extras:
OTL Extras logfile created on: 02/05/2013 12:34:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lisa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
8.00 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 30.45% Memory free
16.00 Gb Paging File | 10.20 Gb Available in Paging File | 63.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 734.33 Gb Total Space | 553.84 Gb Free Space | 75.42% Space Free | Partition Type: NTFS
Drive D: | 673.17 Gb Total Space | 338.26 Gb Free Space | 50.25% Space Free | Partition Type: NTFS
Drive E: | 15.37 Gb Total Space | 3.12 Gb Free Space | 20.30% Space Free | Partition Type: NTFS
Drive F: | 14.20 Gb Total Space | 2.01 Gb Free Space | 14.15% Space Free | Partition Type: NTFS
Drive M: | 1298.30 Gb Total Space | 1240.95 Gb Free Space | 95.58% Space Free | Partition Type: NTFS
Drive N: | 244.14 Gb Total Space | 28.44 Gb Free Space | 11.65% Space Free | Partition Type: NTFS
Computer Name: DDUB | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.txt[@ = SigilTXT] -- C:\Program Files\Sigil\Sigil.exe ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.txt [@ = SigilTXT] -- C:\Program Files\Sigil\Sigil.exe ()
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = SigilHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with Corel PaintShop Photo Pro X3] -- "C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Zazzle] -- "C:\Program Files (x86)\Zazzle\Uploader\Uploader.exe" "%1" (Zazzle.com, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with Corel PaintShop Photo Pro X3] -- "C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Zazzle] -- "C:\Program Files (x86)\Zazzle\Uploader\Uploader.exe" "%1" (Zazzle.com, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0570EC39-0510-4CA4-8A0C-2661B7AE5051}" = rport=137 | protocol=17 | dir=out | app=system |
"{0CC112EC-C53A-4708-9A2B-4160E1838EA1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2289BB1D-313E-45F0-847D-8DEF8B56B121}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22ABE97E-E78F-4AEC-9C02-E5E5CFB9EF37}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{34E2666F-7E05-4F01-A9AE-E2C794EFCAD9}" = rport=139 | protocol=6 | dir=out | app=system |
"{3DC8D420-70A7-4D5A-90F4-D061945BD09B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{52C1589F-4917-4AF3-ADB9-6BC3725D94BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6435C85F-6254-4B42-A039-7C383654E23F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{64F2B3BB-35EC-468F-9663-3967C22C5229}" = rport=138 | protocol=17 | dir=out | app=system |
"{655E68EE-572A-46F2-B454-B1EAD080DE22}" = lport=445 | protocol=6 | dir=in | app=system |
"{6E77B5AF-233D-48E4-A478-DCCB7AC3A622}" = rport=445 | protocol=6 | dir=out | app=system |
"{7AE460D9-2E86-47C4-9110-FEF322821070}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7D3BD178-D82E-4052-A85A-C8A989AE911E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{82E3DB83-4D05-47D4-83EB-1710A3D32545}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{839FCEBF-1728-419A-808F-63D67184C005}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{91B70E45-6DFC-4130-982C-A1EFC117E6D8}" = lport=138 | protocol=17 | dir=in | app=system |
"{ADCDD598-C749-495C-81FF-1250D248969B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDAEDF04-F236-47B8-9843-6163F7F7CD69}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BF0B9A8A-81CA-4D50-9D84-8A73B6221462}" = lport=137 | protocol=17 | dir=in | app=system |
"{C59AA927-384D-4E20-AFF1-4C6490732CBD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5C32B2C-CED9-439A-8165-AD226EE05369}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CC84EE5A-3F1B-4CE2-9060-453E42597308}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D268D557-3F4E-4F79-987B-42E77C26B6FA}" = lport=139 | protocol=6 | dir=in | app=system |
"{DA155293-DCBD-41BD-978C-2B09E7574C18}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E6323BEA-CCD0-4BD8-805E-CE1B96CAC0D2}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FE81B12-3C66-461E-88DF-C7BA94E5CA09}" = protocol=58 | dir=out | [email protected],-28546 |
"{1077B0CA-4D72-42CB-8CF9-D05B20CE0CFB}" = protocol=58 | dir=out | [email protected],-503 |
"{11DAA599-9690-4101-9028-1AF61E4755D4}" = protocol=6 | dir=out | app=system |
"{1406AD5B-3381-4AD7-BBCA-13229AA80A23}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
"{15EC1009-8608-4BD8-B5A1-80746E5B2FD1}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{1DE5A81E-5650-4BE7-9D42-5353A4D3E259}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2F70E810-65DA-4D81-ADB7-9DF1F8539ECA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{339E7D2B-BCF2-4709-85D1-101C27675E7B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{35A0A572-2F97-4BEA-83C6-CF891867CF9F}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{394FC2E5-D7E6-4C97-A36F-87DCB0C4EBB0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{46A6D497-9BF9-4065-A589-2B01AB967AC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46F684A2-9542-4B61-A766-F8D88644DAB4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4EE0B81F-FB40-4089-9154-FE1F9818FD6B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{54DBBBBF-F983-4C72-8D00-41D823359CF1}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{55A6498F-CEC9-4CBC-861A-851AE72E7DC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5733E483-675A-44F6-9061-05DFEB59AE4E}" = protocol=1 | dir=out | [email protected],-28544 |
"{5D10346C-4322-49A4-AF68-AFD83D2AF0B0}" = protocol=58 | dir=in | [email protected],-28545 |
"{62BB56DA-342C-4F0B-B9E2-C41C3E19F11A}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{699231A7-49C0-4AF3-857E-A016B5AC492B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6BBB9655-B935-4EE0-A0F3-F15076D553C6}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
"{762FFA46-89E2-4F67-AA81-141A541659A2}" = protocol=58 | dir=in | app=system |
"{7AE7C093-BFB4-4173-AB69-8A9600CC294B}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe |
"{7D30673A-0266-4D60-AF18-530600AE7EEE}" = protocol=1 | dir=in | [email protected],-28543 |
"{8A798043-B40B-4C43-8186-91FC75715A59}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe |
"{932AD970-D3C9-459B-99F4-50C8B86E66EF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A83ACDDC-E217-4D3D-A8D9-0E140EA91488}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE78E125-75BB-41B5-A35F-1282AA75B4BD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe |
"{B7A91E57-B2BD-4255-8AEC-B0D3094D0E3E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CAFB323D-F8F6-49DE-B62F-BC66EB66BC70}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CB164CB3-32B1-4415-9D6B-5C37E0A4711A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D57A4BC8-86A9-44AF-A10D-CF75C99A5EA8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D9C16F25-4C65-46F7-A800-E7C646CC74C3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E494F919-FD87-4BEF-9395-2082F997DF6B}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe |
"{E706C0C5-BCB3-4B9C-9BB0-1FE9B63FD995}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe |
"{EA2EF4CA-70A1-4933-91E5-B1B3DD6AFC6E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA66B43B-063A-46B5-908D-1C268A4FB706}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FBBD7D23-CE87-4959-BF2D-EF86157FF23C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{08A8CCEA-36DC-4634-AAAA-79463D644C0E}" = Corel Painter 12
"_{8598F31E-B7DC-49BE-ACD6-1AF7F2E5EDD4}" = Corel Painter 12 - Extra Content
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{08A8CCEA-36DC-4634-AAAA-79463D644C0E}" = Painter 12 - Setup Files
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9602" = CanoScan 9000F Scanner Driver
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1BF97502-21C5-429B-9B5B-8F560BE91348}" = Corel Painter 12 - IPM
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{42CD49CD-4B05-4A2D-8FD1-E37CC9315FA5}" = Painter 12 - Core
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E82E2E9-668B-4F8A-814A-78E163FCDBCD}" = IconHandler 64 bit
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690C091A-E12C-469E-91C0-7BECCD698187}" = Painter 12 - Corex64
"{77013803-5BA9-4C8A-BFC4-99AE7151C4B7}" = Painter 12 - EN
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8598F31E-B7DC-49BE-ACD6-1AF7F2E5EDD4}" = Corel Painter 12 - Extra Content
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97759DE4-0A6A-4ACF-A511-4DA791BEAA1A}" = Painter 12 - Content
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Recuva" = Recuva
"Sigil_is1" = Sigil 0.4.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{707EB912-C597-49D8-9460-46CC9AB03EBE}" = Corel Painter Photo Essentials 4
"_{9C9078D1-FA30-4E1B-A194-983A4898F848}" = Corel KPT Collection
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{016DD24A-480B-4B54-997C-1207CE1BB2EE}" = Masque IGT Slots Lil' Lady
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media
"{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)
"{0DBC021C-95D9-435A-A4B0-E6515AFD1A71}" = Nero Prerequisite Installer 2.0
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1943C3BD-4462-4612-92C3-D36DD917C447}" = Nero Recode
"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)
"{29F67D84-3A70-456E-806A-52301B02070B}" = Nero Effects Basic
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3FCC9F13-F01B-4D81-8919-ED9D8DB457E5}" = calibre
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{533B3480-EAB6-44DD-B2E4-715E958210E0}" = TweetDeck
"{554E1FFC-BDD3-4268-8C05-18C5AF257E61}" = Masque IGT Slots Texas Tea
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{560FC78C-A4B2-461D-9B47-820C1EEF87B8}" = Nero 12
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CF89090-ACF6-49B0-AB3A-85F3344497DF}" = Masque IGT Slots Little Green Men
"{707EB912-C597-49D8-9460-46CC9AB03EBE}" = Corel Painter Photo Essentials 4
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{828175FA-7307-4DBF-95AD-9CEE086B6F45}" = Welcome App (Start-up experience)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FCCFCD-46E3-43FB-A397-78BFD5A8980A}" = Nero Video
"{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express
"{86847081-B387-4F49-AED1-C9B0A090D66C}" = Nero Recode Help (CHM)
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0137-0409-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9078D1-FA30-4E1B-A194-983A4898F848}" = Corel KPT Collection
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7765932-77D6-E0B2-1B27-E2973B5E1BD5}" = TweetDeck
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{ACE49D50-19CD-44A6-B192-46F985283B26}" = Nero PiP Effects Basic
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B128179D-A5E1-43AC-9422-12A109ECD2A0}" = Nero Video Help (CHM)
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B953732D-B623-4E84-B369-CFFF7B1AE06F}" = Nero RescueAgent
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}" = Nero BackItUp
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}" = Nero Disc Menus Basic
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EC8D64E0-DC6A-4E30-8491-0B6CAB34E339}_is1" = INCENDIA 1.5
"{ED8EF3C2-FA5B-4A1E-950D-5A0227161F97}" = ArcSoft PhotoStudio 6
"{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cisco Connect" = Cisco Connect
"Glary Utilities_is1" = Glary Utilities 2.48.0.1568
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Logitech Vid" = Logitech Vid HD
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"NirSoft VideoCacheView" = NirSoft VideoCacheView
"Pen Tablet Driver" = Bamboo
"SearchProtect" = Search Protect by conduit
"Sigil_is1" = Sigil 0.7.2
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"ZazzleUploader" = Zazzle Uploader
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"KindlePreviewer" = Kindle Previewer
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19/04/2013 6:08:49 PM | Computer Name = DDub | Source = TabletServicePen | ID = 0
Description =
Error - 19/04/2013 11:53:22 PM | Computer Name = DDub | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Corel\Corel
PaintShop Photo Pro\X3\PSPClassic\Python Libraries\Lib\distutils\command\wininst-8_d.exe".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 21/04/2013 7:03:55 PM | Computer Name = DDub | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Corel\Corel
PaintShop Photo Pro\X3\PSPClassic\Python Libraries\Lib\distutils\command\wininst-8_d.exe".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 22/04/2013 5:38:43 PM | Computer Name = DDub | Source = Application Error | ID = 1000
Description = Faulting application name: FlashUtil64_11_6_602_180_ActiveX.exe, version:
11.6.602.180, time stamp: 0x5130146c Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x00000000000532d0
Faulting
process id: 0xfd4 Faulting application start time: 0x01ce3fa1bc33ea3f Faulting application
path: C:\Windows\System32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe Faulting
module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 007e6e21-ab95-11e2-aa21-002618330986
Error - 22/04/2013 9:51:48 PM | Computer Name = DDub | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Corel\Corel
PaintShop Photo Pro\X3\PSPClassic\Python Libraries\Lib\distutils\command\wininst-8_d.exe".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 23/04/2013 3:46:29 PM | Computer Name = DDub | Source = TabletServicePen | ID = 0
Description =
Error - 24/04/2013 3:59:56 PM | Computer Name = DDub | Source = TabletServicePen | ID = 0
Description =
Error - 25/04/2013 6:54:38 PM | Computer Name = DDub | Source = TabletServicePen | ID = 0
Description =
Error - 28/04/2013 9:12:31 PM | Computer Name = DDub | Source = Application Error | ID = 1000
Description = Faulting application name: avp.exe, version: 13.0.1.4210, time stamp:
0x509157b4 Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp:
0x4ce7b96f Exception code: 0xc0000096 Fault offset: 0x00048665 Faulting process id:
0x80c Faulting application start time: 0x01ce4456b2f32cd6 Faulting application path:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe Faulting
module path: C:\Windows\syswow64\ole32.dll Report Id: dd3e1402-b069-11e2-9334-002618330986
Error - 28/04/2013 9:12:31 PM | Computer Name = DDub | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program Kaspersky Anti-Virus because of this error. Program: Kaspersky
Anti-Virus File: The error value is listed in the Additional Data section. User Action
1.
Open the file again. This situation might be a temporary problem that corrects itself
when the program runs again. 2. If the file still cannot be accessed and - It is on
the network, your network administrator should verify that there is not a problem
with the network and that the server can be contacted. - It is on a removable disk,
for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into
the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK,
click Start, click Run, type CMD, and then click OK. At the command prompt, type
CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from
a backup copy. 5. Determine whether other files on the same disk can be opened.
If not, the disk might be damaged. If it is a hard disk, contact your administrator
or computer hardware vendor for further assistance. Additional Data Error value: 00000000
Disk
type: 0
[ System Events ]
Error - 18/11/2012 3:49:57 PM | Computer Name = DDub | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.
Error - 18/11/2012 3:49:57 PM | Computer Name = DDub | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.
Error - 18/11/2012 7:22:35 PM | Computer Name = DDub | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:21:07 PM on ?18/?11/?2012 was unexpected.
Error - 18/11/2012 7:22:28 PM | Computer Name = DDub | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 18/11/2012 7:22:28 PM | Computer Name = DDub | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 19/11/2012 3:55:59 PM | Computer Name = DDub | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 19/11/2012 3:55:59 PM | Computer Name = DDub | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 20/11/2012 3:04:53 PM | Computer Name = DDub | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 20/11/2012 3:04:53 PM | Computer Name = DDub | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 20/11/2012 3:04:59 PM | Computer Name = DDub | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:24:51 PM on ?19/?11/?2012 was unexpected.
< End of report >
Edited by Leesie, 02 May 2013 - 12:52 AM.