Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple Computer Issues, Working On Safe Mode & Even Then! :(


  • Please log in to reply

#1
ThanksGeeksForHelping

ThanksGeeksForHelping

    Member

  • Member
  • PipPip
  • 36 posts
My computer is currently in safe mode with networking. I am currently typing this on the computer in question. I have a tablet & a kindle so I can access this without my desk top if need be. I will try to make this short. But this will be long. Before I start I want to say Thank You So Very Much to the Geeks To Go community and most especially to the person(s) who help me out. Let's begin!

First of all, I have an old computer. It's an HP Pavilion a6530f PC. I hope I got it right. It operates on Vista Home Premium Edition 64 bit edition with service pack 1. It has an AMD Phenom X3, 8450 Tripple-Core processor. It has 4096 MB system memory. If you need more information I can look on the tower. It's got more information on it if you need more in a later post.

For the past few years it's had multiple issues with ranging from the microsoft security essentials wouldn't turn on to the screen freezing to the mouse and keyboard not working just to name a few. But I'll talk about the main one that's been troubling us lately. Our computer has been having multiple blue screen issues for a while now. And when I say a while, I'm talking months. For the past few months I've been having a blue screen issue per week at least. I had a hand full of blue screen issues for the past few years, however, I was able to just restart the computer often in safe mode, and then restarting it and everything would be okay. So a few months ago, my computer had a blue screen and then I shut the computer down as I've always done by pressing the power button. And then I restarted the computer and that's when it started to take over an hour just to get it going. Sometimes it would stall at a black screen and white arrow for an hour or so.

I use tunnelbear VPN so I can view geo-blocked videos. Two weeks ago tunnelbear had a malfunction as the VPN wasn't where it said it was. Perhaps because we've kept it on at the time. So we tried closing tunnelbear and it wouldn't close. My roommate suggested we re-start the computer. Sadly, we didn't think to go to task manager to close it. But we restarted the computer and it was too late. After restarting the computer it took two hours to start. And it was stuck on a black screen and white arrow for a long time. And then our microsoft security essentials wouldn't turn on and the network icon wasn't showing a globe to show we were connected. We opened up a browser and we weren't connected.

I thought I'd restart the computer in safe mode and do a system restore. It worked but every time we'd restart the computer we'd have the same problem. That problem being microsoft security essentials wouldn't turn on and the network icon wasn't showing a globe to show we were connected and we'd open up a browser and we weren't. But sometimes even when the globe didn't show up on the icon and you'd have two computers with an "X" we'd open a browser and then we'd be connected. But then last night it seems windows did an update that required a reboot. And zero internet connection. Then I re-started the computer in safe mode and went to system restore and the network icon problem happened but we were connected to the internet because I'd open a browser. Microsoft security essentials was on. Let me add that every time we'd restart the computer tunnelbear would open automatically. But when we'd close tunnelbear we'd lose internet or the computer wouldn't work at all.

So I've been trying to fix this all day to no avail. I've started the computer in safe mode with networking. I've downloaded OTL it works but then when it does the scan it stops at some point and it becomes unresponsive. I've also downloaded malware bites and ran it but at some point it stops and becomes unresponsive. I don't know what to do. I have limited resources in that I only have my tablet, kindle and phone outside of this computer. What should I do to get you those logs.

But earlier I did some googling and found a potential fix, but that didn't work. That fix I found was to do a sfc/scannow in cmd mode or something like that. It created a CBS log. I've attached the CBS log to this because I copied and pasted it and it said it was too long. I don't know if it will be helpful. But I've attached it just in case.

I really don't know what to do. And I don't know if my computer will be working fine in safe mode. It's unstable and it might freeze or delay or the screen might go black. Hopefully it will be okay in safe mode. Thanks in advance. Also please pretend I am totally technologically ignorant. I need the most detailed step by step instructions as possible. And possibly explanations of what it is we're doing too. I just want to be safe.

Again, we don't have another computer, we don't know who does. And all we have is a samsung galaxy tab 2 7.0 tablet (which I think could be infected :'( but I'll ask about that later) and a kindle fire if the computer does something. So far the computer works in safe mode with networking okay. But it does go black screen whenever we open up google chrome, but then it goes away & we see the browser.

Thanks again! I look forward to your help. :)

Attached Files

  • Attached File  CBS.log   614.86KB   172 downloads

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
See if you can get one of these to work:


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


ase download DDS from http://download.blee...om/sUBs/dds.com or http://download.blee...om/sUBs/dds.scr
and save it to your desktop.

* Disable any script blocking protection
* Double click dds.pif to run the tool. (Vista and Win 7 please right click and Run As Admin)
* When done, two DDS.txt's will open.
* Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
  • 0

#3
ThanksGeeksForHelping

ThanksGeeksForHelping

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Thanks RKinner for helping us! We really appreciate it! :)

Okay before I do your instructions. Let me give you an update on what's happened. My roommate was able to get malware bites going. My roommate ran it and it took over 5 hours to finish a full scan. The scan stalled several times, however eventually continued thank goodness. There were infections & my roommate selected "remove" and then restarted the computer and she pressed F8 in order to get it back in safe mode with networking. It gave us a log & here's the log. I've renamed the name of our computer for privacy to "ADMIN" instead of our computer's real name.

==== Malware Bites Log Start =======================

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.14.07

Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
ADMIN :: ADMIN [administrator]

11/14/2013 12:41:59 PM
mbam-log-2013-11-14 (12-41-59).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|H:\|I:\|J:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 551732
Time elapsed: 5 hour(s), 46 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\Software\Datamngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: tAtA1G1O0T1O1PtGyCtHyC -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\Users\ADMIN\AppData\Local\Temp\is1394899945\MyBabylonTB.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\ADMIN\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

====== End Malware Bites Log =====

I was also able to get OTL running, however, it stalled several times. However, thank goodness it continued. Here's the OTL log. I've renamed the name of our computer and personal names to "USFRIENDS" for privacy.

====== Begin OTL Log ========

OTL logfile created on: 11/14/2013 9:11:32 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\USFRIENDS\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 3.20 Gb Available Physical Memory | 82.51% Memory free
7.92 Gb Paging File | 7.38 Gb Available in Paging File | 93.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.00 Gb Total Space | 243.40 Gb Free Space | 41.61% Space Free | Partition Type: NTFS
Drive D: | 11.17 Gb Total Space | 1.06 Gb Free Space | 9.45% Space Free | Partition Type: NTFS

Computer Name: USFRIENDS | User Name: USFRIENDS | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\USFRIENDS\Desktop\OTL (1).exe (OldTimer Tools)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe (McAfee, Inc.)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (WDBtnMgrSvc.exe) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)
SRV - (TunnelBearMaintenance) -- C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ScsiAccess) -- C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe ()
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (OnlineBackupSchedulerService) -- C:\Program Files (x86)\Charter\Cloud Drive™ Backup\Scheduler\OnlineBackup.SchedulerService.exe ()
SRV - (FilesystemWatcher) -- C:\Program Files (x86)\Charter\Cloud Drive™ Backup\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe (DigiData Corp.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AGCoreService) -- C:\Program Files (x86)\AGI\core\4.2.0.10752\AGCoreService.exe (AG Interactive)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database_106545b\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database_106545b\bin\fbserver.exe (MAGIX®)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies)


========== Driver Services (SafeList) ==========

DRV:64bit: - (tap0901) -- C:\Windows\SysNative\DRIVERS\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\DRIVERS\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (CAXHWBS2) -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DP) -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys (Conexant Systems, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys (Microsoft Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (pfc) -- C:\WINDOWS\SysWOW64\drivers\pfc.sys (Padus, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{031F2291-4C2D-4B94-B441-F70122E51373}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{FDC7CCF6-4EAA-4816-8F74-10707DC90A1E}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{031F2291-4C2D-4B94-B441-F70122E51373}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1066435
IE - HKLM\..\SearchScopes\{FDC7CCF6-4EAA-4816-8F74-10707DC90A1E}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...OIE9MSE&PC=UP09
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5D440BDF-CABA-40DA-B6E9-4741501B4216}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{5E88C510-ACA5-4072-9289-0BCA9CE39E99}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D66B0304-EF29-42F9-8C9B-23FB2CC89595}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKCU\..\SearchScopes\{FDC7CCF6-4EAA-4816-8F74-10707DC90A1E}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;127.0.0.1:9421;<local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"
FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2
FF - prefs.js..extensions.enabledAddons: clickclean%40hotcleaner.com:4.1
FF - prefs.js..extensions.enabledAddons: secureLogin%40blueimp.net:1.0.3
FF - prefs.js..extensions.enabledAddons: %7Bce7e73df-6a44-4028-8079-5927a588c948%7D:1.1.2
FF - prefs.js..extensions.enabledAddons: %7BFCE04E1F-9378-4f39-96F6-5689A9159E45%7D:1.3.2
FF - prefs.js..extensions.enabledAddons: %7B4cc4a13b-94a6-7568-370d-5f9de54a9c7f%7D:2.4
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.14
FF - prefs.js..extensions.enabledAddons: %7Bd37dc5d0-431d-44e5-8c91-49419370caa1%7D:3.1.26
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/11/12 17:33:31 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin: C:\Program Files (x86)\Skyhook Wireless\Loki Browser Plugin\versions\3.1.0.05\nploki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\USFRIENDS\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\USFRIENDS\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\USFRIENDS\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\USFRIENDS\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\USFRIENDS\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\USFRIENDS\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\USFRIENDS\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Webshots\3.1.5.7617\Firefox [2011/02/13 14:05:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/06/08 08:23:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/08 08:23:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/05 19:10:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/05 19:10:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\USFRIENDS\AppData\Roaming\Move Networks [2009/11/17 19:21:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/05 19:10:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/05 19:10:45 | 000,000,000 | ---D | M]

[2012/07/04 11:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Extensions
[2009/09/13 23:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/11/15 18:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/11/13 18:36:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions
[2013/06/01 08:59:05 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2013/10/21 05:17:29 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013/08/27 16:31:11 | 000,000,000 | ---D | M] (Empty Cache Button) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
[2013/06/01 09:07:59 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2013/06/01 10:31:50 | 000,000,000 | ---D | M] (Click&amp;Clean) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\[email protected]
[2013/11/13 18:36:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\staged
[2013/06/08 10:33:14 | 000,012,140 | ---- | M] () (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\[email protected]
[2013/08/30 05:54:43 | 000,355,782 | ---- | M] () (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\[email protected]
[2013/06/01 10:39:39 | 000,083,379 | ---- | M] () (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\[email protected]
[2013/08/14 17:41:59 | 000,049,720 | ---- | M] () (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\[email protected]
[2013/06/07 19:15:30 | 000,073,612 | ---- | M] () (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi
[2013/10/09 18:11:30 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/09 00:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/05 19:10:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/05 19:11:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/08 08:23:13 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2007/12/17 09:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npkimi.dll
[2013/06/08 08:22:11 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\google\chrome\application\22.0.1229.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Imikimi.com Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npkimi.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\USFRIENDS\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\USFRIENDS\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
CHR - plugin: Loki Plugin (Enabled) = C:\Program Files (x86)\Skyhook Wireless\Loki Browser Plugin\versions\3.1.0.05\nploki.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\USFRIENDS\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\USFRIENDS\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Keeper Web App = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnglfciifmgnafcgkkngkeopldlialb\7.2_0\
CHR - Extension: HootSuite Hootlet = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn\4.0.10_0\
CHR - Extension: YouTube = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: MightyText - Send/Receive SMS Text Messages = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\10.0_0\
CHR - Extension: Google Calendar = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Click&Clean = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0\
CHR - Extension: Pinterest = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.1_0\
CHR - Extension: JavaScript Popup Blocker = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol\1.2.4_0\
CHR - Extension: Cloud Reader = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_0\
CHR - Extension: Forecastfox = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0\
CHR - Extension: Secure Gmail by Streak = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jngdnjdobadbdemillgljnnbpomnfokn\1.4_0\
CHR - Extension: Shareaholic for Pinterest = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc\2.0.2_0\
CHR - Extension: Google Mail Multi-Account Checker = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpnehokodklgijkcakcfmccgpanipfp\2.0.24_0\
CHR - Extension: Google Wallet = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Pin Search | Image Search on Pinterest = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\okiaciimfpgbpdhnfdllhdkicpmdoakm\1.0.14_0\
CHR - Extension: Click&Clean App = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\
CHR - Extension: Evernote Web Clipper = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0\
CHR - Extension: Gmail = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/02/09 18:29:56 | 000,580,592 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 15615 more lines...
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No CLSID value found.
O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll File not found
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Online Backup Auto Update] C:\Program Files (x86)\Charter\Cloud Drive™ Backup\Auto Update\OnlineBackup.UpdateSystemTray.exe ()
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Vault Explorer Cache Watcher] C:\Program Files (x86)\Charter\Cloud Drive™ Backup\vewatch.exe (DigiData Corp.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKCU..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk = C:\Users\USFRIENDS\AppData\Local\Apps\2.0\GY2P6X9A.C64\ZGR7DZ6N.C95\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe (Amazon Digital Services, LLC.)
O4 - Startup: C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Charter Cloud Drive™ Backup.lnk = C:\WINDOWS\SysWOW64\schtasks.exe (Microsoft Corporation)
O4 - Startup: C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\USFRIENDS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Utility Application.lnk = C:\Users\USFRIENDS\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe (Samsung Electronics Co. Ltd.)
O4 - Startup: C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files (x86)\Webshots\3.1.5.7617\Launcher.exe (Webshots.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DACA66BD-C660-440D-9EFB-D8274ED0C9E3}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\USFRIENDS\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\USFRIENDS\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0e07bc14-470d-11e1-b66f-001fc6e8a92f}\Shell - "" = AutoRun
O33 - MountPoints2\{0e07bc14-470d-11e1-b66f-001fc6e8a92f}\Shell\AutoRun\command - "" = K:\setup.exe -a
O33 - MountPoints2\{274c3a63-444f-11e2-922d-001fc6e8a92f}\Shell - "" = AutoRun
O33 - MountPoints2\{274c3a63-444f-11e2-922d-001fc6e8a92f}\Shell\AutoRun\command - "" = K:\VZW_Software_upgrade_assistant_installer.exe
O33 - MountPoints2\{33aa1b69-2639-11e0-acca-001fc6e8a92f}\Shell - "" = AutoRun
O33 - MountPoints2\{33aa1b69-2639-11e0-acca-001fc6e8a92f}\Shell\AutoRun\command - "" = J:\setup.exe -a
O33 - MountPoints2\{4f3e1418-31cc-11e0-b7e4-001fc6e8a92f}\Shell - "" = AutoRun
O33 - MountPoints2\{4f3e1418-31cc-11e0-b7e4-001fc6e8a92f}\Shell\AutoRun\command - "" = J:\setup.exe -a
O33 - MountPoints2\{8e423621-ceb4-11de-bc95-001fc6e8a92f}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe
O33 - MountPoints2\{b6f71f0b-7bfc-11e0-b1b9-001fc6e8a92f}\Shell - "" = AutoRun
O33 - MountPoints2\{b6f71f0b-7bfc-11e0-b1b9-001fc6e8a92f}\Shell\AutoRun\command - "" = J:\setup.exe -a
O33 - MountPoints2\{cea2e9a4-ae17-11de-823e-001fc6e8a92f}\Shell\AutoRun\command - "" = J:\slacker.synclauncher.exe
O33 - MountPoints2\{cea2e9a4-ae17-11de-823e-001fc6e8a92f}\Shell\slacker\command - "" = J:\slacker.synclauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/14 11:22:25 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/14 11:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/14 11:21:13 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\USFRIENDS\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/14 11:12:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\USFRIENDS\Desktop\OTL (1).com
[2013/11/14 10:34:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\USFRIENDS\Desktop\OTL (1).exe
[2013/11/10 12:25:20 | 000,000,000 | ---D | C] -- C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TunnelBear
[2013/11/09 00:02:24 | 000,000,000 | ---D | C] -- C:\Users\USFRIENDS\AppData\Roaming\Oracle
[2013/11/09 00:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/08 23:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/11/05 19:10:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/18 18:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/10/18 18:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2009/07/17 16:02:21 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\USFRIENDS\AppData\Roaming\pcouffin.sys
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/14 19:53:50 | 000,711,020 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/14 19:53:50 | 000,608,770 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/14 19:53:50 | 000,105,680 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/14 19:39:54 | 000,502,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/14 19:39:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/14 11:22:26 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/14 11:19:38 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\USFRIENDS\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/14 11:11:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\USFRIENDS\Desktop\OTL (1).com
[2013/11/14 10:33:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\USFRIENDS\Desktop\OTL (1).exe
[2013/11/14 09:59:14 | 000,002,908 | ---- | M] () -- C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk
[2013/11/14 09:23:21 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/14 09:23:21 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/14 09:22:31 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/10 12:25:21 | 000,001,752 | ---- | M] () -- C:\Users\USFRIENDS\Desktop\TunnelBear.lnk
[2013/11/08 23:19:35 | 000,000,955 | ---- | M] () -- C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/11/07 02:45:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/01 22:32:24 | 000,213,504 | ---- | M] () -- C:\Users\USFRIENDS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/30 17:17:18 | 000,000,973 | ---- | M] () -- C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
[2013/10/28 08:40:15 | 000,154,935 | ---- | M] () -- C:\Users\USFRIENDS\Desktop\Survey Form_v4.pdf
[2013/10/18 18:51:14 | 000,001,875 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/10/18 18:51:14 | 000,001,875 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/10/17 09:54:15 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/16 19:15:32 | 540,953,918 | ---- | M] () -- C:\Windows\MEMORY.DMP
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/14 11:22:26 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/10 12:25:21 | 000,001,752 | ---- | C] () -- C:\Users\USFRIENDS\Desktop\TunnelBear.lnk
[2013/10/28 08:40:19 | 000,154,935 | ---- | C] () -- C:\Users\USFRIENDS\Desktop\Survey Form_v4.pdf
[2013/02/09 11:00:37 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/12/19 17:39:20 | 000,359,029 | ---- | C] () -- C:\Users\USFRIENDS\.TransferManager.db
[2012/03/01 19:42:32 | 000,000,375 | ---- | C] () -- C:\Users\USFRIENDS\Documents - Shortcut.lnk
[2011/03/05 22:30:43 | 000,000,680 | ---- | C] () -- C:\Users\USFRIENDS\AppData\Local\d3d9caps.dat
[2011/01/09 10:02:36 | 000,213,504 | ---- | C] () -- C:\Users\USFRIENDS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/03 21:54:56 | 000,152,772 | ---- | C] () -- C:\Users\USFRIENDS\hosts.zip
[2010/06/11 08:53:09 | 000,024,226 | ---- | C] () -- C:\Users\USFRIENDS\AppData\Roaming\UserTile.png
[2009/07/17 16:02:21 | 000,099,384 | ---- | C] () -- C:\Users\USFRIENDS\AppData\Roaming\inst.exe
[2009/07/17 16:02:21 | 000,007,859 | ---- | C] () -- C:\Users\USFRIENDS\AppData\Roaming\pcouffin.cat
[2009/07/17 16:02:21 | 000,001,167 | ---- | C] () -- C:\Users\USFRIENDS\AppData\Roaming\pcouffin.inf
[2009/07/11 16:06:46 | 000,000,358 | ---- | C] () -- C:\Users\USFRIENDS\AppData\Roaming\wklnhst.dat
[2009/06/25 05:38:28 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2006/11/02 07:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 09:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/10 23:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 18:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/02/11 15:45:17 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Alex Inc
[2011/03/27 18:07:57 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Amazon
[2009/07/07 16:58:45 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Blackberry Desktop
[2012/05/12 23:24:09 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Canon
[2009/11/04 19:08:23 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\DassaultSystemes
[2011/06/24 21:54:21 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\DigiData
[2013/11/14 09:59:40 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Dropbox
[2011/10/01 10:12:17 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\EasyMP3Downloader
[2009/08/17 01:18:12 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\FileZilla
[2012/06/16 09:59:41 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\FVD Suite
[2009/09/13 23:29:43 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Greyfirst
[2013/02/15 16:08:03 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\KeeperData
[2010/12/25 10:00:11 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Leadertech
[2010/08/07 09:01:12 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\MAGIX
[2010/01/24 11:18:52 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Memeo
[2012/07/03 23:56:48 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\MusicNet
[2010/08/06 15:15:11 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Netscape
[2012/12/18 06:14:47 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\ooVoo Details
[2011/10/28 19:55:20 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Opera
[2013/11/09 00:02:24 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Oracle
[2011/04/13 16:44:46 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\OverDrive
[2010/08/06 20:12:49 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Photodex
[2010/09/16 17:50:16 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Research In Motion
[2010/01/24 08:17:21 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Smilebox(198)
[2013/10/30 13:32:20 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Spotify
[2009/07/11 16:06:49 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Template
[2009/11/15 18:45:21 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\TomTom
[2009/07/17 18:58:27 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Vso
[2011/01/16 19:44:42 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\WD
[2011/02/13 14:09:52 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Webshots
[2010/03/24 19:50:04 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\YouSendIt

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:73BDADA8

< End of report >

========== End Of OTL Log ============================

Okay, those are the two logs. Just to be safe, I won't do your instructions unless you tell me I should since the OTL log was what you all wanted in the first place. So whatever instructions you post after this I'll do. Just to be safe. Thanks again RKinner for your help! We appreciate your time and effort. Also can you please give us detailed instructions on how we should proceed. Thank You Very Much RKinner as well as the rest of the Geeks To Go community! :D
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
If a step won't work you can skip to the next one. You can post each log as you get it if you want.


Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button - Do NOT press the large Start Download button on the upper left!) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post. Uninstall Speccy.

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.





Ron
  • 0

#5
ThanksGeeksForHelping

ThanksGeeksForHelping

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Thanks Ron (RKinner) :)

I have a question before I proceed. Please forgive me if I sound dumb or too cautious, I just want to make sure I do it right.

When the computer reboots, should I reboot it in "normal mode" or "safe mode with networking?" The reason I ask is because, so far, in "normal mode" I lose the internet and I get a blue screen when trying to look at "network sharing center."

I've downloaded so far AdwareCleaner, JRT & FRST. I will begin your instructions with AdwareCleaner and so forth after I get advice on how to reboot the system.

Also the text that I must copy and paste. Is that to be copied and pasted in the OTL?

Those are the questions I have for the first few steps. I don't want to overwhelm myself or my roommate.

Thanks Again! :)
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
You can stay in Safe Mode with Networking. The copied stuff (in the gray box) is what gets pasted into the Custom Scan/Fix box in OTL.
  • 0

#7
ThanksGeeksForHelping

ThanksGeeksForHelping

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Thanks again Ron (RKinner) :)

Okay, I've done most of your instructions. I've still yet to do the "Speccy" and "Process Explorer" instructions you've given.

Here are the logs for the AdwCleaner. I found two so here they are.

Here's the: AdwCleaner[R0].txt log.

====== Begin AdwCleaner[R0].txt Log =========

# AdwCleaner v3.012 - Report created 15/11/2013 at 21:19:45
# Updated 11/11/2013 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : USFRIENDS - USFRIENDS
# Running from : C:\Users\USFRIENDS\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\Components\AskSearch.js
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Windows\System32\Tasks\paretologic registration3
File Found : C:\Windows\System32\Tasks\paretologic update version3
File Found : C:\Windows\System32\Tasks\PC Health Advisor
File Found : C:\Windows\System32\Tasks\PC Health Advisor Defrag
File Found : C:\Windows\Tasks\paretologic registration3.job
File Found : C:\Windows\Tasks\paretologic update version3.job
File Found : C:\Windows\Tasks\PC Health Advisor Defrag.job
File Found : C:\Windows\Tasks\PC Health Advisor.job
Folder Found C:\Program Files (x86)\AGI
Folder Found C:\Program Files (x86)\Common Files\ParetoLogic
Folder Found C:\Program Files (x86)\iMesh Applications
Folder Found C:\Program Files (x86)\ParetoLogic
Folder Found C:\Program Files (x86)\StartNow Toolbar
Folder Found C:\ProgramData\AGI
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\ParetoLogic
Folder Found C:\Users\USFRIENDS\AppData\Local\apn
Folder Found C:\Users\USFRIENDS\AppData\Local\PackageAware
Folder Found C:\Users\USFRIENDS\AppData\Local\Temp\AskSearch
Folder Found C:\Users\USFRIENDS\AppData\LocalLow\AGI
Folder Found C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AGI
Key Found : HKCU\Software\Imesh
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : [x64] HKCU\Software\AGI
Key Found : [x64] HKCU\Software\Imesh
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Zugo
Key Found : HKLM\Software\AGI
Key Found : HKLM\SOFTWARE\Classes\agihelper.AGUtils
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1066435
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\Software\ParetoLogic
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : [x64] HKLM\SOFTWARE\DataMngr
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514


-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\prefs.js ]


-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7259 octets] - [15/11/2013 21:19:45]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7319 octets] ##########

====== End AdwCleaner[R0].txt Log ================

And here's the AdwCleaner[S0].txt log.

=========== Begin AdwCleaner[S0].txt Log ==========

# AdwCleaner v3.012 - Report created 15/11/2013 at 21:23:47
# Updated 11/11/2013 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : USFRIENDS - USFRIENDS
# Running from : C:\Users\USFRIENDS\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\AGI
[!] Folder Deleted : C:\ProgramData\boost_interprocess
[!] Folder Deleted : C:\ProgramData\ParetoLogic
[!] Folder Deleted : C:\Program Files (x86)\AGI
[!] Folder Deleted : C:\Program Files (x86)\iMesh Applications
[!] Folder Deleted : C:\Program Files (x86)\ParetoLogic
[!] Folder Deleted : C:\Program Files (x86)\StartNow Toolbar
[!] Folder Deleted : C:\Program Files (x86)\Common Files\ParetoLogic
[!] Folder Deleted : C:\Users\USFRIENDS\AppData\Local\apn
[!] Folder Deleted : C:\Users\USFRIENDS\AppData\Local\PackageAware
[!] Folder Deleted : C:\Users\USFRIENDS\AppData\Local\Temp\AskSearch
[!] Folder Deleted : C:\Users\USFRIENDS\AppData\LocalLow\AGI
[!] Folder Deleted : C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Components\AskSearch.js
File Deleted : C:\Windows\Tasks\paretologic registration3.job
File Deleted : C:\Windows\System32\Tasks\paretologic registration3
File Deleted : C:\Windows\Tasks\paretologic update version3.job
File Deleted : C:\Windows\System32\Tasks\paretologic update version3
File Deleted : C:\Windows\Tasks\PC Health Advisor Defrag.job
File Deleted : C:\Windows\System32\Tasks\PC Health Advisor Defrag
File Deleted : C:\Windows\Tasks\PC Health Advisor.job
File Deleted : C:\Windows\System32\Tasks\PC Health Advisor

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\agihelper.AGUtils
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1066435
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKCU\Software\AGI
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\AGI
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514


-\\ Mozilla Firefox v25.0 (en-US)

[ File : C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\prefs.js ]


-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7455 octets] - [15/11/2013 21:19:45]
AdwCleaner[S0].txt - [6735 octets] - [15/11/2013 21:23:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6795 octets] ##########

========= End AdwCleaner[S0].txt Log. ===================

And here's the JRT.txt log.

======== Start JRT.txt Log =========================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows ™ Vista Home Premium x64
Ran by USFRIENDS on Fri 11/15/2013 at 21:45:23.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5D440BDF-CABA-40DA-B6E9-4741501B4216}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\USFRIENDS\appdata\locallow\datamngr"
Successfully deleted: [Empty Folder] C:\Users\USFRIENDS\appdata\local\{100D623A-ADCF-43CB-B475-0069EEA1FCA1}
Successfully deleted: [Empty Folder] C:\Users\USFRIENDS\appdata\local\{280409FC-EA39-4D06-BA8C-53B68283E587}
Successfully deleted: [Empty Folder] C:\Users\USFRIENDS\appdata\local\{3D680AA2-ADBB-451A-93FA-43C4C71E690B}
Successfully deleted: [Empty Folder] C:\Users\USFRIENDS\appdata\local\{8B4D231E-C354-46E3-A70C-AEBAA9469D1D}
Successfully deleted: [Empty Folder] C:\Users\USFRIENDS\appdata\local\{8FC355C1-51DA-4C9C-BD81-98B3D361A3C7}
Successfully deleted: [Empty Folder] C:\Users\USFRIENDS\appdata\local\{994ED3B0-7A2A-46CA-8CF4-B1538D79ED73}
Successfully deleted: [Empty Folder] C:\Users\USFRIENDS\appdata\local\{A6C4CE15-9F2C-428D-81E4-DC872E66EA56}
Successfully deleted: [Empty Folder] C:\Users\USFRIENDS\appdata\local\{A8E427FD-0D07-41E9-B82D-60BC02111603}
Successfully deleted: [Empty Folder] C:\Users\USFRIENDS\appdata\local\{AAB19717-D767-4FB1-B568-83CC6CB1616C}
Successfully deleted: [Empty Folder] C:\Users\USFRIENDS\appdata\local\{B8AA066B-875F-42D2-AB1F-F07B92346525}
Successfully deleted: [Empty Folder] C:\Users\USFRIENDS\appdata\local\{C40F3C23-6324-43CF-B71E-C020D8AE5BD4}
Successfully deleted: [Empty Folder] C:\Users\USFRIENDS\appdata\local\{DA96CA02-BDCF-4B42-821D-5AC957217AA4}



~~~ FireFox

Emptied folder: C:\Users\USFRIENDS\AppData\Roaming\mozilla\firefox\profiles\yuvm8yq1.default\minidumps [15 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/15/2013 at 21:51:05.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

======= End Of JRT.txt Log =====================

Here's the Addition.txt log.

======= Begin Addition.txt Log ================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2013
Ran by USFRIENDS at 2013-11-15 22:11:46
Running from C:\Users\USFRIENDS\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (x32)
3DVIA Shape for Maps (x32 Version: 6.207.09182)
AAC Decoder (x32 Version: 7.1.0)
Acrobat.com (x32 Version: 0.0.0)
Acrobat.com (x32 Version: 1.1.377)
Adobe AIR (x32 Version: 3.3.0.3650)
Adobe Bridge 1.0 (x32 Version: 001.000.000)
Adobe Common File Installer (x32 Version: 1.00.0000)
Adobe Digital Editions (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.202)
Adobe Help Center 1.0 (x32 Version: 001.000.000)
Adobe Photoshop CS2 (x32 Version: 9.0)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Adobe Stock Photos 1.0 (x32 Version: 001.000.000)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface Service (x32)
Amazon Cloud Drive (HKCU Version: 2.0.2013.841)
Amazon Kindle (HKCU)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.1.116)
AutoUpdate (x32 Version: 1.1)
AVI Codec Pack (x32)
Bing Bar (x32 Version: 7.0.609.0)
Bonjour (Version: 3.0.0.10)
Celtx (2.0.2) (x32 Version: 2.0.2 (en-US))
Charter Cloud Drive™ Backup (x32 Version: 4.6.3527)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
CyberLink DVD Suite Deluxe (x32 Version: 5.5.1329)
CyberLink PowerDirector (x32 Version: 6.5.2726)
D3DX10 (x32 Version: 15.4.2368.0902)
Dassault Systemes Software Prerequisites x86-x64 (Version: 8.1.3)
Data Lifeguard Diagnostic for Windows (x32 Version: 1.13)
DivX Codec (x32 Version: 6.8.5)
DivX Converter (x32 Version: 7.1.0)
DivX Player (x32 Version: 7.2.0)
DivX Plus DirectShow Filters (x32)
DivX Version Checker (x32 Version: 7.1.0.2)
DivX Web Player (x32 Version: 1.5.0)
Dropbox (HKCU Version: 2.4.6)
Enhanced Multimedia Keyboard Solution (x32)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.27.0)
Fly DVD Copier Version 4.9 (x32)
Free 3GP Video Converter version 3.1 (x32)
Google Calendar Sync (x32)
Google Chrome (x32 Version: 30.0.1599.101)
Google Earth (x32 Version: 7.1.1.1888)
Google Talk Plugin (x32 Version: 4.9.1.16010)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
Google Updater (x32 Version: 2.4.2432.1652)
GoogleToolBar (HKCU)
H.264 Decoder (x32 Version: 1.1.0)
Hardware Diagnostic Tools (x32 Version: 5.1.4748.24)
Hewlett-Packard Active Check for Health Check (x32 Version: 1.1.15.2)
Hewlett-Packard Asset Agent for Health Check (x32 Version: 2.0.63.2)
HP Active Support Library (x32 Version: 3.1.0.6)
HP Customer Experience Enhancements (x32 Version: 5.6.0.2510)
HP Customer Feedback (x32 Version: 1.0.0)
HP Demo (Version: HP Demo)
HP Picasso Media Center Add-In (x32 Version: 1.0.0)
HP Total Care Advisor (x32 Version: 2.1.3329.2629)
HP Update (x32 Version: 4.000.007.003)
HPTCSSetup (x32 Version: 1.0.964.2626)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
JavaFX 2.1.1 (x32 Version: 2.1.1)
Keeper Password & Data Vault (x32 Version: 5.2)
LabelPrint (x32 Version: 2.2.2529)
LightScribe System Software 1.12.37.1 (x32 Version: 1.12.37.1)
LightScribeTemplateLabeler (x32 Version: 1.10.23.1)
Logitech QuickCam Driver Package
Logitech Vid HD (x32 Version: 7.2 (7240))
Logitech Webcam Software (Version: 12.10.1113)
Loki Browser Plugin (x32)
Macromedia Extension Manager (x32 Version: 1.7.240)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MapQuest Toolbar (HKCU)
McAfee Security Scan Plus (Version: 3.8.130.8)
Memeo AutoSync
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (x32 Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Works (x32 Version: 9.7.0621)
MIKSOFT Mobile 3GP converter (x32)
MKV Splitter (x32 Version: 1.0.1)
MotoHelper MergeModules (x32 Version: 1.2.0)
Move Media Player (HKCU)
Movie Converter v4 (x32 Version: 4)
Mozilla Firefox 25.0 (x86 en-US) (x32 Version: 25.0)
Mozilla Maintenance Service (x32 Version: 25.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
My HP Games (x32 Version: 1.0.0.43)
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player (HKCU)
Opera 12.15 (x32 Version: 12.15.1748)
OverDrive Media Console (x32 Version: 3.2.10)
OverDrive Media Console (x32 Version: 3.2.20)
Photodex Presenter (x32)
Pocket version 1.5 (x32 Version: 1.5)
Power2Go (x32 Version: 5.6.3917)
ProShow Gold (x32)
ProShow MediaSource - Family Memories (x32)
ProShow Producer (x32)
Python 2.5 (x32 Version: 2.5.150)
QuickTime (x32 Version: 7.73.80.64)
RealDownloader (x32 Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
RealPlayer (x32 Version: 16.0.2)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5789)
RealUpgrade 1.1 (x32 Version: 1.1.0)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.9.0)
Segoe UI (x32 Version: 15.4.2271.0615)
Soft Data Fax Modem with SmartCP (Version: 7.74.00)
SpiceFX for Movie Maker (x32 Version: 5.0.1)
Spotify (HKCU Version: 0.9.4.185.g7545a404)
swMSM (x32 Version: 12.0.0.1)
Times Reader (x32 Version: 2.054)
TunnelBear 2.1.1.0 (x32 Version: 2.1.1.0)
Uninstall 1.0.0.1 (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
VC80CRTRedist - 8.0.50727.762 (x32 Version: 1.0.0)
VD64Inst (Version: 1.00.0000)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (x32 Version: 2.13.0273)
Verizon Wireless Software Utility Application for Android - Samsung (x32 Version: 2.13.0246)
WD Drive Manager (x64) (Version: 2.107)
Webshots Desktop (x32 Version: 3.1.5.7617)
Webshots Toolbar for Firefox (x32 Version: 3.1.5.7617)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinPcap 4.0.2 (x32 Version: 4.0.0.1040)
WM Capture (HKCU)
WM Capture (x32 Version: 4.1)
WM Recorder (x32)
WM Splitter 1.6.906 (x32)
Yahoo! BrowserPlus 2.9.8 (HKCU)
Yahoo! Messenger (x32)
Yahoo! Software Update (x32)
YouSendIt Express (x32 Version: 2.5.0)

==================== Restore Points =========================

13-11-2013 08:00:02 Scheduled Checkpoint
13-11-2013 11:00:12 Windows Update
14-11-2013 08:02:20 Scheduled Checkpoint
14-11-2013 11:00:20 Windows Update

==================== Hosts content: ==========================

2010-08-18 19:28 - 2013-02-09 18:29 - 00580592 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 aconti.net
127.0.0.1 secure.aconti.net
127.0.0.1 www.aconti.net #[Dialer.Aconti]
127.0.0.1 csh.actiondesk.com
127.0.0.1 www.activemeter.com #[Tracking.Cookie]
127.0.0.1 ads.activepower.net
127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1 cms.ad2click.nl
127.0.0.1 ad2games.com
127.0.0.1 ads.ad2games.com
127.0.0.1 content.ad20.net
127.0.0.1 core.ad20.net
127.0.0.1 banner.ad.nu

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {01C92733-3782-4884-8329-E3580B319B62} - \ParetoLogic Registration3 No Task File
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {1F2FB2E0-5D99-4D70-9942-6BD639C8E4AF} - \PC Health Advisor No Task File
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\WINDOWS\System32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {34B1ABFC-CB4C-4296-BD1B-91339234F614} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files (x86)\PC-Doctor 5 for Windows\RunProfiler.exe [2008-03-13] (PC-Doctor, Inc.)
Task: {492F759C-3CDF-4ED2-94DF-D099081A2C0C} - System32\Tasks\Microsoft\Windows\RestartManager\{01180AB4-0509-4bf1-BC23-A92953985FC0} => C:\WINDOWS\System32\RmClient.exe [2006-11-02] (Microsoft Corporation)
Task: {4C784DD0-83C1-40D0-B71B-F39318C8BE5E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3694992828-362353423-1709206159-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\WINDOWS\System32\pla.dll [2008-01-20] (Microsoft Corporation)
Task: {528BA75B-83BF-4D7D-ABB1-0694C5214B46} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3694992828-362353423-1709206159-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-04-16] (RealNetworks, Inc.)
Task: {545BBE5D-679B-48C8-A4E0-37ABADBBF590} - System32\Tasks\OnlineBackup.SyncNShare => C:\Program Files (x86)\Charter\Cloud Drive™ Backup\SyncNShare\OnlineBackup.SyncNShare.exe [2011-04-13] ()
Task: {62D773F2-707B-4DC8-A0F1-31B0AEE4FA6B} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2008-04-11] ()
Task: {6DE6307F-7F38-4978-AD7D-5B237BA0D96E} - System32\Tasks\Google Software Updater => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-09-27] (Google)
Task: {723004DD-0368-4509-A965-4D584F5F461E} - System32\Tasks\TunnelBear => C:\Program Files (x86)\TunnelBear\TunnelBear.exe [2013-11-07] (TunnelBear)
Task: {750A070F-48E0-473B-9352-18E80AE1F2FA} - \ParetoLogic Update Version3 No Task File
Task: {7781AB20-CDD3-4C3A-B87E-703000926B76} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files (x86)\PC-Doctor 5 for Windows\task_swap.exe [2008-03-13] (PC-Doctor, Inc.)
Task: {7B2C7E99-4468-42BC-981C-1E38E36BCB05} - \PC Health Advisor Defrag No Task File
Task: {7BBD2D76-1260-4ABC-A0DB-BBAEE786914B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3694992828-362353423-1709206159-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8031E2BB-824A-4E4E-B0F2-4F3728F0DAE9} - System32\Tasks\NetworkWizardVCW => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2008-04-11] ()
Task: {9424CFD0-BE83-4E8B-98FF-45A99E1DC5E8} - System32\Tasks\RecoveryCD => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2008-04-11] ()
Task: {97C7ACF0-A84E-437C-BF54-59D70B70FED1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-08-14] (Google Inc.)
Task: {9922DC27-CF5B-464E-AD9B-D7E5C17F7FB7} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3694992828-362353423-1709206159-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {A4FED573-3CE2-4A30-9810-E107ED6A44A4} - System32\Tasks\Microsoft\Windows\RestartManager\{9CDD615A-5C45-4096-B256-4B2E55E2A317} => C:\WINDOWS\System32\RmClient.exe [2006-11-02] (Microsoft Corporation)
Task: {CA9387E3-21F9-49A9-AD82-61140A67B367} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-18] (Adobe Systems Incorporated)
Task: {D59E7E87-808F-433D-9A5A-42DE2332B93F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-08-14] (Google Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\WINDOWS\System32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {EE427B34-0728-43A2-A5F9-C10FECDE7FB5} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3694992828-362353423-1709206159-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {F1957D9F-8316-4961-96CF-9577C3927B7F} - System32\Tasks\{2C093D56-6623-4508-8F9B-9FD8F48E0893} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {F4D84A93-4704-4BCC-9D78-D28209976BB6} - System32\Tasks\Microsoft\Windows\RestartManager\{8631DB82-C73A-425d-B92E-910FA62811BE} => C:\WINDOWS\System32\RmClient.exe [2006-11-02] (Microsoft Corporation)
Task: {F6CCB08C-EA1A-49B5-87D1-3BD6B377352D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {F7699132-F099-4D35-9F89-53F704298424} - System32\Tasks\OnlineBackupManager => C:\Program Files (x86)\Charter\Cloud Drive™ Backup\SyncNShare\OnlineBackup.SyncNShare.exe [2011-04-13] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3694992828-362353423-1709206159-1000Core1cec53efb70193c.job => C:\Users\USFRIENDS\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\OnlineBackupManager.job => C:\Program Files (x86)\Charter\Cloud Drive"! Backup\SyncNShare\OnlineBackup.SyncNShare.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{E73B303C-948D-4079-81F1-CF26613284D5}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2011-03-23 13:08 - 2011-03-23 13:08 - 01994752 _____ () C:\Program Files (x86)\Charter\Cloud Drive™ Backup\DigiData.Vault.VaultExplorer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:73BDADA8

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Standard Enhanced PCI to USB Host Controller
Description: Standard Enhanced PCI to USB Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbehci
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (11/15/2013 10:08:51 PM) (Source: nvstor64) (User: )
Description: A parity error was detected on \Device\RaidPort0.

Error: (11/15/2013 10:08:44 PM) (Source: nvstor64) (User: )
Description: A parity error was detected on \Device\RaidPort0.

Error: (11/15/2013 10:08:36 PM) (Source: nvstor64) (User: )
Description: A parity error was detected on \Device\RaidPort0.

Error: (11/15/2013 10:08:28 PM) (Source: nvstor64) (User: )
Description: A parity error was detected on \Device\RaidPort0.

Error: (11/15/2013 10:08:20 PM) (Source: nvstor64) (User: )
Description: A parity error was detected on \Device\RaidPort0.

Error: (11/15/2013 10:08:12 PM) (Source: nvstor64) (User: )
Description: A parity error was detected on \Device\RaidPort0.

Error: (11/15/2013 10:08:04 PM) (Source: nvstor64) (User: )
Description: A parity error was detected on \Device\RaidPort0.

Error: (11/15/2013 10:07:56 PM) (Source: nvstor64) (User: )
Description: A parity error was detected on \Device\RaidPort0.

Error: (11/15/2013 10:07:48 PM) (Source: nvstor64) (User: )
Description: A parity error was detected on \Device\RaidPort0.

Error: (11/15/2013 10:07:45 PM) (Source: nvstor64) (User: )
Description: A parity error was detected on \Device\RaidPort0.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 3965.58 MB
Available physical RAM: 3169.1 MB
Total Pagefile: 8113.69 MB
Available Pagefile: 7467.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:585 GB) (Free:242.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.17 GB) (Free:1.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=585 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

==================== End Of Log ============================

========= End Of Addition.txt Log ==================

And here's the FRST.txt Log.

========= Start of FRST.txt Log =================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by USFRIENDS (administrator) on USFRIENDS on 15-11-2013 21:54:03
Running from C:\Users\USFRIENDS\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\WINDOWS\RAVCpl64.exe [6150656 2008-03-26] (Realtek Semiconductor)
HKLM\...\Run: [HP Health Check Scheduler] - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1436736 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [Google Update] - C:\Users\USFRIENDS\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2009-06-25] (Google Inc.)
HKCU\...\Run: [ISUSPM] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation)
HKCU\...\Run: [ehTray.exe] - C:\WINDOWS\ehome\ehtray.exe [138240 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [DW6] - "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-14] (Google Inc.)
HKCU\...\RunOnce: [Report] - C:\AdwCleaner\AdwCleaner[S0].txt [6883 2013-11-15] ()
MountPoints2: {0e07bc14-470d-11e1-b66f-001fc6e8a92f} - K:\setup.exe -a
MountPoints2: {274c3a63-444f-11e2-922d-001fc6e8a92f} - K:\VZW_Software_upgrade_assistant_installer.exe
MountPoints2: {33aa1b69-2639-11e0-acca-001fc6e8a92f} - J:\setup.exe -a
MountPoints2: {4f3e1418-31cc-11e0-b7e4-001fc6e8a92f} - J:\setup.exe -a
MountPoints2: {8e423621-ceb4-11de-bc95-001fc6e8a92f} - K:\InstallTomTomHOME.exe
MountPoints2: {b6f71f0b-7bfc-11e0-b1b9-001fc6e8a92f} - J:\setup.exe -a
MountPoints2: {cea2e9a4-ae17-11de-823e-001fc6e8a92f} - J:\slacker.synclauncher.exe
HKLM-x32\...\Run: [KBD] - C:\hp\KBD\KbdStub.exe [65536 2006-12-08] ()
HKLM-x32\...\Run: [WD Drive Manager] - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [479744 2008-07-24] (WDC)
HKLM-x32\...\Run: [Online Backup Auto Update] - C:\Program Files (x86)\Charter\Cloud Drive™ Backup\Auto Update\OnlineBackup.UpdateSystemTray.exe [233472 2011-04-13] ()
HKLM-x32\...\Run: [Vault Explorer Cache Watcher] - C:\Program Files (x86)\Charter\Cloud Drive™ Backup\vewatch.exe [28672 2011-03-23] (DigiData Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-06-08] (RealNetworks, Inc.)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972128 2008-04-14] (Hewlett-Packard)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972128 2008-04-14] (Hewlett-Packard)
HKU\USER\...\Run: [ehTray.exe] - C:\WINDOWS\ehome\ehtray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\USER\...\Run: [Google Update] - "C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\USER\...\Run: [ISUSPM] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112 2008-10-24] (Macrovision Corporation)
AppInit_DLLs: [0 ] ()
Startup: C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk
ShortcutTarget: Amazon Cloud Drive.lnk -> C:\Users\USFRIENDS\AppData\Local\Apps\2.0\GY2P6X9A.C64\ZGR7DZ6N.C95\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe (Amazon Digital Services, LLC.)
Startup: C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Charter Cloud Drive™ Backup.lnk
ShortcutTarget: Charter Cloud Drive™ Backup.lnk -> C:\Windows\system32\schtasks.exe (Microsoft Corporation)
Startup: C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\USFRIENDS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Utility Application.lnk
ShortcutTarget: Launch Utility Application.lnk -> C:\Users\USFRIENDS\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe (Samsung Electronics Co. Ltd.)
Startup: C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
ShortcutTarget: Webshots.lnk -> C:\Program Files (x86)\Webshots\3.1.5.7617\Launcher.exe (Webshots.com)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...OIE9MSE&PC=UP09
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {031F2291-4C2D-4B94-B441-F70122E51373} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM - {FDC7CCF6-4EAA-4816-8F74-10707DC90A1E} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKLM-x32 - {031F2291-4C2D-4B94-B441-F70122E51373} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {FDC7CCF6-4EAA-4816-8F74-10707DC90A1E} URL = http://search.yahoo....ing}&fr=hp-pvdt
SearchScopes: HKCU - {031F2291-4C2D-4B94-B441-F70122E51373} URL =
SearchScopes: HKCU - {5E88C510-ACA5-4072-9289-0BCA9CE39E99} URL = http://search.yahoo....p={SearchTerms}
SearchScopes: HKCU - {FDC7CCF6-4EAA-4816-8F74-10707DC90A1E} URL = http://search.yahoo....ing}&fr=hp-pvdt
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: No Name - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {C17590D2-ECB4-4B15-8820-F58798DCC118} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab
DPF: HKLM-x32 {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default
FF Homepage: hxxp://www.bing.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=14 - C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin-x32: @photodex.com/PhotodexPresenter - C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @skyhookwireless.com/LokiPlugin - C:\Program Files (x86)\Skyhook Wireless\Loki Browser Plugin\versions\3.1.0.05\nploki.dll (Skyhook Wireless)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\USFRIENDS\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\USFRIENDS\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\USFRIENDS\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\USFRIENDS\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\USFRIENDS\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\USFRIENDS\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Users\USFRIENDS\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Extension: Click&amp;Clean - C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\Extensions\[email protected]
FF Extension: Forecastfox - C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF Extension: Flagfox - C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF Extension: Empty Cache Button - C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
FF Extension: FoxClocks - C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
FF Extension: cam - C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\Extensions\[email protected]
FF Extension: client - C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\Extensions\[email protected]
FF Extension: secureLogin - C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\Extensions\[email protected]
FF Extension: sortbookmarks - C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\Extensions\[email protected]
FF Extension: preferences - C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\Extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi
FF Extension: Adblock Plus - C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Webshots\3.1.5.7617\Firefox
FF Extension: No Name - C:\Program Files (x86)\Webshots\3.1.5.7617\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Users\USFRIENDS\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\USFRIENDS\AppData\Roaming\Move Networks

Chrome:
=======
CHR HomePage: hxxp://google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/", "hxxp://www.bing.com/", "hxxp://bingmac.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\google\chrome\application\22.0.1229.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll (DivX,Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (Imikimi.com Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npkimi.dll ( )
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\USFRIENDS\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\USFRIENDS\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Photodex Presenter Plugin) - C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
CHR Plugin: (Loki Plugin) - C:\Program Files (x86)\Skyhook Wireless\Loki Browser Plugin\versions\3.1.0.05\nploki.dll (Skyhook Wireless)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\USFRIENDS\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Plugin: (Move Streaming Media Player) - C:\Users\USFRIENDS\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Keeper Web App) - C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnglfciifmgnafcgkkngkeopldlialb\7.2_0
CHR Extension: (HootSuite Hootlet) - C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn\4.0.10_0
CHR Extension: (YouTube) - C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (MightyText - Send/Receive SMS Text Messages) - C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\10.0_0
CHR Extension: (Google Calendar) - C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0
CHR Extension: (Click&Clean) - C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0
CHR Extension: (Pinterest) - C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.1_0
CHR Extension: (JavaScript Popup Blocker) - C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol\1.2.4_0
CHR Extension: (Cloud Reader) - C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_0
CHR Extension: (Forecastfox) - C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0
CHR Extension: (Secure Gmail by Streak) - C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jngdnjdobadbdemillgljnnbpomnfokn\1.4_0
CHR Extension: (Shareaholic for Pinterest) - C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc\2.0.2_0
CHR Extension: (Google Mail Multi-Account Checker) - C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpnehokodklgijkcakcfmccgpanipfp\2.0.24_0
CHR Extension: (Google Wallet) - C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Pin Search | Image Search on Pinterest) - C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\okiaciimfpgbpdhnfdllhdkicpmdoakm\1.0.14_0
CHR Extension: (Click&Clean App) - C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0
CHR Extension: (Evernote Web Clipper) - C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0
CHR Extension: (Gmail) - C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2009-09-09] (Adobe Systems)
S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
S2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database_106545b\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)
S2 FilesystemWatcher; C:\Program Files (x86)\Charter\Cloud Drive™ Backup\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe [24576 2011-04-07] (DigiData Corp.)
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database_106545b\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S2 gupdate1ca1d4d2c89e5a2; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-08-14] (Google Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
S2 OnlineBackupSchedulerService; C:\Program Files (x86)\Charter\Cloud Drive™ Backup\Scheduler\OnlineBackup.SchedulerService.exe [24576 2011-04-13] ()
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [92792 2007-11-06] (CACE Technologies)
S2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe [186760 2013-05-07] ()
S3 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [19392 2013-11-07] ()
S2 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [118272 2008-07-24] (WDC)
S2 AGCoreService; "C:\Program Files (x86)\AGI\core\4.2.0.10752\AGCoreService.exe" [x]
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]
S3 RpcLocator; %SystemRoot%\system32\locator.exe [x]

==================== Drivers (Whitelisted) ====================

S3 HSF_DP; C:\Windows\System32\DRIVERS\CAX_DP.sys [1487872 2008-05-08] (Conexant Systems, Inc.)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [40464 2007-11-06] (CACE Technologies)
S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [165408 2008-01-25] (NVIDIA Corporation)
S3 pfc; C:\Windows\SysWow64\drivers\pfc.sys [10368 2006-10-02] (Padus, Inc.)
R3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 LVcKap64; system32\DRIVERS\LVcKap64.sys [x]
S3 motandroidusb; System32\Drivers\motoandroid.sys [x]
S3 motccgp; system32\DRIVERS\motccgp.sys [x]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x]
S3 motmodem; system32\DRIVERS\motmodem.sys [x]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [x]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-15 21:54 - 2013-11-15 22:08 - 00031995 _____ C:\Users\USFRIENDS\Desktop\FRST.txt
2013-11-15 21:53 - 2013-11-15 21:53 - 00000000 ____D C:\FRST
2013-11-15 21:51 - 2013-11-15 21:51 - 00002548 _____ C:\Users\USFRIENDS\Desktop\JRT.txt
2013-11-15 21:45 - 2013-11-15 21:45 - 00000000 ____D C:\Windows\ERUNT
2013-11-15 21:19 - 2013-11-15 21:24 - 00000000 ____D C:\AdwCleaner
2013-11-15 13:20 - 2013-11-15 13:20 - 01957794 _____ (Farbar) C:\Users\USFRIENDS\Desktop\FRST64.exe
2013-11-15 13:18 - 2013-11-15 13:18 - 01034531 _____ (Thisisu) C:\Users\USFRIENDS\Desktop\JRT.exe
2013-11-15 13:16 - 2013-11-15 13:16 - 01085542 _____ C:\Users\USFRIENDS\Desktop\AdwCleaner.exe
2013-11-15 01:56 - 2013-11-15 01:57 - 00000000 ____D C:\Users\USFRIENDS\Downloads\Catalina Island Photos
2013-11-15 01:31 - 2013-11-15 01:45 - 00111170 _____ C:\Users\USFRIENDS\Desktop\OTL-edit.Txt
2013-11-15 00:45 - 2013-11-15 00:45 - 00110690 _____ C:\Users\USFRIENDS\Desktop\OTL.Txt
2013-11-14 11:22 - 2013-11-14 11:22 - 00000910 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-14 11:22 - 2013-11-14 11:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-14 11:22 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-14 11:21 - 2013-11-14 11:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\USFRIENDS\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-14 11:19 - 2013-11-14 11:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\USFRIENDS\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-14 11:11 - 2013-11-14 11:11 - 00602112 _____ (OldTimer Tools) C:\Users\USFRIENDS\Downloads\OTL (1).com
2013-11-14 10:34 - 2013-11-14 10:33 - 00602112 _____ (OldTimer Tools) C:\Users\USFRIENDS\Desktop\OTL (1).exe
2013-11-14 10:33 - 2013-11-14 10:33 - 00602112 _____ (OldTimer Tools) C:\Users\USFRIENDS\Downloads\OTL (1).exe
2013-11-12 15:26 - 2013-11-12 15:29 - 508401191 _____ C:\Users\USFRIENDS\Downloads\Downton Abbey 4x08 - Episode Eight.mp4
2013-11-10 15:22 - 2013-11-10 15:39 - 1531380321 _____ C:\Users\USFRIENDS\Downloads\downton_abbey.4x08.720p_hdtv_x264.mkv
2013-11-10 12:25 - 2013-11-10 12:25 - 00001752 _____ C:\Users\USFRIENDS\Desktop\TunnelBear.lnk
2013-11-10 12:25 - 2013-11-10 12:25 - 00000000 ____D C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TunnelBear
2013-11-10 12:23 - 2013-11-10 12:23 - 10116096 _____ C:\Users\USFRIENDS\Downloads\TunnelBear-Privacy.exe
2013-11-09 00:03 - 2013-11-09 00:03 - 00000000 _____ C:\Windows\SysWOW64\RENF856.tmp
2013-11-09 00:03 - 2013-11-09 00:03 - 00000000 _____ C:\Windows\SysWOW64\RENF855.tmp
2013-11-09 00:03 - 2013-11-09 00:03 - 00000000 _____ C:\Windows\SysWOW64\RENF854.tmp
2013-11-09 00:02 - 2013-11-09 00:02 - 00000000 ____D C:\Users\USFRIENDS\AppData\Roaming\Oracle
2013-11-09 00:00 - 2013-11-09 00:00 - 00000000 ____D C:\ProgramData\Oracle
2013-11-08 23:56 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-08 23:55 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-08 23:55 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-08 23:55 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-08 23:53 - 2013-11-08 23:55 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-08 19:18 - 2013-11-08 19:18 - 00005234 ____N C:\bootex.log
2013-11-06 00:05 - 2013-11-06 00:15 - 318943006 _____ C:\Users\USFRIENDS\Downloads\Downton Abbey 4x07 - Episode Seven.mp4
2013-11-05 19:10 - 2013-11-09 00:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-05 12:42 - 2013-11-05 12:43 - 251989289 _____ C:\Users\USFRIENDS\Downloads\Downton Abbey 4x06 - Episode Six.mp4
2013-11-03 16:35 - 2013-11-03 17:21 - 318943006 _____ C:\Users\USFRIENDS\Downloads\Downton_Abbey.4x07.HDTV_x264-FoV.mp4
2013-10-31 17:57 - 2013-10-31 17:57 - 00874560 _____ C:\Users\USFRIENDS\Downloads\274attract.zip
2013-10-28 08:20 - 2013-10-28 08:24 - 00000000 ____D C:\Users\USFRIENDS\Downloads\bmCondos
2013-10-27 16:11 - 2013-10-27 16:21 - 775400533 _____ C:\Users\USFRIENDS\Downloads\downton_abbey.4x06.720p_hdtv_x264 (1).mkv
2013-10-27 10:57 - 2013-10-27 10:57 - 02798393 _____ C:\Users\USFRIENDS\Downloads\br.com.blackmountain.mylook_quickdownload_19.apk
2013-10-21 13:04 - 2013-10-21 13:07 - 281632102 _____ C:\Users\USFRIENDS\Downloads\Downton Abbey 4x05 - Episode Five.mp4
2013-10-20 23:19 - 2013-10-21 00:00 - 851233010 _____ C:\Users\USFRIENDS\Downloads\4DAHD5-Iwatchonline.to.mkv
2013-10-18 18:51 - 2013-10-18 18:51 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-16 19:16 - 2013-10-16 19:16 - 00276008 _____ C:\Windows\Minidump\Mini101613-01.dmp

==================== One Month Modified Files and Folders =======

2013-11-15 22:08 - 2013-11-15 21:54 - 00031995 _____ C:\Users\USFRIENDS\Desktop\FRST.txt
2013-11-15 21:53 - 2013-11-15 21:53 - 00000000 ____D C:\FRST
2013-11-15 21:51 - 2013-11-15 21:51 - 00002548 _____ C:\Users\USFRIENDS\Desktop\JRT.txt
2013-11-15 21:45 - 2013-11-15 21:45 - 00000000 ____D C:\Windows\ERUNT
2013-11-15 21:44 - 2006-11-02 04:46 - 00711020 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-15 21:43 - 2009-06-24 17:45 - 01679412 _____ C:\Windows\WindowsUpdate.log
2013-11-15 21:24 - 2013-11-15 21:19 - 00000000 ____D C:\AdwCleaner
2013-11-15 13:20 - 2013-11-15 13:20 - 01957794 _____ (Farbar) C:\Users\USFRIENDS\Desktop\FRST64.exe
2013-11-15 13:18 - 2013-11-15 13:18 - 01034531 _____ (Thisisu) C:\Users\USFRIENDS\Desktop\JRT.exe
2013-11-15 13:16 - 2013-11-15 13:16 - 01085542 _____ C:\Users\USFRIENDS\Desktop\AdwCleaner.exe
2013-11-15 02:05 - 2011-03-05 22:30 - 00001356 _____ C:\Users\USFRIENDS\AppData\Local\d3d9caps.dat
2013-11-15 01:57 - 2013-11-15 01:56 - 00000000 ____D C:\Users\USFRIENDS\Downloads\Catalina Island Photos
2013-11-15 01:55 - 2013-05-11 23:23 - 00000000 ____D C:\Users\USFRIENDS\Downloads\DA LC Photos
2013-11-15 01:45 - 2013-11-15 01:31 - 00111170 _____ C:\Users\USFRIENDS\Desktop\OTL-edit.Txt
2013-11-15 00:54 - 2011-01-09 10:02 - 00216064 _____ C:\Users\USFRIENDS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-15 00:45 - 2013-11-15 00:45 - 00110690 _____ C:\Users\USFRIENDS\Desktop\OTL.Txt
2013-11-14 19:39 - 2006-11-02 07:21 - 00502448 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-14 19:38 - 2008-01-20 19:26 - 00338592 _____ C:\Windows\PFRO.log
2013-11-14 11:22 - 2013-11-14 11:22 - 00000910 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-14 11:22 - 2013-11-14 11:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-14 11:19 - 2013-11-14 11:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\USFRIENDS\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-14 11:19 - 2013-11-14 11:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\USFRIENDS\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-14 11:11 - 2013-11-14 11:11 - 00602112 _____ (OldTimer Tools) C:\Users\USFRIENDS\Downloads\OTL (1).com
2013-11-14 10:44 - 2009-07-07 15:51 - 00000000 ____D C:\Users\USFRIENDS\Desktop\USFRIENDS Desktop files
2013-11-14 10:43 - 2009-07-07 15:53 - 00000000 ____D C:\Users\USFRIENDS\Desktop\bm desktop files
2013-11-14 10:34 - 2011-02-19 22:14 - 00000000 ____D C:\Users\USFRIENDS\Desktop\New Folder
2013-11-14 10:33 - 2013-11-14 10:34 - 00602112 _____ (OldTimer Tools) C:\Users\USFRIENDS\Desktop\OTL (1).exe
2013-11-14 10:33 - 2013-11-14 10:33 - 00602112 _____ (OldTimer Tools) C:\Users\USFRIENDS\Downloads\OTL (1).exe
2013-11-14 09:59 - 2012-12-14 19:28 - 00000000 ____D C:\Users\Public\Documents\Verizon_Android
2013-11-14 09:59 - 2011-01-23 15:08 - 00000000 ____D C:\Users\USFRIENDS\AppData\Roaming\Dropbox
2013-11-14 09:23 - 2006-11-02 07:22 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-14 09:23 - 2006-11-02 07:22 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-14 09:22 - 2009-08-14 18:16 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-14 09:22 - 2009-06-24 17:48 - 00000000 ____D C:\Users\USFRIENDS
2013-11-14 09:22 - 2006-11-02 07:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-14 09:07 - 2013-03-07 19:49 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2013-11-14 09:07 - 2009-06-24 17:58 - 00000000 ___RD C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-14 09:07 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\system32\Msdtc
2013-11-14 09:07 - 2006-11-02 05:33 - 00000000 __RSD C:\Windows\Media
2013-11-14 09:07 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache
2013-11-14 09:07 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\registration
2013-11-14 09:07 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-14 09:07 - 2006-11-02 04:33 - 85721088 _____ C:\Windows\system32\config\software_previous
2013-11-14 09:07 - 2006-11-02 04:33 - 50331648 _____ C:\Windows\system32\config\components_previous
2013-11-14 09:07 - 2006-11-02 04:33 - 22282240 _____ C:\Windows\system32\config\system_previous
2013-11-14 09:07 - 2006-11-02 04:33 - 00524288 _____ C:\Windows\system32\config\default_previous
2013-11-14 09:07 - 2006-11-02 04:33 - 00262144 _____ C:\Windows\system32\config\security_previous
2013-11-14 09:07 - 2006-11-02 04:33 - 00262144 _____ C:\Windows\system32\config\sam_previous
2013-11-14 06:45 - 2012-08-03 22:03 - 00000000 ____D C:\Users\USFRIENDS\AppData\Local\CrashDumps
2013-11-14 06:28 - 2009-07-29 18:11 - 00000000 ____D C:\Windows\Minidump
2013-11-14 03:19 - 2010-06-11 08:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 03:15 - 2013-07-11 12:32 - 00000000 ____D C:\Windows\system32\MRT
2013-11-12 15:29 - 2013-11-12 15:26 - 508401191 _____ C:\Users\USFRIENDS\Downloads\Downton Abbey 4x08 - Episode Eight.mp4
2013-11-10 15:39 - 2013-11-10 15:22 - 1531380321 _____ C:\Users\USFRIENDS\Downloads\downton_abbey.4x08.720p_hdtv_x264.mkv
2013-11-10 12:26 - 2013-05-26 09:37 - 00000000 ____D C:\Program Files (x86)\TunnelBear
2013-11-10 12:25 - 2013-11-10 12:25 - 00001752 _____ C:\Users\USFRIENDS\Desktop\TunnelBear.lnk
2013-11-10 12:25 - 2013-11-10 12:25 - 00000000 ____D C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TunnelBear
2013-11-10 12:23 - 2013-11-10 12:23 - 10116096 _____ C:\Users\USFRIENDS\Downloads\TunnelBear-Privacy.exe
2013-11-10 00:32 - 2009-06-24 18:07 - 00000000 ____D C:\Users\USFRIENDS\AppData\Roaming\Mozilla
2013-11-09 00:08 - 2008-04-29 06:22 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-09 00:03 - 2013-11-09 00:03 - 00000000 _____ C:\Windows\SysWOW64\RENF856.tmp
2013-11-09 00:03 - 2013-11-09 00:03 - 00000000 _____ C:\Windows\SysWOW64\RENF855.tmp
2013-11-09 00:03 - 2013-11-09 00:03 - 00000000 _____ C:\Windows\SysWOW64\RENF854.tmp
2013-11-09 00:03 - 2013-11-05 19:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-09 00:02 - 2013-11-09 00:02 - 00000000 ____D C:\Users\USFRIENDS\AppData\Roaming\Oracle
2013-11-09 00:00 - 2013-11-09 00:00 - 00000000 ____D C:\ProgramData\Oracle
2013-11-08 23:55 - 2013-11-08 23:53 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-08 23:19 - 2012-06-17 08:00 - 00000000 ____D C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-11-08 22:32 - 2013-06-01 08:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-08 22:32 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\system32\spool
2013-11-08 19:18 - 2013-11-08 19:18 - 00005234 ____N C:\bootex.log
2013-11-07 02:45 - 2009-08-14 18:16 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-06 00:15 - 2013-11-06 00:05 - 318943006 _____ C:\Users\USFRIENDS\Downloads\Downton Abbey 4x07 - Episode Seven.mp4
2013-11-05 12:43 - 2013-11-05 12:42 - 251989289 _____ C:\Users\USFRIENDS\Downloads\Downton Abbey 4x06 - Episode Six.mp4
2013-11-03 17:21 - 2013-11-03 16:35 - 318943006 _____ C:\Users\USFRIENDS\Downloads\Downton_Abbey.4x07.HDTV_x264-FoV.mp4
2013-10-31 17:57 - 2013-10-31 17:57 - 00874560 _____ C:\Users\USFRIENDS\Downloads\274attract.zip
2013-10-30 13:32 - 2013-01-04 10:47 - 00000000 ____D C:\Users\USFRIENDS\AppData\Roaming\Spotify
2013-10-30 13:23 - 2013-01-04 10:47 - 00000000 ____D C:\Users\USFRIENDS\AppData\Local\Spotify
2013-10-28 08:24 - 2013-10-28 08:20 - 00000000 ____D C:\Users\USFRIENDS\Downloads\bmCondos
2013-10-28 08:22 - 2009-06-24 18:01 - 00000000 ____D C:\Users\USFRIENDS\Downloads\BMs
2013-10-27 16:21 - 2013-10-27 16:11 - 775400533 _____ C:\Users\USFRIENDS\Downloads\downton_abbey.4x06.720p_hdtv_x264 (1).mkv
2013-10-27 10:57 - 2013-10-27 10:57 - 02798393 _____ C:\Users\USFRIENDS\Downloads\br.com.blackmountain.mylook_quickdownload_19.apk
2013-10-21 13:07 - 2013-10-21 13:04 - 281632102 _____ C:\Users\USFRIENDS\Downloads\Downton Abbey 4x05 - Episode Five.mp4
2013-10-21 00:00 - 2013-10-20 23:19 - 851233010 _____ C:\Users\USFRIENDS\Downloads\4DAHD5-Iwatchonline.to.mkv
2013-10-19 11:11 - 2009-06-25 05:49 - 00000000 ____D C:\Users\USFRIENDS\AppData\Local\Google
2013-10-18 18:51 - 2013-10-18 18:51 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-18 18:51 - 2013-03-07 19:49 - 00001875 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-17 09:54 - 2013-01-21 09:35 - 00001943 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-16 23:40 - 2009-08-14 18:16 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-16 23:40 - 2009-08-14 18:16 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-16 22:48 - 2006-11-02 07:42 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-16 19:16 - 2013-10-16 19:16 - 00276008 _____ C:\Windows\Minidump\Mini101613-01.dmp
2013-10-16 19:15 - 2009-07-29 18:10 - 540953918 _____ C:\Windows\MEMORY.DMP

Files to move or delete:
====================
C:\Users\USFRIENDS\AppData\Roaming\desktop.ini
C:\Users\USER\AppData\Roaming\desktop.ini


Some content of TEMP:
====================
C:\Users\USFRIENDS\AppData\Local\Temp\ApnStub.exe
C:\Users\USFRIENDS\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\USFRIENDS\AppData\Local\Temp\GdiPlus.dll
C:\Users\USFRIENDS\AppData\Local\Temp\iMesh_setup.exe
C:\Users\USFRIENDS\AppData\Local\Temp\Installhelper.dll
C:\Users\USFRIENDS\AppData\Local\Temp\jna3532318580759467879.dll
C:\Users\USFRIENDS\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\USFRIENDS\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\USFRIENDS\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\USFRIENDS\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\USFRIENDS\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\USFRIENDS\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\USFRIENDS\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\USFRIENDS\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\USFRIENDS\AppData\Local\Temp\lowproc.exe
C:\Users\USFRIENDS\AppData\Local\Temp\mfc80u.dll
C:\Users\USFRIENDS\AppData\Local\Temp\msvcp80.dll
C:\Users\USFRIENDS\AppData\Local\Temp\msvcr80.dll
C:\Users\USFRIENDS\AppData\Local\Temp\Quarantine.exe
C:\Users\USFRIENDS\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\USFRIENDS\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\USFRIENDS\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\USFRIENDS\AppData\Local\Temp\stubhelper.dll
C:\Users\USFRIENDS\AppData\Local\Temp\SUAComnCtrl.dll
C:\Users\USFRIENDS\AppData\Local\Temp\SUARefresh.exe
C:\Users\USFRIENDS\AppData\Local\Temp\TBear-v2.exe
C:\Users\USFRIENDS\AppData\Local\Temp\TunnelBear-Privacy.exe
C:\Users\USFRIENDS\AppData\Local\Temp\ukhorah5.dll
C:\Users\USFRIENDS\AppData\Local\Temp\UTEngine.dll
C:\Users\USFRIENDS\AppData\Local\Temp\wperfenhancer2349007365369799444.dll
C:\Users\USFRIENDS\AppData\Local\Temp\_isC966.exe
C:\Users\USFRIENDS\AppData\Local\Temp\~fvdsuite-3.0.0-hotfix-06-07.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-15 21:46

==================== End Of Log ============================

======== End Of FRST.txt Log =======================

I will paste the OTL logs next. Please be patient this computer is slow even in safe mode. See you in a few with the OTL logs. Then I will have to do the two other instructions when I get home from work later on. Then I'll post the logs from those two steps. BRB with the OTL logs.
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
I'm going to be off island today so won't get back on line until tomorrow.

Your error:

Error: (11/15/2013 10:08:51 PM) (Source: nvstor64) (User: )
Description: A parity error was detected on \Device\RaidPort0.


is caused by a bad driver. This is known to cause lock ups and slowness so try and update to:

http://www.nvidia.co....58-driver.html
  • 0

#9
ThanksGeeksForHelping

ThanksGeeksForHelping

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi Ron (RKinner) :)

I'm sorry for being so slow. I want to edit the OTL & Extras log and remove some personal information, so that's taking some time. I'm also working long hours this weekend and my roommate is too. Our computer is also slow in safe mode with networking even. So I'm sorry it's taking a bit more time than expected.

That driver thing, should I do it before I do the "Speccy" and "Process Explorer" instructions you've given or after? Oh and how do I do the drivers thing? I haven't done the "Speccy" and the "Process Explorer" instructions yet because I've been working this weekend and it's taking a bit longer to edit the OTL & Extras log because the computer is slow. I hope to post everything in my next posting hopefully very soon.

Thanks so much Ron, my roommate and I appreciate your help.

Edited by ThanksGeeksForHelping, 17 November 2013 - 04:58 PM.

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
I'm at a Microsoft conference this week so my replies will be slow too.



Go ahead and run Speccy and Process Explorer if the driver update does not help.
  • 0

Advertisements


#11
ThanksGeeksForHelping

ThanksGeeksForHelping

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Thanks Ron (RKInner) :) for taking the time to help my roommate and I out. Have a good conference. Just a quick question. Every time I run the OTL tool I check off the "Use Company-Name White List" and "Skip Microsoft Files" and "LOP Check" and "Purity Check" just as those were checked in the picture in the post to read before starting a thread. So I hope I'm doing the OTL thing right. Let me know if I've totally screwed up. And if I did I'm sorry. I should have made sure before I did anything. I fear I must have made a big mistake by checking those off. And maybe that's why the computer is running slow or the OTL program stalled a bit during the scans. Maybe I'm just over thinking it. Man, did I totally mess up on the OTL tool by checking those off. :(

OK! I'm going to do the drivers thing. I hope I do it right.

Anyways, here's my OTL and Extras log.

===== Start OTL Log =============

OTL logfile created on: 11/15/2013 10:20:09 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\USFRIENDS\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 71.49% Memory free
7.92 Gb Paging File | 6.84 Gb Available in Paging File | 86.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.00 Gb Total Space | 242.95 Gb Free Space | 41.53% Space Free | Partition Type: NTFS
Drive D: | 11.17 Gb Total Space | 1.06 Gb Free Space | 9.45% Space Free | Partition Type: NTFS

Computer Name: USFRIENDS | User Name: USFRIENDS | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\USFRIENDS\Desktop\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libGLESv2.dll ()
MOD - C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libEGL.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe (McAfee, Inc.)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (WDBtnMgrSvc.exe) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe (WDC)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)
SRV - (TunnelBearMaintenance) -- C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ScsiAccess) -- C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe ()
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (OnlineBackupSchedulerService) -- C:\Program Files (x86)\Charter\Cloud Drive™ Backup\Scheduler\OnlineBackup.SchedulerService.exe ()
SRV - (FilesystemWatcher) -- C:\Program Files (x86)\Charter\Cloud Drive™ Backup\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe (DigiData Corp.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database_106545b\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database_106545b\bin\fbserver.exe (MAGIX®)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies)


========== Driver Services (SafeList) ==========

DRV:64bit: - (tap0901) -- C:\Windows\SysNative\DRIVERS\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\DRIVERS\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (CAXHWBS2) -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DP) -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys (Conexant Systems, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys (Microsoft Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (pfc) -- C:\WINDOWS\SysWOW64\drivers\pfc.sys (Padus, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{031F2291-4C2D-4B94-B441-F70122E51373}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{FDC7CCF6-4EAA-4816-8F74-10707DC90A1E}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{031F2291-4C2D-4B94-B441-F70122E51373}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{FDC7CCF6-4EAA-4816-8F74-10707DC90A1E}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...OIE9MSE&PC=UP09
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5E88C510-ACA5-4072-9289-0BCA9CE39E99}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{D66B0304-EF29-42F9-8C9B-23FB2CC89595}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKCU\..\SearchScopes\{FDC7CCF6-4EAA-4816-8F74-10707DC90A1E}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;127.0.0.1:9421;<local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"
FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2
FF - prefs.js..extensions.enabledAddons: clickclean%40hotcleaner.com:4.1
FF - prefs.js..extensions.enabledAddons: secureLogin%40blueimp.net:1.0.3
FF - prefs.js..extensions.enabledAddons: %7Bce7e73df-6a44-4028-8079-5927a588c948%7D:1.1.2
FF - prefs.js..extensions.enabledAddons: %7BFCE04E1F-9378-4f39-96F6-5689A9159E45%7D:1.3.2
FF - prefs.js..extensions.enabledAddons: %7B4cc4a13b-94a6-7568-370d-5f9de54a9c7f%7D:2.4
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.14
FF - prefs.js..extensions.enabledAddons: %7Bd37dc5d0-431d-44e5-8c91-49419370caa1%7D:3.3.26
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/11/12 17:33:31 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin: C:\Program Files (x86)\Skyhook Wireless\Loki Browser Plugin\versions\3.1.0.05\nploki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\USFRIENDS\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\USFRIENDS\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\USFRIENDS\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\USFRIENDS\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\USFRIENDS\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\USFRIENDS\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\USFRIENDS\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Webshots\3.1.5.7617\Firefox [2011/02/13 14:05:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/06/08 08:23:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/08 08:23:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/15 21:23:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/05 19:10:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\USFRIENDS\AppData\Roaming\Move Networks [2009/11/17 19:21:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/15 21:23:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/05 19:10:45 | 000,000,000 | ---D | M]

[2012/07/04 11:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Extensions
[2009/09/13 23:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/11/15 18:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/11/15 06:18:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions
[2013/06/01 08:59:05 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2013/10/21 05:17:29 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013/08/27 16:31:11 | 000,000,000 | ---D | M] (Empty Cache Button) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
[2013/11/15 06:18:25 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2013/06/01 10:31:50 | 000,000,000 | ---D | M] (Click&amp;Clean) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\[email protected]
[2013/06/08 10:33:14 | 000,012,140 | ---- | M] () (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\[email protected]
[2013/08/30 05:54:43 | 000,355,782 | ---- | M] () (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\[email protected]
[2013/06/01 10:39:39 | 000,083,379 | ---- | M] () (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\[email protected]
[2013/08/14 17:41:59 | 000,049,720 | ---- | M] () (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\[email protected]
[2013/06/07 19:15:30 | 000,073,612 | ---- | M] () (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi
[2013/10/09 18:11:30 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla\Firefox\Profiles\yuvm8yq1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/09 00:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/05 19:10:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/05 19:11:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/08 08:23:13 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2007/12/17 09:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npkimi.dll
[2013/06/08 08:22:11 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\google\chrome\application\22.0.1229.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Imikimi.com Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npkimi.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\USFRIENDS\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\USFRIENDS\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
CHR - plugin: Loki Plugin (Enabled) = C:\Program Files (x86)\Skyhook Wireless\Loki Browser Plugin\versions\3.1.0.05\nploki.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\USFRIENDS\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\USFRIENDS\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Keeper Web App = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnglfciifmgnafcgkkngkeopldlialb\7.2_0\
CHR - Extension: HootSuite Hootlet = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn\4.0.10_0\
CHR - Extension: YouTube = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: MightyText - Send/Receive SMS Text Messages = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\10.0_0\
CHR - Extension: Google Calendar = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Click&Clean = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0\
CHR - Extension: Pinterest = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.1_0\
CHR - Extension: JavaScript Popup Blocker = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol\1.2.4_0\
CHR - Extension: Cloud Reader = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_0\
CHR - Extension: Forecastfox = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0\
CHR - Extension: Secure Gmail by Streak = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jngdnjdobadbdemillgljnnbpomnfokn\1.4_0\
CHR - Extension: Shareaholic for Pinterest = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc\2.0.2_0\
CHR - Extension: Google Mail Multi-Account Checker = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpnehokodklgijkcakcfmccgpanipfp\2.0.24_0\
CHR - Extension: Google Wallet = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Pin Search | Image Search on Pinterest = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\okiaciimfpgbpdhnfdllhdkicpmdoakm\1.0.14_0\
CHR - Extension: Click&Clean App = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\
CHR - Extension: Evernote Web Clipper = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0\
CHR - Extension: Gmail = C:\Users\USFRIENDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/02/09 18:29:56 | 000,580,592 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 15615 more lines...
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Online Backup Auto Update] C:\Program Files (x86)\Charter\Cloud Drive™ Backup\Auto Update\OnlineBackup.UpdateSystemTray.exe ()
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Vault Explorer Cache Watcher] C:\Program Files (x86)\Charter\Cloud Drive™ Backup\vewatch.exe (DigiData Corp.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKCU..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [Report] C:\AdwCleaner\AdwCleaner[S0].txt ()
O4 - Startup: C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk = C:\Users\USFRIENDS\AppData\Local\Apps\2.0\GY2P6X9A.C64\ZGR7DZ6N.C95\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe (Amazon Digital Services, LLC.)
O4 - Startup: C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Charter Cloud Drive™ Backup.lnk = C:\WINDOWS\SysWOW64\schtasks.exe (Microsoft Corporation)
O4 - Startup: C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\USFRIENDS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Utility Application.lnk = C:\Users\USFRIENDS\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe (Samsung Electronics Co. Ltd.)
O4 - Startup: C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files (x86)\Webshots\3.1.5.7617\Launcher.exe (Webshots.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DACA66BD-C660-440D-9EFB-D8274ED0C9E3}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\USFRIENDS\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\USFRIENDS\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0e07bc14-470d-11e1-b66f-001fc6e8a92f}\Shell - "" = AutoRun
O33 - MountPoints2\{0e07bc14-470d-11e1-b66f-001fc6e8a92f}\Shell\AutoRun\command - "" = K:\setup.exe -a
O33 - MountPoints2\{274c3a63-444f-11e2-922d-001fc6e8a92f}\Shell - "" = AutoRun
O33 - MountPoints2\{274c3a63-444f-11e2-922d-001fc6e8a92f}\Shell\AutoRun\command - "" = K:\VZW_Software_upgrade_assistant_installer.exe
O33 - MountPoints2\{33aa1b69-2639-11e0-acca-001fc6e8a92f}\Shell - "" = AutoRun
O33 - MountPoints2\{33aa1b69-2639-11e0-acca-001fc6e8a92f}\Shell\AutoRun\command - "" = J:\setup.exe -a
O33 - MountPoints2\{4f3e1418-31cc-11e0-b7e4-001fc6e8a92f}\Shell - "" = AutoRun
O33 - MountPoints2\{4f3e1418-31cc-11e0-b7e4-001fc6e8a92f}\Shell\AutoRun\command - "" = J:\setup.exe -a
O33 - MountPoints2\{8e423621-ceb4-11de-bc95-001fc6e8a92f}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe
O33 - MountPoints2\{b6f71f0b-7bfc-11e0-b1b9-001fc6e8a92f}\Shell - "" = AutoRun
O33 - MountPoints2\{b6f71f0b-7bfc-11e0-b1b9-001fc6e8a92f}\Shell\AutoRun\command - "" = J:\setup.exe -a
O33 - MountPoints2\{cea2e9a4-ae17-11de-823e-001fc6e8a92f}\Shell\AutoRun\command - "" = J:\slacker.synclauncher.exe
O33 - MountPoints2\{cea2e9a4-ae17-11de-823e-001fc6e8a92f}\Shell\slacker\command - "" = J:\slacker.synclauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found
MsConfig:64bit - StartUpFolder: C:^Users^USFRIENDS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\USFRIENDS\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^USFRIENDS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Webshots.lnk - C:\Program Files (x86)\Webshots\3.1.5.7617\Launcher.exe - (Webshots.com)
MsConfig:64bit - StartUpReg: 7C50DB8299355D1DEB14345803194DF0AEF2E6A0._service_run - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Akamai NetSession Interface - hkey= - key= - C:\Users\USFRIENDS\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
MsConfig:64bit - StartUpReg: Logitech Vid - hkey= - key= - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MsConfig:64bit - StartUpReg: Memeo AutoSync - hkey= - key= - C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\USFRIENDS\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: TomTomHOME.exe - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {3CE02F38-C912-44CF-B02E-60F7964E61FF} - BingPack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{3c717892-e1cd-470f-a19d-a40c88fb113f} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FDB7C09A-0D14-F9A6-3B48-241F930C482F} - Microsoft Windows Media Player
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivXNetworks, Inc.)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2013/11/15 21:53:44 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/15 21:45:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/15 21:19:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/15 13:20:38 | 001,957,794 | ---- | C] (Farbar) -- C:\Users\USFRIENDS\Desktop\FRST64.exe
[2013/11/15 13:18:49 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\USFRIENDS\Desktop\JRT.exe
[2013/11/14 11:22:25 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/14 11:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/14 11:21:13 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\USFRIENDS\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/14 10:34:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\USFRIENDS\Desktop\OTL (1).exe
[2013/11/10 12:25:20 | 000,000,000 | ---D | C] -- C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TunnelBear
[2013/11/09 00:02:24 | 000,000,000 | ---D | C] -- C:\Users\USFRIENDS\AppData\Roaming\Oracle
[2013/11/09 00:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/08 23:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/11/05 19:10:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/18 18:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/10/18 18:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2009/07/17 16:02:21 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\USFRIENDS\AppData\Roaming\pcouffin.sys
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/15 21:44:54 | 000,711,020 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/15 21:44:54 | 000,608,770 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/15 21:44:54 | 000,105,680 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/15 21:30:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/15 13:20:52 | 001,957,794 | ---- | M] (Farbar) -- C:\Users\USFRIENDS\Desktop\FRST64.exe
[2013/11/15 13:18:55 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\USFRIENDS\Desktop\JRT.exe
[2013/11/15 13:16:39 | 001,085,542 | ---- | M] () -- C:\Users\USFRIENDS\Desktop\AdwCleaner.exe
[2013/11/15 02:05:42 | 000,001,356 | ---- | M] () -- C:\Users\USFRIENDS\AppData\Local\d3d9caps.dat
[2013/11/15 00:54:53 | 000,216,064 | ---- | M] () -- C:\Users\USFRIENDS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/14 19:39:54 | 000,502,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/14 11:22:26 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/14 11:19:38 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\USFRIENDS\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/14 10:33:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\USFRIENDS\Desktop\OTL (1).exe
[2013/11/14 09:59:14 | 000,002,908 | ---- | M] () -- C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk
[2013/11/14 09:23:21 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/14 09:23:21 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/14 09:22:31 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/10 12:25:21 | 000,001,752 | ---- | M] () -- C:\Users\USFRIENDS\Desktop\TunnelBear.lnk
[2013/11/08 23:19:35 | 000,000,955 | ---- | M] () -- C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/11/07 02:45:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/30 17:17:18 | 000,000,973 | ---- | M] () -- C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
[2013/10/28 08:40:15 | 000,154,935 | ---- | M] () -- C:\Users\USFRIENDS\Desktop\Survey Form_v4.pdf
[2013/10/18 18:51:14 | 000,001,875 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/10/18 18:51:14 | 000,001,875 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/10/17 09:54:15 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/15 13:16:28 | 001,085,542 | ---- | C] () -- C:\Users\USFRIENDS\Desktop\AdwCleaner.exe
[2013/11/14 11:22:26 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/10 12:25:21 | 000,001,752 | ---- | C] () -- C:\Users\USFRIENDS\Desktop\TunnelBear.lnk
[2013/10/28 08:40:19 | 000,154,935 | ---- | C] () -- C:\Users\USFRIENDS\Desktop\Survey Form_v4.pdf
[2013/02/09 11:00:37 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/12/19 17:39:20 | 000,359,029 | ---- | C] () -- C:\Users\USFRIENDS\.TransferManager.db
[2012/03/01 19:42:32 | 000,000,375 | ---- | C] () -- C:\Users\USFRIENDS\Documents - Shortcut.lnk
[2011/03/05 22:30:43 | 000,001,356 | ---- | C] () -- C:\Users\USFRIENDS\AppData\Local\d3d9caps.dat
[2011/01/09 10:02:36 | 000,216,064 | ---- | C] () -- C:\Users\USFRIENDS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/03 21:54:56 | 000,152,772 | ---- | C] () -- C:\Users\USFRIENDS\hosts.zip
[2010/06/11 08:53:09 | 000,024,226 | ---- | C] () -- C:\Users\USFRIENDS\AppData\Roaming\UserTile.png
[2009/07/17 16:02:21 | 000,099,384 | ---- | C] () -- C:\Users\USFRIENDS\AppData\Roaming\inst.exe
[2009/07/17 16:02:21 | 000,007,859 | ---- | C] () -- C:\Users\USFRIENDS\AppData\Roaming\pcouffin.cat
[2009/07/17 16:02:21 | 000,001,167 | ---- | C] () -- C:\Users\USFRIENDS\AppData\Roaming\pcouffin.inf
[2009/07/11 16:06:46 | 000,000,358 | ---- | C] () -- C:\Users\USFRIENDS\AppData\Roaming\wklnhst.dat
[2009/06/25 05:38:28 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2006/11/02 07:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 09:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/10 23:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 18:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/02/11 15:45:17 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Alex Inc
[2011/03/27 18:07:57 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Amazon
[2009/07/07 16:58:45 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Blackberry Desktop
[2012/05/12 23:24:09 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Canon
[2009/11/04 19:08:23 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\DassaultSystemes
[2011/06/24 21:54:21 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\DigiData
[2013/11/14 09:59:40 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Dropbox
[2011/10/01 10:12:17 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\EasyMP3Downloader
[2009/08/17 01:18:12 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\FileZilla
[2012/06/16 09:59:41 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\FVD Suite
[2009/09/13 23:29:43 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Greyfirst
[2013/02/15 16:08:03 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\KeeperData
[2010/12/25 10:00:11 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Leadertech
[2010/08/07 09:01:12 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\MAGIX
[2010/01/24 11:18:52 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Memeo
[2012/07/03 23:56:48 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\MusicNet
[2010/08/06 15:15:11 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Netscape
[2012/12/18 06:14:47 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\ooVoo Details
[2011/10/28 19:55:20 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Opera
[2013/11/09 00:02:24 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Oracle
[2011/04/13 16:44:46 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\OverDrive
[2010/08/06 20:12:49 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Photodex
[2010/09/16 17:50:16 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Research In Motion
[2010/01/24 08:17:21 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Smilebox(198)
[2013/10/30 13:32:20 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Spotify
[2009/07/11 16:06:49 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Template
[2009/11/15 18:45:21 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\TomTom
[2009/07/17 18:58:27 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Vso
[2011/01/16 19:44:42 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\WD
[2011/02/13 14:09:52 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Webshots
[2010/03/24 19:50:04 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\YouSendIt

========== Purity Check ==========



========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD64 00AAKS-65A7B SCSI Disk Device
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic USB SD Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic USB CF Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic USB SM Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic USB MS Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 585.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 11.00GB
Starting Offset: 628139957760
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2 C:\*.tmp files -> C:\*.tmp -> ]

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/12/24 21:07:06 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Adobe
[2011/02/11 15:45:17 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Alex Inc
[2011/03/27 18:07:57 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Amazon
[2013/06/04 16:17:40 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Apple Computer
[2009/07/07 16:58:45 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Blackberry Desktop
[2012/05/12 23:24:09 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Canon
[2013/06/02 11:01:19 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\CyberLink
[2009/11/04 19:08:23 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\DassaultSystemes
[2011/06/24 21:54:21 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\DigiData
[2009/09/07 15:58:00 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\DivX
[2010/07/31 13:10:21 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Download Manager
[2013/11/14 09:59:40 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Dropbox
[2011/10/01 10:12:17 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\EasyMP3Downloader
[2009/08/17 01:18:12 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\FileZilla
[2012/06/16 09:59:41 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\FVD Suite
[2012/09/21 18:25:16 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Google
[2009/09/13 23:29:43 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Greyfirst
[2009/06/24 17:59:41 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Hewlett-Packard
[2009/06/24 17:51:38 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\HP TCS
[2009/06/24 17:58:29 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Identities
[2012/11/23 08:45:44 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\InstallShield
[2013/02/15 16:08:03 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\KeeperData
[2010/12/25 10:00:11 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Leadertech
[2009/07/31 02:03:41 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Macromedia
[2010/08/07 09:01:12 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\MAGIX
[2011/02/23 16:40:42 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Malwarebytes
[2006/11/02 07:07:25 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Media Center Programs
[2010/01/24 11:18:52 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Memeo
[2012/12/14 23:52:36 | 000,000,000 | --SD | M] -- C:\Users\USFRIENDS\AppData\Roaming\Microsoft
[2009/11/17 19:21:33 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Move Networks
[2013/11/10 00:32:10 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Mozilla
[2012/07/03 23:56:48 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\MusicNet
[2010/08/06 15:15:11 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Netscape
[2012/12/18 06:14:47 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\ooVoo Details
[2011/10/28 19:55:20 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Opera
[2013/11/09 00:02:24 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Oracle
[2011/04/13 16:44:46 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\OverDrive
[2010/08/06 20:12:49 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Photodex
[2013/06/09 09:56:18 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Real
[2013/06/08 08:25:07 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\RealNetworks
[2010/09/16 17:50:16 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Research In Motion
[2009/09/21 19:51:37 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Roxio
[2012/06/17 18:39:24 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Skype
[2011/06/06 15:09:37 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\skypePM
[2010/01/24 08:17:21 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Smilebox(198)
[2013/10/30 13:32:20 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Spotify
[2009/06/24 17:59:09 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Symantec
[2009/07/11 16:06:49 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Template
[2009/11/15 18:45:21 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\TomTom
[2013/04/11 03:51:30 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Verizon
[2013/04/11 03:47:49 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Verizon_AR
[2009/07/17 18:58:27 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Vso
[2011/01/16 19:44:42 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\WD
[2011/02/13 14:09:52 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Webshots
[2009/06/25 18:35:10 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\Yahoo!
[2010/03/24 19:50:04 | 000,000,000 | ---D | M] -- C:\Users\USFRIENDS\AppData\Roaming\YouSendIt

< MD5 for: ATAPI.SYS >
[2008/01/20 18:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/10 23:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009/04/10 23:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/01/20 18:49:57 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\Windows\SysNative\csrss.exe
[2008/01/20 18:49:57 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_b5027f5b9c731f82\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/10/28 22:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/28 22:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 19:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/10 23:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\WINDOWS\explorer.exe
[2009/04/10 23:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 18:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/28 22:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\SysWOW64\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/29 21:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 18:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 18:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 18:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008/01/20 18:50:56 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=66306D7E90650EBE667811C1AF010BAC -- C:\WINDOWS\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_1471f289e5a92fc4\mswsock.dll
[2009/04/10 22:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\WINDOWS\SysWOW64\mswsock.dll
[2009/04/10 22:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 18:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
[2009/04/10 23:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\SysNative\mswsock.dll
[2009/04/10 23:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_165d6b95e2cafb10\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2008/01/20 18:49:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=062972C53BDC6819CE0BAAAA5382F758 -- C:\Windows\SysNative\NapiNSP.dll
[2008/01/20 18:49:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=062972C53BDC6819CE0BAAAA5382F758 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_083bdc4c478e57f6\NapiNSP.dll
[2008/01/20 18:49:49 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\WINDOWS\SysWOW64\NapiNSP.dll
[2008/01/20 18:49:49 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\WINDOWS\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2008/01/20 18:50:27 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=C5EDECA7546B009484B23FAD0E9724C1 -- C:\Windows\SysNative\nlaapi.dll
[2008/01/20 18:50:27 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=C5EDECA7546B009484B23FAD0E9724C1 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_c3a4914ac347b69b\nlaapi.dll
[2008/01/20 18:51:08 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\WINDOWS\SysWOW64\nlaapi.dll
[2008/01/20 18:51:08 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_cdf93b9cf7a87896\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2008/01/20 18:52:02 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\WINDOWS\SysWOW64\pnrpnsp.dll
[2008/01/20 18:52:02 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_d7f25b890f32c83a\pnrpnsp.dll
[2008/01/20 18:52:02 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=E1BAEEE7949ED5019259E69393367400 -- C:\Windows\SysNative\pnrpnsp.dll
[2008/01/20 18:52:02 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=E1BAEEE7949ED5019259E69393367400 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_cd9db136dad2063f\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2008/01/20 18:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/10 23:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SysNative\services.exe
[2009/04/10 23:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009/04/10 22:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\WINDOWS\SysWOW64\services.exe
[2009/04/10 22:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2008/01/20 18:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 18:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\SysWOW64\svchost.exe
[2008/01/20 18:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/20 18:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 18:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\WINDOWS\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USER32.DLL >
[2008/01/20 18:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\WINDOWS\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008/01/20 18:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009/04/10 22:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\WINDOWS\SysWOW64\user32.dll
[2009/04/10 22:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009/04/10 23:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SysNative\user32.dll
[2009/04/10 23:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\WINDOWS\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll

< MD5 for: USERINIT.EXE >
[2008/01/20 18:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\SysWOW64\userinit.exe
[2008/01/20 18:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 18:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 18:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/10 23:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/10 23:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 18:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\SysWOW64\winlogon.exe
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 18:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINRNR.DLL >
[2008/01/20 18:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\SysNative\winrnr.dll
[2008/01/20 18:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_b56cee730873a8a0\winrnr.dll
[2008/01/20 18:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_b758677f059573ec\winrnr.dll
[2009/04/10 22:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\WINDOWS\SysWOW64\winrnr.dll
[2009/04/10 22:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\WINDOWS\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 01:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\WINDOWS\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_594e52ef5016376a\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2006/11/02 01:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\WINDOWS\SysWOW64\wshelper.dll
[2006/11/02 01:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_6af84843e4192e9a\wshelper.dll
[2006/11/02 03:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\SysNative\wshelper.dll
[2006/11/02 03:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\wshelper.dll

< dir C:\ /S /A:L /C >
Volume in drive C is HP
Volume Serial Number is 0A01-AEC1
Directory of C:\
06/24/2009 05:45 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
06/24/2009 05:45 PM <JUNCTION> Application Data [C:\ProgramData]
06/24/2009 05:45 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
06/24/2009 05:45 PM <JUNCTION> Documents [C:\Users\Public\Documents]
06/24/2009 05:45 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
06/24/2009 05:45 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
06/24/2009 05:45 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
06/24/2009 05:45 PM <SYMLINKD> All Users [C:\ProgramData]
06/24/2009 05:45 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
06/24/2009 05:45 PM <JUNCTION> Application Data [C:\ProgramData]
06/24/2009 05:45 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
06/24/2009 05:45 PM <JUNCTION> Documents [C:\Users\Public\Documents]
06/24/2009 05:45 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
06/24/2009 05:45 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
06/24/2009 05:45 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\USFRIENDS
06/24/2009 05:48 PM <JUNCTION> Application Data [C:\Users\USFRIENDS\AppData\Roaming]
06/24/2009 05:48 PM <JUNCTION> Cookies [C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Cookies]
06/24/2009 05:48 PM <JUNCTION> Local Settings [C:\Users\USFRIENDS\AppData\Local]
06/24/2009 05:48 PM <JUNCTION> My Documents [C:\Users\USFRIENDS\Documents]
06/24/2009 05:48 PM <JUNCTION> NetHood [C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/24/2009 05:48 PM <JUNCTION> PrintHood [C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/24/2009 05:48 PM <JUNCTION> Recent [C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Recent]
06/24/2009 05:48 PM <JUNCTION> SendTo [C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\SendTo]
06/24/2009 05:48 PM <JUNCTION> Start Menu [C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Start Menu]
06/24/2009 05:48 PM <JUNCTION> Templates [C:\Users\USFRIENDS\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\USFRIENDS\AppData\Local
06/24/2009 05:48 PM <JUNCTION> Application Data [C:\Users\USFRIENDS\AppData\Local]
06/24/2009 05:48 PM <JUNCTION> History [C:\Users\USFRIENDS\AppData\Local\Microsoft\Windows\History]
06/24/2009 05:48 PM <JUNCTION> Temporary Internet Files [C:\Users\USFRIENDS\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\USFRIENDS\AppData\LocalLow
06/11/2011 06:46 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\USFRIENDS\Documents
06/24/2009 05:48 PM <JUNCTION> My Music [C:\Users\USFRIENDS\Music]
06/24/2009 05:48 PM <JUNCTION> My Pictures [C:\Users\USFRIENDS\Pictures]
06/24/2009 05:48 PM <JUNCTION> My Videos [C:\Users\USFRIENDS\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
06/24/2009 05:45 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
06/24/2009 05:45 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
06/24/2009 05:45 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
06/24/2009 05:45 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
06/24/2009 05:45 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/24/2009 05:45 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/24/2009 05:45 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
06/24/2009 05:45 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
06/24/2009 05:45 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
06/24/2009 05:45 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
06/24/2009 05:45 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
06/24/2009 05:45 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
06/24/2009 05:45 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
06/24/2009 05:45 PM <JUNCTION> My Music [C:\Users\Default\Music]
06/24/2009 05:45 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
06/24/2009 05:45 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
06/24/2009 05:45 PM <JUNCTION> My Music [C:\Users\Public\Music]
06/24/2009 05:45 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
06/24/2009 05:45 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\WINDOWS\System32\config\systemprofile
06/30/2009 02:52 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
06/30/2009 02:52 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
06/30/2009 02:52 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
06/30/2009 02:52 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
06/30/2009 02:52 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/30/2009 02:52 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/30/2009 02:52 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
06/30/2009 02:52 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
06/30/2009 02:52 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
06/30/2009 02:52 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\WINDOWS\System32\config\systemprofile\AppData\Local
06/30/2009 02:52 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
06/30/2009 02:52 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
06/30/2009 02:52 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\WINDOWS\System32\config\systemprofile\Documents
06/30/2009 02:52 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
06/30/2009 02:52 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
06/30/2009 02:52 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\WINDOWS\SysWOW64\config\systemprofile
06/30/2009 02:52 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
06/30/2009 02:52 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
06/30/2009 02:52 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
06/30/2009 02:52 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
06/30/2009 02:52 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/30/2009 02:52 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/30/2009 02:52 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
06/30/2009 02:52 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
06/30/2009 02:52 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
06/30/2009 02:52 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local
06/30/2009 02:52 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
06/30/2009 02:52 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
06/30/2009 02:52 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\WINDOWS\SysWOW64\config\systemprofile\Documents
06/30/2009 02:52 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
06/30/2009 02:52 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
06/30/2009 02:52 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
83 Dir(s) 260,868,083,712 bytes free

< C:\Windows\assembly\tmp\U\*.* /s >
[2006/11/02 07:42:03 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 07:42:03 | 000,032,568 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/26 15:38:34 | 000,000,438 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E73B303C-948D-4079-81F1-CF26613284D5}.job
[2009/08/14 18:07:00 | 000,000,880 | ---- | C] () -- C:\Windows\Tasks\Google Software Updater.job
[2009/08/14 18:16:06 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/08/14 18:16:06 | 000,000,898 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/06/15 22:50:19 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/06/25 04:45:17 | 000,000,617 | ---- | C] () -- C:\Windows\Tasks\OnlineBackupManager.job
[2013/10/09 14:29:13 | 000,000,864 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3694992828-362353423-1709206159-1000Core1cec53efb70193c.job

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\CELTX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Celtx\uninstall\helper.exe" /HideShortcuts [2009/06/12 08:14:34 | 000,495,872 | ---- | M] (celtx.com)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\CELTX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Celtx\uninstall\helper.exe" /ShowShortcuts [2009/06/12 08:14:34 | 000,495,872 | ---- | M] (celtx.com)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\CELTX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Celtx\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/06/12 08:14:34 | 000,495,872 | ---- | M] (celtx.com)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\CELTX.EXE\shell\open\command\\: C:\Program Files (x86)\Celtx\celtx.exe [2009/06/12 08:14:30 | 008,530,944 | ---- | M] (Greyfirst Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\CELTX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Celtx\celtx.exe" -preferences [2009/06/12 08:14:30 | 008,530,944 | ---- | M] (Greyfirst Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\CELTX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Celtx\celtx.exe" -safe-mode [2009/06/12 08:14:30 | 008,530,944 | ---- | M] (Greyfirst Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/11/05 19:10:55 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/11/05 19:10:55 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/11/05 19:10:55 | 000,872,352 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2013/11/05 19:11:46 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013/11/05 19:11:46 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013/11/05 19:11:46 | 000,275,568 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/10/08 16:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2013/10/08 16:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2013/10/08 16:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2013/10/08 16:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/04/20 18:32:47 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/04/20 18:32:47 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/04/20 18:32:47 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2013/09/22 02:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013/09/22 02:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ShowIconsCommand [2013/04/18 14:14:58 | 000,879,456 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /HideIconsCommand [2013/04/18 14:14:58 | 000,879,456 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ReInstallBrowser [2013/04/18 14:14:58 | 000,879,456 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files (x86)\Opera\Opera.exe" [2013/04/18 14:14:58 | 000,879,456 | ---- | M] (Opera Software)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/04/20 18:32:35 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/04/20 18:32:35 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/04/20 18:32:35 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/09/22 02:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2013/09/22 02:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/06/28 06:54:38 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe
[2006/11/02 07:14:04 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/04/10 22:28:24 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextService.dll
[2006/09/19 03:43:31 | 000,016,212 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/02/18 10:39:57 | 001,272,752 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/02/18 10:39:57 | 000,980,032 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/02/18 10:39:58 | 001,665,878 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/02/18 10:39:58 | 001,445,430 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/02/18 10:40:01 | 001,810,352 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2006/09/19 03:43:34 | 000,044,968 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2009/04/10 22:23:33 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:73BDADA8

< End of report >

====== End OTL Log =======================

And here's the Extras Log.

========= Start Extras Log ==============

OTL Extras logfile created on: 11/15/2013 10:20:09 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\USFRIENDS\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 71.49% Memory free
7.92 Gb Paging File | 6.84 Gb Available in Paging File | 86.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.00 Gb Total Space | 242.95 Gb Free Space | 41.53% Space Free | Partition Type: NTFS
Drive D: | 11.17 Gb Total Space | 1.06 Gb Free Space | 9.45% Space Free | Partition Type: NTFS

Computer Name: USFRIENDS | User Name: USFRIENDS | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.jse [@ = JSEFile] -- C:\Windows\SysWOW64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- Reg Error: Value error.
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- Reg Error: Value error.
jsfile [open] -- C:\Windows\SysWOW64\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\SysWOW64\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\SysWOW64\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\SysWOW64\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = BB 29 5E D0 49 02 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3694992828-362353423-1709206159-1000]
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05005C90-21B2-409F-B940-ADD0149E79F7}" = lport=445 | protocol=6 | dir=in | app=system |
"{05C688B3-A0C6-43D9-AA41-29A71A807A86}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{12374741-18F8-409F-9AFF-C862CAADE707}" = rport=139 | protocol=6 | dir=out | app=system |
"{3E8211E2-1E7C-4273-95C7-8C95D0040E50}" = lport=137 | protocol=17 | dir=in | app=system |
"{57156452-FD87-481E-8F1B-F8FD1E2E5DA5}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{5D2275FC-CAE7-439F-8D31-A58ECE23BD65}" = rport=138 | protocol=17 | dir=out | app=system |
"{6A3C4D63-AFA8-4B65-8AEE-513C100BB4A9}" = rport=137 | protocol=17 | dir=out | app=system |
"{8023CF17-5B9F-4A64-A612-35B34F886932}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface |
"{96A7A1EE-3BED-42EC-956C-98B081D273FF}" = lport=138 | protocol=17 | dir=in | app=system |
"{AAAAB55E-599C-4B79-B08C-A8A682CA14F8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B695C325-4B6D-470B-A3D3-8AF7C2C6DD91}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C0900122-EEE0-4502-A840-91B66C061083}" = lport=139 | protocol=6 | dir=in | app=system |
"{DC60DD8D-5A6B-4F9B-A64F-D2C20079A79A}" = rport=445 | protocol=6 | dir=out | app=system |
"{EFE0670A-90D0-4961-A005-57DBBBEC60FA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F6D9C295-0435-49C0-BC26-9B5867CAD470}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F8FAE70B-BBC7-498C-AF34-4AC40D37CD45}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053512C8-4561-4B00-B491-7D5284BF213B}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{0CEBF583-FBA0-417C-8331-161EBC3178F9}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{0D40D9F5-39D9-410B-8B81-64AE51943E9B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0F17A6A0-C429-415B-B252-CFD9A7F04DC0}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{0F37BE25-30CC-4648-951E-098EC93808FF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1AB77C48-8839-4903-8564-821DE8DD8EA9}" = protocol=17 | dir=in | app=c:\users\USFRIENDS\appdata\roaming\dropbox\bin\dropbox.exe |
"{1AF08051-77FD-4148-9695-78440B8EA893}" = protocol=6 | dir=in | app=c:\program files (x86)\photodex\proshowgold\proshow.exe |
"{20AACDAF-D0E8-4E64-A256-786927DE6992}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{271F677C-11F6-45E6-A2D5-49940C099FBF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{2CAFD8DE-3639-4F5F-90AF-3636A90735FE}" = protocol=17 | dir=in | app=c:\users\USFRIENDS\appdata\local\akamai\netsession_win.exe |
"{369DB9AB-E4E7-401B-8493-A0BD5D8A1F6C}" = protocol=6 | dir=in | app=c:\users\USFRIENDS\appdata\roaming\spotify\spotify.exe |
"{4C0C21F2-E21D-4588-B4EE-623AA356A36E}" = protocol=6 | dir=in | app=c:\users\USFRIENDS\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{4C9D31D1-8828-4301-BA70-71A0A5ECE7B2}" = protocol=6 | dir=in | app=c:\users\USFRIENDS\appdata\local\akamai\netsession_win.exe |
"{4DD88A18-FF94-4A7A-BAA0-9D2BD6543356}" = protocol=17 | dir=in | app=c:\program files (x86)\tunnelbear\tbear.exe |
"{56201DD9-2673-465C-8F85-B866825D8F5E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{568D98F1-90BB-41C8-BD71-043DBA7156D0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5DE04733-31F8-4136-8D8E-C64B8EE0F0AB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{66B81860-7E1C-431F-8B78-2A65574BE23C}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{70FE101C-648C-441C-9469-100B76AA0C3B}" = protocol=1 | dir=out | [email protected],-28544 |
"{75DE5D6B-2612-47CF-978A-59C604D5B2F5}" = protocol=58 | dir=out | [email protected],-28546 |
"{807413D6-3205-4055-8A69-4BF9D540E077}" = protocol=1 | dir=in | [email protected],-28543 |
"{83CCEFA7-2255-4D3A-A3ED-460873F352FC}" = protocol=17 | dir=in | app=c:\users\USFRIENDS\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{8A42D2CD-68EC-48A0-A7DA-F98405E017EC}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{8DEA4618-ED3C-433B-ACD3-47F0D3AF3EFC}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{942A2B96-236A-4403-8831-B693DE953B82}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{9D4C68DC-ACFD-4EB0-8F11-D83BB78A0BCA}" = protocol=6 | dir=in | app=c:\users\USFRIENDS\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{9EF41C35-43CC-44F8-B8CF-1D55F9015790}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{A37D20F0-D702-42D2-AD22-E37734423AC0}" = protocol=58 | dir=in | [email protected],-28545 |
"{A8B663B7-ABFE-471F-811E-66371FAB60E2}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{B36B7E82-AF15-4CC1-8F00-678F2793FC32}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BF7149E1-70D7-4277-AAD1-E392B87F4CE8}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{C4C58146-1BF0-4AB6-AA91-7139BC873580}" = protocol=17 | dir=in | app=c:\program files (x86)\photodex\proshowgold\proshow.exe |
"{CACD24F6-7BFA-4D04-AF5F-014B31966461}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{D30F7EC1-AC5E-4887-A82E-3FB6E35C0643}" = protocol=17 | dir=in | app=c:\users\USFRIENDS\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{DE7F81FD-A81F-4C79-BA23-246C7575B174}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{EAD73C45-8BBA-442D-AB54-1BF36F7FA91A}" = protocol=17 | dir=in | app=c:\users\USFRIENDS\appdata\roaming\spotify\spotify.exe |
"{EBCF3DDA-243E-4D67-A872-5E95153391CC}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{F09A145A-4311-425F-82BB-7220F72A2C7C}" = protocol=6 | dir=in | app=c:\users\USFRIENDS\appdata\roaming\dropbox\bin\dropbox.exe |
"{F1F3EC05-CB6F-4E24-B4E2-9CBE7B03584F}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{FEBB8766-8CAC-45F8-9F3B-032DABA0D984}" = protocol=6 | dir=in | app=c:\program files (x86)\tunnelbear\tbear.exe |
"TCP Query User{234B8EE9-7975-4DD4-BB4E-A8592D3536AC}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{52A5B5D3-53F5-47F9-9E75-AE85A5BF7E19}C:\program files (x86)\charter\cloud drive™ backup\syncnshare\onlinebackup.syncnshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\charter\cloud drive™ backup\syncnshare\onlinebackup.syncnshare.exe |
"TCP Query User{71813986-996F-4F5F-9097-8810EE6CCEDC}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{7F5A5BF7-4EB7-4AFC-96D6-694ED3E25D6A}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{A12B946C-0584-46A5-9973-E6C89F17ECA4}C:\users\USFRIENDS\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\USFRIENDS\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{E00519B6-9EF4-4689-A2E3-C667C95475A4}C:\users\USFRIENDS\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\USFRIENDS\appdata\roaming\spotify\spotify.exe |
"TCP Query User{E1421703-866C-4C9A-84C2-200E7F1CBA03}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"TCP Query User{E97500C7-5B10-4750-AA70-3D94DE3FD971}C:\users\USFRIENDS\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\USFRIENDS\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{F9574C27-7642-4FAB-B17D-9585ECA086FC}C:\users\USFRIENDS\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\USFRIENDS\appdata\local\akamai\netsession_win.exe |
"UDP Query User{17316C1F-6436-462F-BA16-C90CE5D8A33F}C:\users\USFRIENDS\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\USFRIENDS\appdata\roaming\spotify\spotify.exe |
"UDP Query User{385A4979-40B6-4C7B-831F-CA7776D19AFD}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"UDP Query User{534B27EA-164B-481E-B034-24D805977B20}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{543EDF4F-2CAF-47A5-BF91-A9FBD25577BC}C:\users\USFRIENDS\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\USFRIENDS\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{6F4B73CA-A521-4409-92C4-3D4EE2AA8815}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{7B812185-24EC-4848-B7A2-73C6861DA541}C:\users\USFRIENDS\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\USFRIENDS\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{ED2FE2ED-1166-49AF-93E9-11D9050BD0C2}C:\program files (x86)\charter\cloud drive™ backup\syncnshare\onlinebackup.syncnshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\charter\cloud drive™ backup\syncnshare\onlinebackup.syncnshare.exe |
"UDP Query User{F2F13BF0-19AF-4F0F-AD4F-D7FE594A73F9}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{FE8A3051-069E-409C-8312-98BAEE9FA7AF}C:\users\USFRIENDS\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\USFRIENDS\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4EF6A3C5-7B7A-453A-A887-7252A1A65596}" = WD Drive Manager (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7A7C7AFC-F624-4c95-9C03-9CC4FD70122A}" = Memeo AutoSync
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{A7D48BF6-8ED8-4B91-8267-34CDE7807D05}_is1" = HP Demo
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF1EB598-B424-436A-B15F-B763846BA970}" = Dassault Systemes Software Prerequisites x86-x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{2857dbef-0b50-361c-8690-7d505747009f}" = Webshots Desktop
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C74D5C3-EBB9-408E-972F-B9802F13D5E4}" = 3DVIA Shape for Maps
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5D674121-9735-4532-8A48-169A1B09EDFE}" = Charter Cloud Drive™ Backup
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6264BE71-3144-47BE-B029-B9701B35A0DD}" = Movie Converter v4
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A75BC59B-10BF-6B87-DCC7-3501F158ACC6}" = Times Reader
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console
"{D3D2A5FF-55C2-4A5A-BDAC-A502A66E6B8D}" = Verizon Wireless Software Utility Application for Android - Samsung
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D647F06F-2908-487E-9CDA-DE52148CBF49}" = OverDrive Media Console
"{E0810CC2-4B5B-4439-B1D0-452306AF2D64}" = HP Active Support Library
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{fba28920-8485-3586-980c-54c863eb45e6}" = Webshots Toolbar for Firefox
"{FD1408CA-47E3-45C8-B7CB-75AEB8F98DA1}" = Verizon Wireless Software Upgrade Assistant - Samsung(ar)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE6FA294-1A34-47D0-B72D-DA15446087AA}_is1" = Pocket version 1.5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Akamai" = Akamai NetSession Interface Service
"AVI Codec Pack" = AVI Codec Pack
"Celtx (2.0.2)" = Celtx (2.0.2)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Fly DVD Copier_is1" = Fly DVD Copier Version 4.9
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.1
"Google Calendar Sync" = Google Calendar Sync
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Keeper Password & Data Vault" = Keeper Password & Data Vault
"Logitech Vid" = Logitech Vid HD
"Loki Browser Plugin" = Loki Browser Plugin
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MIKSOFT Mobile 3GP converter_is1" = MIKSOFT Mobile 3GP converter
"Mozilla Firefox 25.0 (x86 en-US)" = Mozilla Firefox 25.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.15.1748" = Opera 12.15
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Photodex Presenter" = Photodex Presenter
"PROPLUS" = Microsoft Office Professional Plus 2007
"ProShow Gold" = ProShow Gold
"ProShow MediaSource - Family Memories" = ProShow MediaSource - Family Memories
"ProShow Producer" = ProShow Producer
"RealPlayer 16.0" = RealPlayer
"SpiceFX for Movie Maker" = SpiceFX for Movie Maker
"TunnelBear" = TunnelBear 2.1.1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WM Capture" = WM Capture
"WM Recorder" = WM Recorder
"WM_Splitter_1.6.906" = WM Splitter 1.6.906
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"23ab716f18849b6f" = Amazon Cloud Drive
"Akamai" = Akamai NetSession Interface
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"GoogleToolBar" = GoogleToolBar
"MapQuest Toolbar" = MapQuest Toolbar
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Spotify" = Spotify
"WM Capture" = WM Capture
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/16/2013 2:15:47 AM | Computer Name = USFRIENDS | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_CryptSvc, version 6.0.6001.18000,
time stamp 0x47919291, faulting module ntdll.dll, version 6.0.6002.18881, time
stamp 0x51da3d16, exception code 0xc0000006, fault offset 0x000000000001a1d4, process
id 0x6d0, application start time 0x01cee2900ddc6fc6.

Error - 11/16/2013 2:15:47 AM | Computer Name = USFRIENDS | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\WINDOWS\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Host Process for Windows Services
because of this error. Program: Host Process for Windows Services File: C:\WINDOWS\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C0000015 Disk
type: 3

[ System Events ]
Error - 11/16/2013 6:11:47 AM | Computer Name = USFRIENDS | Source = nvstor64 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 11/16/2013 6:11:49 AM | Computer Name = USFRIENDS | Source = nvstor64 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 11/16/2013 6:11:57 AM | Computer Name = USFRIENDS | Source = nvstor64 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 11/16/2013 6:12:05 AM | Computer Name = USFRIENDS | Source = nvstor64 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 11/16/2013 6:12:13 AM | Computer Name = USFRIENDS | Source = nvstor64 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 11/16/2013 6:12:21 AM | Computer Name = USFRIENDS | Source = nvstor64 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 11/16/2013 6:12:29 AM | Computer Name = USFRIENDS | Source = nvstor64 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 11/16/2013 6:12:37 AM | Computer Name = USFRIENDS | Source = nvstor64 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 11/16/2013 6:12:45 AM | Computer Name = USFRIENDS | Source = nvstor64 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.

Error - 11/16/2013 6:12:53 AM | Computer Name = USFRIENDS | Source = nvstor64 | ID = 262149
Description = A parity error was detected on \Device\RaidPort0.


< End of report >

================= End Extras Log ======

I'll attempt to do the drivers thing. Thanks Ron again! :)
  • 0

#12
ThanksGeeksForHelping

ThanksGeeksForHelping

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi Ron (RKinner) :)

First of all, the trial malware bites thing is expired. :'( Second of all, when in safe mode I'm not sure if any of our windows security essentials is working or not. I don't know what is or isn't working. Now onto more important matters...

I'm not sure if I did the drivers thing correctly. Actually, I don't think I did it correctly. Perhaps I should have asked before doing anything. So here's what happened, as detailed as I can be to my recollection.

I downloaded the, what would you call it? "Item" from the link you provided. I then right clicked and ran as "Administrator" then went through the prompts. So then it said it would uninstall drivers so it did supposedly and then did a reboot. I let it reboot in normal mode. The computer totally sucks in normal mode. It was a black screen with white arrow for some time. And then tunnelbear showed up and then some windows warning/alert and then NVIDIA thing showed up. It was there for a long time with no movement. So I did control + alt + delete. Did task manager. And then white screen came and then everything showed up. But networking wasn't there (the icon with the 2 computers never showed up) and then security essentials was there and tried to do a scan. But the computer wasn't doing anything. So I tried to restart the computer. It was at "shutting down" for a long time so I just pressed the power button until the computer shut down. Waited a bit then pressed the start button and got the computer in safe mode.

Here's where it's alarming for me. It took a long time like it's been going to restart it in safe mode. So it goes to safe mode with networking. It's supposedly installing drivers. But here's the thing that scares me, the icon shows to computers with an X. And I put my mouse over it and it says it's not connected to any network. I'm really scared, because I need the internet in safe mode or I don't think I can do anything you ask with this computer. But here's the thing. I am obviously connected to the internet because I'm able to open chrome and go to geekstogo.com for example. So, I'm not so scared.

So I think about seeing if I can do the drivers thing correctly. So I right click on the downloaded item from the website in my downloads folder and run as an "Administrator" and then I select the three items to update or whatever it's called. I should really have taken detailed notes on what I did. So, it updates supposedly. Then it asks me if I want to download some manager. Man I really messed this up, I should have taken detailed notes, because I don't remember what manager it's called. It does but then this alert saying something wasn't updated. [bleep] I should have really taken notes of what that alert was. Because it told me to contact my administrator or something like that.

Anyways, I'm not going to do anything until I get instructions from you. Please give me detailed step by step instructions. I won't be offended if you give me so detailed instructions like I'm a first grader, pretend I'm stupid. I don't really want to mess up this computer even more. And I want to make sure I do it right. So from here on out I'm not doing anything, unless I have detailed instructions and what to expect. Because if I can't even get to the internet in safe mode, this computer seems like a lost cause. And I can't have that. This is the only one we've got and we really can't afford a new one. We're not rich. I'm really scared now. I don't know what to do. And we've got so many files that we can't lose on this computer. Lots of memories and we're volunteers for a good humanitarian cause. That's our passion!

We're not really tech savvy. We're not really computer savvy. I apologize for being overly cautious. I should have maintained that. Better to be safe than sorry. And right now I'm so very sorry. :'( I should have asked more questions before doing anything. So before doing anything from here on out. I want to make sure. And I'm sorry if I've made things worse. I really appreciate your help Ron (RKinner) and I'm sorry if I've hindered your helping us by not asking questions before doing the drivers thing. I'm so scared now.

Anyways, the computer will remain on in safe mode with networking (supposedly). Hopefully there is no black out. :'( Hopefully I'll be able to open a browser later so I can view your instructions. The icon with the two computers has an "X" and I put a mouse over it and it says I'm not connected to any networks. But I am because I'm here typing away. Scared as [bleep]. I don't know what to do next. And I'm afraid to shut the computer down, for fear it won't start again.

Thanks Ron (RKinner)! I hope you have a good conference and it is successful. I thank you so very very very much for taking the time to help my roommate and I. I know it will be a long process because you're busy with your life. We've got work, and we're going to ask a lot of questions before proceeding to do anything. But you will never know how much your help means to us and the people we help. :)

Edited by ThanksGeeksForHelping, 18 November 2013 - 02:59 AM.

  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.
  • 0

#14
ThanksGeeksForHelping

ThanksGeeksForHelping

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Thanks Ron (RKinner) :) Thank you for taking the time to help my roommate out as well as the others here on Geeks To Go. Hope your conference is going good.

Here's the VEW.txt log for "System" I'll post "Application" in another post.

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 18/11/2013 3:01:56 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/11/2013 10:59:26 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Cryptographic Services service terminated unexpectedly. It has done this 13 time(s).

Log: 'System' Date/Time: 18/11/2013 10:59:23 PM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 18/11/2013 10:59:15 PM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 18/11/2013 10:59:07 PM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 18/11/2013 10:59:00 PM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 18/11/2013 10:58:52 PM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 18/11/2013 10:58:44 PM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 18/11/2013 10:58:36 PM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 18/11/2013 10:58:28 PM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 18/11/2013 10:58:20 PM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 18/11/2013 8:19:04 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Cryptographic Services service terminated unexpectedly. It has done this 12 time(s).

Log: 'System' Date/Time: 18/11/2013 8:19:02 AM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 18/11/2013 8:18:54 AM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 18/11/2013 8:18:46 AM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 18/11/2013 8:18:38 AM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 18/11/2013 8:18:30 AM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 18/11/2013 8:18:22 AM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 18/11/2013 8:18:14 AM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 18/11/2013 8:18:06 AM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 18/11/2013 8:17:58 AM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/11/2013 8:10:13 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001FC6E8A92F. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 18/11/2013 7:49:15 AM
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'TabletInputService' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 18/11/2013 7:12:38 AM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 18/11/2013 7:12:37 AM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
  • 0

#15
ThanksGeeksForHelping

ThanksGeeksForHelping

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
And here's the VEW txt log for Application.

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 18/11/2013 3:05:51 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/11/2013 10:59:23 PM
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\WINDOWS\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\WINDOWS\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000015 Disk type: 3

Log: 'Application' Date/Time: 18/11/2013 10:59:23 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe_CryptSvc, version 6.0.6001.18000, time stamp 0x47919291, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3d16, exception code 0xc0000006, fault offset 0x000000000001a1d4, process id 0xaa4, application start time 0x01cee4b1ab509ffc.

Log: 'Application' Date/Time: 18/11/2013 8:17:55 AM
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\WINDOWS\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\WINDOWS\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000015 Disk type: 3

Log: 'Application' Date/Time: 18/11/2013 8:17:55 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe_CryptSvc, version 6.0.6001.18000, time stamp 0x47919291, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3d16, exception code 0xc0000006, fault offset 0x000000000001a1d4, process id 0x71c, application start time 0x01cee436875b7a0c.

Log: 'Application' Date/Time: 18/11/2013 8:16:25 AM
Type: Error Category: 0
Event: 11719 Source: MsiInstaller
Product: NVIDIA ForceWare Network Access Manager -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.

Log: 'Application' Date/Time: 18/11/2013 8:15:40 AM
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\WINDOWS\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\WINDOWS\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000015 Disk type: 3

Log: 'Application' Date/Time: 18/11/2013 8:15:40 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe_CryptSvc, version 6.0.6001.18000, time stamp 0x47919291, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3d16, exception code 0xc0000006, fault offset 0x000000000001a1d4, process id 0xcdc, application start time 0x01cee436373420ec.

Log: 'Application' Date/Time: 18/11/2013 8:13:55 AM
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\WINDOWS\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\WINDOWS\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000015 Disk type: 3

Log: 'Application' Date/Time: 18/11/2013 8:13:55 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe_CryptSvc, version 6.0.6001.18000, time stamp 0x47919291, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3d16, exception code 0xc0000006, fault offset 0x000000000001a1d4, process id 0xf6c, application start time 0x01cee435f86e3e4c.

Log: 'Application' Date/Time: 18/11/2013 8:12:46 AM
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\WINDOWS\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\WINDOWS\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000015 Disk type: 3

Log: 'Application' Date/Time: 18/11/2013 8:12:46 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe_CryptSvc, version 6.0.6001.18000, time stamp 0x47919291, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3d16, exception code 0xc0000006, fault offset 0x000000000001a1d4, process id 0xe7c, application start time 0x01cee435cf6a6d2c.

Log: 'Application' Date/Time: 18/11/2013 8:11:40 AM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point on volume (Process = C:\Windows\system32\DrvInst.exe "4" "0" "C:\Users\BINAPRI\{39a20e99-757b-478b-8319-1e1a982a6320}\nvstor64.inf" "9" "52bab8307" "00000000000004F0" "WinSta0\Default" "0000000000000454" "208" "c:\nvidia\nforcewin7vista64int\15.58\ide\winvista64\sata_ide"; Descripton = Device Driver Package Install: NVIDIA Corporation IDE ATA/ATAPI controllers; Hr = 0x8007043c).

Log: 'Application' Date/Time: 18/11/2013 8:10:08 AM
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\WINDOWS\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\WINDOWS\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000015 Disk type: 3

Log: 'Application' Date/Time: 18/11/2013 8:10:08 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe_CryptSvc, version 6.0.6001.18000, time stamp 0x47919291, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3d16, exception code 0xc0000006, fault offset 0x000000000001a1d4, process id 0xa74, application start time 0x01cee4357126396c.

Log: 'Application' Date/Time: 18/11/2013 8:08:59 AM
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\WINDOWS\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\WINDOWS\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000015 Disk type: 3

Log: 'Application' Date/Time: 18/11/2013 8:08:59 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe_CryptSvc, version 6.0.6001.18000, time stamp 0x47919291, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3d16, exception code 0xc0000006, fault offset 0x000000000001a1d4, process id 0x588, application start time 0x01cee435481da58c.

Log: 'Application' Date/Time: 18/11/2013 8:07:53 AM
Type: Error Category: 0
Event: 8193 Source: System Restore
Failed to create restore point on volume (Process = C:\Windows\system32\DrvInst.exe "4" "0" "C:\Users\BINAPRI\{c400434b-0c0d-47ca-9ee5-08e2b4613d1c}\nvfd6x64.inf" "9" "50099785f" "000000000000033C" "WinSta0\Default" "0000000000000458" "208" "c:\nvidia\nforcewin7vista64int\15.58\ethernet"; Descripton = Device Driver Package Install: NVIDIA Network adapters; Hr = 0x8007043c).

Log: 'Application' Date/Time: 18/11/2013 8:05:30 AM
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\WINDOWS\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\WINDOWS\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000015 Disk type: 3

Log: 'Application' Date/Time: 18/11/2013 8:05:30 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application svchost.exe_CryptSvc, version 6.0.6001.18000, time stamp 0x47919291, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3d16, exception code 0xc0000006, fault offset 0x000000000001a1d4, process id 0x45c, application start time 0x01cee434cb42060c.

Log: 'Application' Date/Time: 18/11/2013 8:04:21 AM
Type: Error Category: 100
Event: 1005 Source: Application Error
Windows cannot access the file C:\WINDOWS\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\WINDOWS\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000015 Disk type: 3

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/11/2013 8:16:13 AM
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x8007043C

Log: 'Application' Date/Time: 18/11/2013 8:16:13 AM
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x8007043C

Log: 'Application' Date/Time: 18/11/2013 8:16:10 AM
Type: Warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x8007043C

Log: 'Application' Date/Time: 18/11/2013 7:49:23 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 18/11/2013 6:48:06 AM
Type: Warning Category: 0
Event: 6003 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a critical notification event.

Log: 'Application' Date/Time: 18/11/2013 6:34:17 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 18/11/2013 6:34:17 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP