Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Chrome hijacked with search conduit [Solved]


  • This topic is locked This topic is locked

#1
Leesie

Leesie

    Member

  • Member
  • PipPipPip
  • 158 posts
Hello,

I just reopened Chrome a few minutes ago and suddenly it's turning up my homepage to http://search.conduit.com/ and added a entrusted toolbar which looks like its from there too. I tried removing it via my settings on Chrome and it's still there. Running windows 7, latest version of Chrome.

Thanks in advance,
~Lisa

Here's my OTL results

OTL logfile created on: 02/05/2013 12:34:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lisa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 30.45% Memory free
16.00 Gb Paging File | 10.20 Gb Available in Paging File | 63.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 734.33 Gb Total Space | 553.84 Gb Free Space | 75.42% Space Free | Partition Type: NTFS
Drive D: | 673.17 Gb Total Space | 338.26 Gb Free Space | 50.25% Space Free | Partition Type: NTFS
Drive E: | 15.37 Gb Total Space | 3.12 Gb Free Space | 20.30% Space Free | Partition Type: NTFS
Drive F: | 14.20 Gb Total Space | 2.01 Gb Free Space | 14.15% Space Free | Partition Type: NTFS
Drive M: | 1298.30 Gb Total Space | 1240.95 Gb Free Space | 95.58% Space Free | Partition Type: NTFS
Drive N: | 244.14 Gb Total Space | 28.44 Gb Free Space | 11.65% Space Free | Partition Type: NTFS

Computer Name: DDUB | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/01 23:31:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Downloads\OTL.exe
PRC - [2013/04/11 08:28:08 | 002,730,784 | ---- | M] (Conduit) -- C:\Users\Lisa\AppData\Roaming\SearchProtect\bin\cltmng.exe
PRC - [2013/04/11 08:28:08 | 000,093,984 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
PRC - [2013/02/28 18:20:27 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2013/02/28 15:03:38 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Users\Lisa\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/17 22:38:34 | 000,128,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
PRC - [2012/07/13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/11/20 06:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/10/16 18:42:54 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2009/10/16 18:39:32 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2009/10/16 18:37:22 | 001,325,936 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/09/15 18:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2009/09/08 15:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/09 02:57:07 | 000,390,096 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 02:57:06 | 013,130,704 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013/04/09 02:57:05 | 004,050,896 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 02:56:15 | 000,598,480 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 02:56:14 | 000,124,368 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 02:56:13 | 001,606,096 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2012/08/17 22:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/03/04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011/03/04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011/03/04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/10/16 17:59:30 | 001,328,480 | ---- | M] () -- C:\Program Files (x86)\Seagate\DiscWizard\fox.dll
MOD - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe


========== Services (SafeList) ==========

SRV:64bit: - [2010/11/30 14:27:58 | 000,336,824 | ---- | M] (arvato digital services llc) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64)
SRV:64bit: - [2009/10/07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/15 10:13:06 | 000,127,272 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/07/15 10:13:02 | 005,414,184 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/11 08:28:08 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/28 18:20:27 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/16 18:39:50 | 000,606,048 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/09/08 15:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/23 14:04:39 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/04/23 14:04:39 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013/04/23 14:04:39 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012/11/02 16:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/11/01 22:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/10/25 18:40:22 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012/10/25 18:40:22 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/02 16:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/06/19 18:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/13 18:32:57 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/10/13 18:32:57 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2011/10/13 18:32:56 | 000,235,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/10/13 18:32:53 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2011/08/10 16:40:58 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/29 06:31:18 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 13:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/04/30 17:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/04/30 16:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2009/04/30 16:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2008/07/26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/02/16 13:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007/02/15 18:11:26 | 000,012,976 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 7A 30 F2 7A 26 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lisa\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lisa\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/23 14:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/23 14:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/23 14:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/23 14:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/23 14:04:42 | 000,000,000 | ---D | M]

[2012/04/29 17:26:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.condui...2331340300&UM=2
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Logitech Device Detection (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\npLogitechDeviceDetection.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Lisa\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Logitech Device Detection = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\
CHR - Extension: Safe Money = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Content Blocker = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtual Keyboard = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: entrusted = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfbddbdpnahdahmamlolacimfdbeckk\10.15.2.24_0\
CHR - Extension: Gmail = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [SearchProtect] C:\Users\Lisa\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.153.176.1 75.153.176.9 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{589E8FFC-6356-461E-8BEE-2053D34F3B7D}: DhcpNameServer = 75.153.176.1 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6542EECC-8C14-4A15-8DAA-B1036E2E015A}: DhcpNameServer = 75.153.176.1 75.153.176.9 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4851d184-f5fc-11e0-9753-002618330986}\Shell - "" = AutoRun
O33 - MountPoints2\{4851d184-f5fc-11e0-9753-002618330986}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -a
O33 - MountPoints2\{8142e507-0fb4-11e1-a6c7-002618330986}\Shell - "" = AutoRun
O33 - MountPoints2\{8142e507-0fb4-11e1-a6c7-002618330986}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/01 19:37:36 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\sigil-ebook
[2013/05/01 19:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sigil
[2013/05/01 17:46:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/05/01 17:45:56 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\SearchProtect
[2013/05/01 17:45:53 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\CRE
[2013/05/01 17:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigil
[2013/05/01 17:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Sigil
[2013/05/01 17:44:18 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\OpenCandy
[2013/05/01 15:12:59 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{9396040A-B962-49A9-AC48-F2E1BF13B106}
[2013/05/01 03:03:24 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{6BB3B46B-1348-4AF6-98DD-F3305517780B}
[2013/04/30 15:03:11 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{D32760CB-8CFF-43F2-9E75-E134F9B4B167}
[2013/04/29 18:12:42 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{48C6321B-29E0-43AB-8A9A-41F82B25B2CB}
[2013/04/28 15:27:41 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{B2304EA7-DC07-4AD1-B9D8-62EBB4C5AE84}
[2013/04/27 13:08:30 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{BD130947-1D00-4811-9509-D09D44AD40F9}
[2013/04/26 20:33:45 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\vlc
[2013/04/26 20:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/04/26 14:18:47 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{70A3DF65-9CCE-4BEC-AC56-8AE0A3A49A76}
[2013/04/25 16:57:20 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{138FB2BC-CEB6-4A3C-B274-12782718CC27}
[2013/04/24 14:04:08 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{5C3395AC-AB5A-4A63-9880-D52B2309A0A1}
[2013/04/23 13:51:57 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{AE6BF51C-3C0A-4A4C-8D45-473D37D3D6CA}
[2013/04/22 16:02:58 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{455F884C-AFFE-48D7-A1FC-3F4C7CBBEEF3}
[2013/04/22 15:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/04/21 15:19:04 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{6DA64E04-DB38-4E7F-BBE4-C3265D5D4758}
[2013/04/20 14:06:53 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{F00675F0-3ADB-4A61-BD2B-497056FB3145}
[2013/04/19 16:10:43 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{387E13B1-7D9D-44BD-B7CB-AD0A028BA394}
[2013/04/18 14:22:10 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{E6D19B89-DAA1-4FCA-81FA-98253C1B1DBC}
[2013/04/17 16:17:29 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{95650CBC-350A-42E1-85BB-E65E3BE4A29D}
[2013/04/16 16:41:35 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{43275280-AD3E-4E49-8909-1830A289273A}
[2013/04/15 16:21:51 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{347EBF75-9E24-4E3D-BC00-017C1D64C9E4}
[2013/04/14 15:28:27 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{D8BF6617-1A41-4E8B-A075-CD8D33366C5E}
[2013/04/13 17:39:52 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{B854B4F5-54AE-4938-94D9-B074585144CA}
[2013/04/12 19:27:56 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{56F7DB91-D18D-443E-9806-E087CC37ECFF}
[2013/04/09 15:16:33 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{2ED1921A-098D-44F0-8FB3-E1ECC07A1DF5}
[2013/04/07 21:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/04/07 15:25:02 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{07D72DFA-6C73-432E-A864-C02DDD08785B}
[2013/04/06 14:32:40 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{CCD2DCA5-40D3-4BC9-8443-AC5F6638E575}
[2013/04/05 18:10:59 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\Superfood honey and bee pollen- prevent disease, heal, and clear your mind_files
[2013/04/05 15:54:04 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{B3D9F705-A239-45B8-BA64-02FF6DAFD818}
[2013/04/04 14:17:07 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{B67EA3E9-B112-49C0-8852-EE746EB35313}
[2013/04/03 14:38:10 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{F18C6DF9-D5AA-4E89-8E88-5FC8A4F75155}
[2013/04/02 17:03:03 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{2ED9B6A1-41CB-4961-974A-841D2AE25311}
[2011/11/02 19:28:42 | 000,465,264 | ---- | C] (Corel) -- C:\Program Files (x86)\Common Files\AppFramework.dll
[2011/11/02 19:28:42 | 000,332,144 | ---- | C] (Corel) -- C:\Program Files (x86)\Common Files\MediaOrganizer.dll
[2011/11/02 19:28:42 | 000,033,136 | ---- | C] (Corel-V1E) -- C:\Program Files (x86)\Common Files\FlickrProvider.dll

========== Files - Modified Within 30 Days ==========

[2013/05/02 00:11:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3772248215-4264361790-2601894061-1001UA.job
[2013/05/01 19:36:36 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\Sigil.lnk
[2013/05/01 17:46:56 | 000,000,009 | ---- | M] () -- C:\END
[2013/05/01 15:11:36 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/01 15:11:36 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/01 15:04:22 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013/05/01 15:03:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/01 15:02:53 | 2146,836,479 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/27 14:11:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3772248215-4264361790-2601894061-1001Core.job
[2013/04/26 20:33:39 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/24 14:43:38 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/24 14:43:38 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/24 14:43:38 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/23 14:04:39 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/04/23 14:04:39 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2013/04/23 14:04:39 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013/04/23 14:04:38 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/04/12 19:23:38 | 004,905,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/04 19:54:56 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2013/05/01 17:44:35 | 000,000,009 | ---- | C] () -- C:\END
[2013/05/01 17:44:21 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\Sigil.lnk
[2013/04/26 20:33:39 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/12/13 18:20:56 | 000,009,643 | ---- | C] () -- C:\Users\Lisa\A-COBXdCAAA6CT4.jpg
[2012/12/13 18:18:16 | 000,018,982 | ---- | C] () -- C:\Users\Lisa\A-CHV4zCAAAnV-e.jpg
[2012/12/08 17:27:01 | 000,000,132 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/11/01 23:25:26 | 000,017,408 | ---- | C] () -- C:\Users\Lisa\AppData\Local\WebpageIcons.db
[2012/10/31 15:25:58 | 000,505,774 | ---- | C] () -- C:\Users\Lisa\canadianpassportformwithinfo.pdf
[2012/10/31 15:17:28 | 000,488,609 | ---- | C] () -- C:\Users\Lisa\canadianpassportform.pdf
[2012/10/24 23:49:43 | 000,054,578 | ---- | C] () -- C:\Users\Lisa\A6B5RgICAAAjs6C.jpg
[2012/10/23 23:01:59 | 000,021,968 | ---- | C] () -- C:\Users\Lisa\A5adlBfCcAAzzY6.jpg-large
[2012/10/23 22:59:31 | 000,056,730 | ---- | C] () -- C:\Users\Lisa\A5wHnAFCUAArOcn.jpg-large
[2012/10/23 22:59:20 | 000,025,033 | ---- | C] () -- C:\Users\Lisa\A5wIaBBCIAAVLBm.jpg-large
[2012/07/29 03:51:09 | 000,003,584 | ---- | C] () -- C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/19 18:09:21 | 000,000,268 | RH-- | C] () -- C:\ProgramData\grep
[2012/07/19 18:09:21 | 000,000,268 | RH-- | C] () -- C:\Users\Lisa\AppData\Roaming\designjet
[2012/07/19 18:09:21 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2012/07/19 18:09:21 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Abstract
[2012/07/19 18:07:00 | 000,000,268 | RH-- | C] () -- C:\Users\Lisa\AppData\Roaming\Workflows
[2012/07/19 18:07:00 | 000,000,268 | RH-- | C] () -- C:\ProgramData\docInfo
[2012/07/19 18:07:00 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/11/02 19:28:42 | 000,402,800 | ---- | C] () -- C:\Program Files (x86)\Common Files\facebook.dll
[2011/11/02 19:28:42 | 000,148,177 | ---- | C] () -- C:\Program Files (x86)\Common Files\BookViewer.xap
[2011/11/02 19:28:42 | 000,130,416 | ---- | C] () -- C:\Program Files (x86)\Common Files\PluginCommon.dll
[2011/11/02 19:23:12 | 000,645,752 | ---- | C] () -- C:\Users\Lisa\DSCN6696.JPG
[2011/10/30 17:37:06 | 000,786,504 | ---- | C] () -- C:\Windows\SysWow64\CNQ9602N.DAT
[2011/10/30 17:37:06 | 000,296,064 | ---- | C] () -- C:\Windows\SysWow64\CNQ9602W.DAT
[2011/10/13 18:14:24 | 000,000,367 | ---- | C] () -- C:\Users\Lisa\pdf.gif
[2011/10/13 15:34:10 | 000,221,279 | ---- | C] () -- C:\Users\Lisa\1467859115.pdf
[2011/10/13 15:23:48 | 000,460,291 | ---- | C] () -- C:\Users\Lisa\1468308454.pdf
[2011/10/10 12:45:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/27 00:24:35 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Auslogics
[2013/02/28 18:11:07 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\calibre
[2011/10/30 17:37:47 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Canon
[2012/12/16 00:03:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\com.masque.slots.IGTSlotsLilLady
[2012/08/26 15:54:50 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\GlarySoft
[2012/02/23 16:12:49 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\IMVU
[2012/02/09 00:11:29 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\IMVUClient
[2012/01/18 23:53:07 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Leadertech
[2012/12/16 18:18:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Masque
[2012/11/07 13:40:53 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Nikon
[2013/05/01 17:44:22 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\OpenCandy
[2011/10/12 13:29:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\OpenOffice.org
[2013/05/01 17:51:49 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\SearchProtect
[2011/10/17 12:28:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/10/18 22:21:17 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WinBatch
[2011/10/10 22:05:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Windows Live Writer
[2011/11/24 17:46:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WTouch

========== Purity Check ==========



< End of report >


Extras:

OTL Extras logfile created on: 02/05/2013 12:34:11 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lisa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 30.45% Memory free
16.00 Gb Paging File | 10.20 Gb Available in Paging File | 63.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 734.33 Gb Total Space | 553.84 Gb Free Space | 75.42% Space Free | Partition Type: NTFS
Drive D: | 673.17 Gb Total Space | 338.26 Gb Free Space | 50.25% Space Free | Partition Type: NTFS
Drive E: | 15.37 Gb Total Space | 3.12 Gb Free Space | 20.30% Space Free | Partition Type: NTFS
Drive F: | 14.20 Gb Total Space | 2.01 Gb Free Space | 14.15% Space Free | Partition Type: NTFS
Drive M: | 1298.30 Gb Total Space | 1240.95 Gb Free Space | 95.58% Space Free | Partition Type: NTFS
Drive N: | 244.14 Gb Total Space | 28.44 Gb Free Space | 11.65% Space Free | Partition Type: NTFS

Computer Name: DDUB | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.txt[@ = SigilTXT] -- C:\Program Files\Sigil\Sigil.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.txt [@ = SigilTXT] -- C:\Program Files\Sigil\Sigil.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = SigilHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with Corel PaintShop Photo Pro X3] -- "C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Zazzle] -- "C:\Program Files (x86)\Zazzle\Uploader\Uploader.exe" "%1" (Zazzle.com, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with Corel PaintShop Photo Pro X3] -- "C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Zazzle] -- "C:\Program Files (x86)\Zazzle\Uploader\Uploader.exe" "%1" (Zazzle.com, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0570EC39-0510-4CA4-8A0C-2661B7AE5051}" = rport=137 | protocol=17 | dir=out | app=system |
"{0CC112EC-C53A-4708-9A2B-4160E1838EA1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2289BB1D-313E-45F0-847D-8DEF8B56B121}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22ABE97E-E78F-4AEC-9C02-E5E5CFB9EF37}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{34E2666F-7E05-4F01-A9AE-E2C794EFCAD9}" = rport=139 | protocol=6 | dir=out | app=system |
"{3DC8D420-70A7-4D5A-90F4-D061945BD09B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{52C1589F-4917-4AF3-ADB9-6BC3725D94BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6435C85F-6254-4B42-A039-7C383654E23F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{64F2B3BB-35EC-468F-9663-3967C22C5229}" = rport=138 | protocol=17 | dir=out | app=system |
"{655E68EE-572A-46F2-B454-B1EAD080DE22}" = lport=445 | protocol=6 | dir=in | app=system |
"{6E77B5AF-233D-48E4-A478-DCCB7AC3A622}" = rport=445 | protocol=6 | dir=out | app=system |
"{7AE460D9-2E86-47C4-9110-FEF322821070}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7D3BD178-D82E-4052-A85A-C8A989AE911E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{82E3DB83-4D05-47D4-83EB-1710A3D32545}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{839FCEBF-1728-419A-808F-63D67184C005}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{91B70E45-6DFC-4130-982C-A1EFC117E6D8}" = lport=138 | protocol=17 | dir=in | app=system |
"{ADCDD598-C749-495C-81FF-1250D248969B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDAEDF04-F236-47B8-9843-6163F7F7CD69}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BF0B9A8A-81CA-4D50-9D84-8A73B6221462}" = lport=137 | protocol=17 | dir=in | app=system |
"{C59AA927-384D-4E20-AFF1-4C6490732CBD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5C32B2C-CED9-439A-8165-AD226EE05369}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CC84EE5A-3F1B-4CE2-9060-453E42597308}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D268D557-3F4E-4F79-987B-42E77C26B6FA}" = lport=139 | protocol=6 | dir=in | app=system |
"{DA155293-DCBD-41BD-978C-2B09E7574C18}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E6323BEA-CCD0-4BD8-805E-CE1B96CAC0D2}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FE81B12-3C66-461E-88DF-C7BA94E5CA09}" = protocol=58 | dir=out | [email protected],-28546 |
"{1077B0CA-4D72-42CB-8CF9-D05B20CE0CFB}" = protocol=58 | dir=out | [email protected],-503 |
"{11DAA599-9690-4101-9028-1AF61E4755D4}" = protocol=6 | dir=out | app=system |
"{1406AD5B-3381-4AD7-BBCA-13229AA80A23}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
"{15EC1009-8608-4BD8-B5A1-80746E5B2FD1}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{1DE5A81E-5650-4BE7-9D42-5353A4D3E259}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2F70E810-65DA-4D81-ADB7-9DF1F8539ECA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{339E7D2B-BCF2-4709-85D1-101C27675E7B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{35A0A572-2F97-4BEA-83C6-CF891867CF9F}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{394FC2E5-D7E6-4C97-A36F-87DCB0C4EBB0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{46A6D497-9BF9-4065-A589-2B01AB967AC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46F684A2-9542-4B61-A766-F8D88644DAB4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4EE0B81F-FB40-4089-9154-FE1F9818FD6B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{54DBBBBF-F983-4C72-8D00-41D823359CF1}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{55A6498F-CEC9-4CBC-861A-851AE72E7DC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5733E483-675A-44F6-9061-05DFEB59AE4E}" = protocol=1 | dir=out | [email protected],-28544 |
"{5D10346C-4322-49A4-AF68-AFD83D2AF0B0}" = protocol=58 | dir=in | [email protected],-28545 |
"{62BB56DA-342C-4F0B-B9E2-C41C3E19F11A}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{699231A7-49C0-4AF3-857E-A016B5AC492B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6BBB9655-B935-4EE0-A0F3-F15076D553C6}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
"{762FFA46-89E2-4F67-AA81-141A541659A2}" = protocol=58 | dir=in | app=system |
"{7AE7C093-BFB4-4173-AB69-8A9600CC294B}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe |
"{7D30673A-0266-4D60-AF18-530600AE7EEE}" = protocol=1 | dir=in | [email protected],-28543 |
"{8A798043-B40B-4C43-8186-91FC75715A59}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe |
"{932AD970-D3C9-459B-99F4-50C8B86E66EF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A83ACDDC-E217-4D3D-A8D9-0E140EA91488}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE78E125-75BB-41B5-A35F-1282AA75B4BD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe |
"{B7A91E57-B2BD-4255-8AEC-B0D3094D0E3E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CAFB323D-F8F6-49DE-B62F-BC66EB66BC70}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CB164CB3-32B1-4415-9D6B-5C37E0A4711A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D57A4BC8-86A9-44AF-A10D-CF75C99A5EA8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D9C16F25-4C65-46F7-A800-E7C646CC74C3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E494F919-FD87-4BEF-9395-2082F997DF6B}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe |
"{E706C0C5-BCB3-4B9C-9BB0-1FE9B63FD995}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe |
"{EA2EF4CA-70A1-4933-91E5-B1B3DD6AFC6E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA66B43B-063A-46B5-908D-1C268A4FB706}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FBBD7D23-CE87-4959-BF2D-EF86157FF23C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{08A8CCEA-36DC-4634-AAAA-79463D644C0E}" = Corel Painter 12
"_{8598F31E-B7DC-49BE-ACD6-1AF7F2E5EDD4}" = Corel Painter 12 - Extra Content
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{08A8CCEA-36DC-4634-AAAA-79463D644C0E}" = Painter 12 - Setup Files
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9602" = CanoScan 9000F Scanner Driver
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1BF97502-21C5-429B-9B5B-8F560BE91348}" = Corel Painter 12 - IPM
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{42CD49CD-4B05-4A2D-8FD1-E37CC9315FA5}" = Painter 12 - Core
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E82E2E9-668B-4F8A-814A-78E163FCDBCD}" = IconHandler 64 bit
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690C091A-E12C-469E-91C0-7BECCD698187}" = Painter 12 - Corex64
"{77013803-5BA9-4C8A-BFC4-99AE7151C4B7}" = Painter 12 - EN
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8598F31E-B7DC-49BE-ACD6-1AF7F2E5EDD4}" = Corel Painter 12 - Extra Content
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97759DE4-0A6A-4ACF-A511-4DA791BEAA1A}" = Painter 12 - Content
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Recuva" = Recuva
"Sigil_is1" = Sigil 0.4.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{707EB912-C597-49D8-9460-46CC9AB03EBE}" = Corel Painter Photo Essentials 4
"_{9C9078D1-FA30-4E1B-A194-983A4898F848}" = Corel KPT Collection
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"{016DD24A-480B-4B54-997C-1207CE1BB2EE}" = Masque IGT Slots Lil' Lady
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media
"{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)
"{0DBC021C-95D9-435A-A4B0-E6515AFD1A71}" = Nero Prerequisite Installer 2.0
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1943C3BD-4462-4612-92C3-D36DD917C447}" = Nero Recode
"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)
"{29F67D84-3A70-456E-806A-52301B02070B}" = Nero Effects Basic
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3FCC9F13-F01B-4D81-8919-ED9D8DB457E5}" = calibre
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{533B3480-EAB6-44DD-B2E4-715E958210E0}" = TweetDeck
"{554E1FFC-BDD3-4268-8C05-18C5AF257E61}" = Masque IGT Slots Texas Tea
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{560FC78C-A4B2-461D-9B47-820C1EEF87B8}" = Nero 12
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CF89090-ACF6-49B0-AB3A-85F3344497DF}" = Masque IGT Slots Little Green Men
"{707EB912-C597-49D8-9460-46CC9AB03EBE}" = Corel Painter Photo Essentials 4
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{828175FA-7307-4DBF-95AD-9CEE086B6F45}" = Welcome App (Start-up experience)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FCCFCD-46E3-43FB-A397-78BFD5A8980A}" = Nero Video
"{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express
"{86847081-B387-4F49-AED1-C9B0A090D66C}" = Nero Recode Help (CHM)
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0137-0409-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9078D1-FA30-4E1B-A194-983A4898F848}" = Corel KPT Collection
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7765932-77D6-E0B2-1B27-E2973B5E1BD5}" = TweetDeck
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{ACE49D50-19CD-44A6-B192-46F985283B26}" = Nero PiP Effects Basic
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B128179D-A5E1-43AC-9422-12A109ECD2A0}" = Nero Video Help (CHM)
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B953732D-B623-4E84-B369-CFFF7B1AE06F}" = Nero RescueAgent
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}" = Nero BackItUp
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}" = Nero Disc Menus Basic
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EC8D64E0-DC6A-4E30-8491-0B6CAB34E339}_is1" = INCENDIA 1.5
"{ED8EF3C2-FA5B-4A1E-950D-5A0227161F97}" = ArcSoft PhotoStudio 6
"{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cisco Connect" = Cisco Connect
"Glary Utilities_is1" = Glary Utilities 2.48.0.1568
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Logitech Vid" = Logitech Vid HD
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"NirSoft VideoCacheView" = NirSoft VideoCacheView
"Pen Tablet Driver" = Bamboo
"SearchProtect" = Search Protect by conduit
"Sigil_is1" = Sigil 0.7.2
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"ZazzleUploader" = Zazzle Uploader

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"KindlePreviewer" = Kindle Previewer

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 19/04/2013 6:08:49 PM | Computer Name = DDub | Source = TabletServicePen | ID = 0
Description =

Error - 19/04/2013 11:53:22 PM | Computer Name = DDub | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Corel\Corel
PaintShop Photo Pro\X3\PSPClassic\Python Libraries\Lib\distutils\command\wininst-8_d.exe".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 21/04/2013 7:03:55 PM | Computer Name = DDub | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Corel\Corel
PaintShop Photo Pro\X3\PSPClassic\Python Libraries\Lib\distutils\command\wininst-8_d.exe".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 22/04/2013 5:38:43 PM | Computer Name = DDub | Source = Application Error | ID = 1000
Description = Faulting application name: FlashUtil64_11_6_602_180_ActiveX.exe, version:
11.6.602.180, time stamp: 0x5130146c Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x00000000000532d0
Faulting
process id: 0xfd4 Faulting application start time: 0x01ce3fa1bc33ea3f Faulting application
path: C:\Windows\System32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe Faulting
module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 007e6e21-ab95-11e2-aa21-002618330986

Error - 22/04/2013 9:51:48 PM | Computer Name = DDub | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Corel\Corel
PaintShop Photo Pro\X3\PSPClassic\Python Libraries\Lib\distutils\command\wininst-8_d.exe".
Dependent
Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 23/04/2013 3:46:29 PM | Computer Name = DDub | Source = TabletServicePen | ID = 0
Description =

Error - 24/04/2013 3:59:56 PM | Computer Name = DDub | Source = TabletServicePen | ID = 0
Description =

Error - 25/04/2013 6:54:38 PM | Computer Name = DDub | Source = TabletServicePen | ID = 0
Description =

Error - 28/04/2013 9:12:31 PM | Computer Name = DDub | Source = Application Error | ID = 1000
Description = Faulting application name: avp.exe, version: 13.0.1.4210, time stamp:
0x509157b4 Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp:
0x4ce7b96f Exception code: 0xc0000096 Fault offset: 0x00048665 Faulting process id:
0x80c Faulting application start time: 0x01ce4456b2f32cd6 Faulting application path:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe Faulting
module path: C:\Windows\syswow64\ole32.dll Report Id: dd3e1402-b069-11e2-9334-002618330986

Error - 28/04/2013 9:12:31 PM | Computer Name = DDub | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program Kaspersky Anti-Virus because of this error. Program: Kaspersky
Anti-Virus File: The error value is listed in the Additional Data section. User Action
1.
Open the file again. This situation might be a temporary problem that corrects itself
when the program runs again. 2. If the file still cannot be accessed and - It is on
the network, your network administrator should verify that there is not a problem
with the network and that the server can be contacted. - It is on a removable disk,
for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into
the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK,
click Start, click Run, type CMD, and then click OK. At the command prompt, type
CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from
a backup copy. 5. Determine whether other files on the same disk can be opened.
If not, the disk might be damaged. If it is a hard disk, contact your administrator
or computer hardware vendor for further assistance. Additional Data Error value: 00000000
Disk
type: 0

[ System Events ]
Error - 18/11/2012 3:49:57 PM | Computer Name = DDub | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 18/11/2012 3:49:57 PM | Computer Name = DDub | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 18/11/2012 7:22:35 PM | Computer Name = DDub | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:21:07 PM on ?18/?11/?2012 was unexpected.

Error - 18/11/2012 7:22:28 PM | Computer Name = DDub | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 18/11/2012 7:22:28 PM | Computer Name = DDub | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 19/11/2012 3:55:59 PM | Computer Name = DDub | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 19/11/2012 3:55:59 PM | Computer Name = DDub | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 20/11/2012 3:04:53 PM | Computer Name = DDub | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 20/11/2012 3:04:53 PM | Computer Name = DDub | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 20/11/2012 3:04:59 PM | Computer Name = DDub | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:24:51 PM on ?19/?11/?2012 was unexpected.


< End of report >

Edited by Leesie, 02 May 2013 - 12:52 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets me know if this works

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
SRV - [2013/04/11 08:28:08 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [SearchProtect] C:\Users\Lisa\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
[2013/05/01 17:46:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/05/01 17:45:56 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\SearchProtect
[2013/05/01 17:44:22 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\OpenCandy

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#3
Leesie

Leesie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 158 posts
Hi Essexboy,

Just got your reply now, thanks so much for your help. Ran OTL and did the reboot, here's the scan. I'll do the Adwcleaner and post that next.

OTL logfile created on: 03/05/2013 6:23:48 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lisa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 5.99 Gb Available Physical Memory | 74.82% Memory free
16.00 Gb Paging File | 13.79 Gb Available in Paging File | 86.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 734.33 Gb Total Space | 550.65 Gb Free Space | 74.99% Space Free | Partition Type: NTFS
Drive D: | 673.17 Gb Total Space | 337.40 Gb Free Space | 50.12% Space Free | Partition Type: NTFS
Drive E: | 15.37 Gb Total Space | 3.12 Gb Free Space | 20.30% Space Free | Partition Type: NTFS
Drive F: | 14.20 Gb Total Space | 2.01 Gb Free Space | 14.15% Space Free | Partition Type: NTFS
Drive M: | 1298.30 Gb Total Space | 1240.95 Gb Free Space | 95.58% Space Free | Partition Type: NTFS
Drive N: | 244.14 Gb Total Space | 28.13 Gb Free Space | 11.52% Space Free | Partition Type: NTFS

Computer Name: DDUB | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/01 23:31:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Downloads\OTL.exe
PRC - [2013/02/28 18:20:27 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2013/02/28 15:03:38 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Users\Lisa\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/17 22:38:34 | 000,128,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
PRC - [2012/07/13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/10/16 18:42:54 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2009/10/16 18:39:32 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2009/10/16 18:37:22 | 001,325,936 | ---- | M] (Seagate) -- C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/09/15 18:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2009/09/08 15:12:51 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/09 02:57:07 | 000,390,096 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 02:57:05 | 004,050,896 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 02:56:15 | 000,598,480 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 02:56:14 | 000,124,368 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 02:56:13 | 001,606,096 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2012/08/17 22:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2011/03/04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011/03/04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011/03/04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/10/16 17:59:30 | 001,328,480 | ---- | M] () -- C:\Program Files (x86)\Seagate\DiscWizard\fox.dll
MOD - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe


========== Services (SafeList) ==========

SRV:64bit: - [2010/11/30 14:27:58 | 000,336,824 | ---- | M] (arvato digital services llc) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64)
SRV:64bit: - [2009/10/07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/15 10:13:06 | 000,127,272 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/07/15 10:13:02 | 005,414,184 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/28 18:20:27 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/11/20 06:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/16 18:39:50 | 000,606,048 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/09/08 15:12:51 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/23 14:04:39 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/04/23 14:04:39 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013/04/23 14:04:39 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012/11/02 16:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/11/01 22:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/10/25 18:40:22 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012/10/25 18:40:22 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/02 16:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/06/19 18:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/13 18:32:57 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/10/13 18:32:57 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2011/10/13 18:32:56 | 000,235,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/10/13 18:32:53 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2011/08/10 16:40:58 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/29 06:31:18 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 13:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/04/30 17:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/04/30 16:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2009/04/30 16:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2008/07/26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/02/16 13:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007/02/15 18:11:26 | 000,012,976 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 7A 30 F2 7A 26 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lisa\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lisa\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/23 14:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/23 14:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/23 14:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/23 14:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/04/23 14:04:42 | 000,000,000 | ---D | M]

[2012/04/29 17:26:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.condui...2331340300&UM=2
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Logitech Device Detection (Enabled) = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\npLogitechDeviceDetection.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Lisa\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Logitech Device Detection = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\
CHR - Extension: Safe Money = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Content Blocker = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtual Keyboard = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: Gmail = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

O1 HOSTS File: ([2013/05/03 18:16:15 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\QFSCHD160.EXE (Corel Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLauncher.hta ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLauncher.hta ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.153.176.1 75.153.176.9 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{589E8FFC-6356-461E-8BEE-2053D34F3B7D}: DhcpNameServer = 75.153.176.1 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6542EECC-8C14-4A15-8DAA-B1036E2E015A}: DhcpNameServer = 75.153.176.1 75.153.176.9 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4851d184-f5fc-11e0-9753-002618330986}\Shell - "" = AutoRun
O33 - MountPoints2\{4851d184-f5fc-11e0-9753-002618330986}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -a
O33 - MountPoints2\{8142e507-0fb4-11e1-a6c7-002618330986}\Shell - "" = AutoRun
O33 - MountPoints2\{8142e507-0fb4-11e1-a6c7-002618330986}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/03 18:16:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/03 12:23:28 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{8E482C9B-E26E-4262-BBB9-342632CAEAD6}
[2013/05/02 21:38:55 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\webkit
[2013/05/02 20:41:03 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Amazon
[2013/05/02 20:40:17 | 000,000,000 | ---D | C] -- C:\Users\Lisa\.kindle
[2013/05/02 18:36:05 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\Corel User Files
[2013/05/02 18:28:46 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\Working Files
[2013/05/02 18:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2013/05/02 18:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis
[2013/05/02 18:25:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\WordPerfect Office
[2013/05/02 18:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordPerfect Office X6
[2013/05/02 18:24:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Borland Shared
[2013/05/02 18:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Borland
[2013/05/02 18:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\WordPerfect Office X6
[2013/05/02 15:19:59 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Malwarebytes
[2013/05/02 15:19:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/02 15:19:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/02 15:19:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/05/02 15:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/05/02 14:32:23 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{E553339D-03D3-462E-A4A3-6CEB1F29FB29}
[2013/05/01 19:37:36 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\sigil-ebook
[2013/05/01 19:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sigil
[2013/05/01 17:45:53 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\CRE
[2013/05/01 17:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sigil
[2013/05/01 17:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Sigil
[2013/05/01 15:12:59 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{9396040A-B962-49A9-AC48-F2E1BF13B106}
[2013/05/01 03:03:24 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{6BB3B46B-1348-4AF6-98DD-F3305517780B}
[2013/04/30 15:03:11 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{D32760CB-8CFF-43F2-9E75-E134F9B4B167}
[2013/04/29 18:12:42 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{48C6321B-29E0-43AB-8A9A-41F82B25B2CB}
[2013/04/28 15:27:41 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{B2304EA7-DC07-4AD1-B9D8-62EBB4C5AE84}
[2013/04/27 13:08:30 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{BD130947-1D00-4811-9509-D09D44AD40F9}
[2013/04/26 20:33:45 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\vlc
[2013/04/26 20:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/04/26 14:18:47 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{70A3DF65-9CCE-4BEC-AC56-8AE0A3A49A76}
[2013/04/25 16:57:20 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{138FB2BC-CEB6-4A3C-B274-12782718CC27}
[2013/04/24 14:04:08 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{5C3395AC-AB5A-4A63-9880-D52B2309A0A1}
[2013/04/23 13:51:57 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{AE6BF51C-3C0A-4A4C-8D45-473D37D3D6CA}
[2013/04/22 16:02:58 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{455F884C-AFFE-48D7-A1FC-3F4C7CBBEEF3}
[2013/04/22 15:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/04/21 15:19:04 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{6DA64E04-DB38-4E7F-BBE4-C3265D5D4758}
[2013/04/20 14:06:53 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{F00675F0-3ADB-4A61-BD2B-497056FB3145}
[2013/04/19 16:10:43 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{387E13B1-7D9D-44BD-B7CB-AD0A028BA394}
[2013/04/18 14:22:10 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{E6D19B89-DAA1-4FCA-81FA-98253C1B1DBC}
[2013/04/17 16:17:29 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{95650CBC-350A-42E1-85BB-E65E3BE4A29D}
[2013/04/16 16:41:35 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{43275280-AD3E-4E49-8909-1830A289273A}
[2013/04/15 16:21:51 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{347EBF75-9E24-4E3D-BC00-017C1D64C9E4}
[2013/04/14 15:28:27 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{D8BF6617-1A41-4E8B-A075-CD8D33366C5E}
[2013/04/13 17:39:52 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{B854B4F5-54AE-4938-94D9-B074585144CA}
[2013/04/12 19:27:56 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{56F7DB91-D18D-443E-9806-E087CC37ECFF}
[2013/04/09 15:16:33 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{2ED1921A-098D-44F0-8FB3-E1ECC07A1DF5}
[2013/04/07 21:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/04/07 15:25:02 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{07D72DFA-6C73-432E-A864-C02DDD08785B}
[2013/04/06 14:32:40 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{CCD2DCA5-40D3-4BC9-8443-AC5F6638E575}
[2013/04/05 18:10:59 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\Superfood honey and bee pollen- prevent disease, heal, and clear your mind_files
[2013/04/05 15:54:04 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{B3D9F705-A239-45B8-BA64-02FF6DAFD818}
[2013/04/04 14:17:07 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\{B67EA3E9-B112-49C0-8852-EE746EB35313}
[2011/11/02 19:28:42 | 000,465,264 | ---- | C] (Corel) -- C:\Program Files (x86)\Common Files\AppFramework.dll
[2011/11/02 19:28:42 | 000,332,144 | ---- | C] (Corel) -- C:\Program Files (x86)\Common Files\MediaOrganizer.dll
[2011/11/02 19:28:42 | 000,033,136 | ---- | C] (Corel-V1E) -- C:\Program Files (x86)\Common Files\FlickrProvider.dll

========== Files - Modified Within 30 Days ==========

[2013/05/03 18:28:42 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/03 18:28:42 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/03 18:21:35 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013/05/03 18:21:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/03 18:21:11 | 2146,836,479 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/03 18:16:15 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/05/03 18:11:04 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3772248215-4264361790-2601894061-1001UA.job
[2013/05/03 14:11:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3772248215-4264361790-2601894061-1001Core.job
[2013/05/03 13:27:41 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/05/03 12:13:05 | 004,922,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/02 18:26:30 | 000,002,380 | ---- | M] () -- C:\Users\Public\Desktop\WordPerfect X6.lnk
[2013/05/02 18:26:02 | 000,002,911 | ---- | M] () -- C:\Users\Public\Desktop\WordPerfect Lightning.lnk
[2013/05/02 18:25:56 | 000,002,444 | ---- | M] () -- C:\Users\Public\Desktop\Presentations X6.lnk
[2013/05/02 18:25:38 | 000,002,410 | ---- | M] () -- C:\Users\Public\Desktop\Quattro Pro X6.lnk
[2013/05/02 15:19:42 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/01 19:36:36 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\Sigil.lnk
[2013/05/01 17:46:56 | 000,000,009 | ---- | M] () -- C:\END
[2013/04/26 20:33:39 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/24 14:43:38 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/24 14:43:38 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/24 14:43:38 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/23 14:04:39 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/04/23 14:04:39 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2013/04/23 14:04:39 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013/04/23 14:04:38 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/04/04 19:54:56 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2013/05/02 18:26:50 | 000,002,911 | ---- | C] () -- C:\Users\Public\Desktop\WordPerfect Lightning.lnk
[2013/05/02 18:26:50 | 000,002,444 | ---- | C] () -- C:\Users\Public\Desktop\Presentations X6.lnk
[2013/05/02 18:26:50 | 000,002,410 | ---- | C] () -- C:\Users\Public\Desktop\Quattro Pro X6.lnk
[2013/05/02 18:26:50 | 000,002,380 | ---- | C] () -- C:\Users\Public\Desktop\WordPerfect X6.lnk
[2013/05/02 15:19:42 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/01 17:44:35 | 000,000,009 | ---- | C] () -- C:\END
[2013/05/01 17:44:21 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\Sigil.lnk
[2013/04/26 20:33:39 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/12/13 18:20:56 | 000,009,643 | ---- | C] () -- C:\Users\Lisa\A-COBXdCAAA6CT4.jpg
[2012/12/13 18:18:16 | 000,018,982 | ---- | C] () -- C:\Users\Lisa\A-CHV4zCAAAnV-e.jpg
[2012/12/08 17:27:01 | 000,000,132 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/11/01 23:25:26 | 000,017,408 | ---- | C] () -- C:\Users\Lisa\AppData\Local\WebpageIcons.db
[2012/10/31 15:25:58 | 000,505,774 | ---- | C] () -- C:\Users\Lisa\canadianpassportformwithinfo.pdf
[2012/10/31 15:17:28 | 000,488,609 | ---- | C] () -- C:\Users\Lisa\canadianpassportform.pdf
[2012/10/24 23:49:43 | 000,054,578 | ---- | C] () -- C:\Users\Lisa\A6B5RgICAAAjs6C.jpg
[2012/10/23 23:01:59 | 000,021,968 | ---- | C] () -- C:\Users\Lisa\A5adlBfCcAAzzY6.jpg-large
[2012/10/23 22:59:31 | 000,056,730 | ---- | C] () -- C:\Users\Lisa\A5wHnAFCUAArOcn.jpg-large
[2012/10/23 22:59:20 | 000,025,033 | ---- | C] () -- C:\Users\Lisa\A5wIaBBCIAAVLBm.jpg-large
[2012/07/29 03:51:09 | 000,003,584 | ---- | C] () -- C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/19 18:09:21 | 000,000,268 | RH-- | C] () -- C:\ProgramData\grep
[2012/07/19 18:09:21 | 000,000,268 | RH-- | C] () -- C:\Users\Lisa\AppData\Roaming\designjet
[2012/07/19 18:09:21 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2012/07/19 18:09:21 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Abstract
[2012/07/19 18:07:00 | 000,000,268 | RH-- | C] () -- C:\Users\Lisa\AppData\Roaming\Workflows
[2012/07/19 18:07:00 | 000,000,268 | RH-- | C] () -- C:\ProgramData\docInfo
[2012/07/19 18:07:00 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/11/02 19:28:42 | 000,402,800 | ---- | C] () -- C:\Program Files (x86)\Common Files\facebook.dll
[2011/11/02 19:28:42 | 000,148,177 | ---- | C] () -- C:\Program Files (x86)\Common Files\BookViewer.xap
[2011/11/02 19:28:42 | 000,130,416 | ---- | C] () -- C:\Program Files (x86)\Common Files\PluginCommon.dll
[2011/11/02 19:23:12 | 000,645,752 | ---- | C] () -- C:\Users\Lisa\DSCN6696.JPG
[2011/10/30 17:37:06 | 000,786,504 | ---- | C] () -- C:\Windows\SysWow64\CNQ9602N.DAT
[2011/10/30 17:37:06 | 000,296,064 | ---- | C] () -- C:\Windows\SysWow64\CNQ9602W.DAT
[2011/10/13 18:14:24 | 000,000,367 | ---- | C] () -- C:\Users\Lisa\pdf.gif
[2011/10/13 15:34:10 | 000,221,279 | ---- | C] () -- C:\Users\Lisa\1467859115.pdf
[2011/10/13 15:23:48 | 000,460,291 | ---- | C] () -- C:\Users\Lisa\1468308454.pdf
[2011/10/10 12:45:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/02 20:41:03 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Amazon
[2012/08/27 00:24:35 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Auslogics
[2013/02/28 18:11:07 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\calibre
[2011/10/30 17:37:47 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Canon
[2012/12/16 00:03:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\com.masque.slots.IGTSlotsLilLady
[2012/08/26 15:54:50 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\GlarySoft
[2012/02/23 16:12:49 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\IMVU
[2012/02/09 00:11:29 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\IMVUClient
[2012/01/18 23:53:07 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Leadertech
[2012/12/16 18:18:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Masque
[2012/11/07 13:40:53 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Nikon
[2011/10/12 13:29:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\OpenOffice.org
[2011/10/17 12:28:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/10/18 22:21:17 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WinBatch
[2011/10/10 22:05:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Windows Live Writer
[2011/11/24 17:46:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WTouch

========== Purity Check ==========



< End of report >
  • 0

#4
Leesie

Leesie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 158 posts
adwcleaner log:

# AdwCleaner v2.300 - Logfile created 05/03/2013 at 18:46:01 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Lisa - DDUB # Boot Mode : Normal # Running from : C:\Users\Lisa\Downloads\adwcleaner.exe # Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\END File Deleted : C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage File Deleted : C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal Folder Deleted : C:\Users\Lisa\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\SearchProtect Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\Software\SearchProtect Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\x8d51eyl.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2409] : homepage = "hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN21744252331340300&UM[...]

*************************

AdwCleaner[S1].txt - [1795 octets] - [03/05/2013 18:46:01]

########## EOF - C:\AdwCleaner[S1].txt - [1855 octets] ##########
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer now ?
  • 0

#6
Leesie

Leesie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 158 posts
Seems okay, both the toolbar and the homepage it added is gone.
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run AdwCleaner and press Uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
Posted Image

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#8
Leesie

Leesie

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 158 posts
Thanks so much for all your help! So appreciated :) Removed adwcleaner, otl and its deleting the restore points now.
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP