Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HELP! Nasty virus came with RegCleanPro

RegCleanPro

  • Please log in to reply

#1
anazopyreo

anazopyreo

    Member

  • Member
  • PipPipPip
  • 130 posts
OTL logfile created on: 4/26/2014 12:14:26 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael Jeckyll\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.99 Gb Total Physical Memory | 4.62 Gb Available Physical Memory | 57.80% Memory free
15.98 Gb Paging File | 11.89 Gb Available in Paging File | 74.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.20 Gb Total Space | 253.58 Gb Free Space | 36.95% Space Free | Partition Type: NTFS
Drive D: | 12.33 Gb Total Space | 2.22 Gb Free Space | 17.97% Space Free | Partition Type: NTFS
 
Computer Name: MICHAEL-PC | User Name: Michael Jeckyll | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Michael Jeckyll\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe ()
PRC - C:\Program Files (x86)\PlurPush\updatePlurPush.exe ()
PRC - C:\Program Files (x86)\Google\Chrome Remote Desktop\35.0.1916.52\remoting_host.exe (Google Inc.)
PRC - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (Conduit)
PRC - C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (Conduit)
PRC - C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (Conduit)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe (Systweak)
PRC - C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe ()
PRC - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Foxit Corporation)
PRC - C:\Users\Michael Jeckyll\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMHID4.exe ()
PRC - C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMTray4.exe ()
PRC - C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
PRC - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
PRC - C:\Windows\SysWOW64\WinMsgBalloonServer.exe ()
PRC - C:\Windows\SysWOW64\WinMsgBalloonClient.exe ()
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll ()
MOD - C:\Program Files (x86)\Advanced System Protector\aspsys.dll ()
MOD - C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\d682d06abf8257c72ce11cefd1d74cf5\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\868ad9d8acc0bf80a973c0e4e9cae4fa\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\b34b348a9935338b1282fd0c9309eb1f\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b0f9a4f138cc569a7526f97b93808d3e\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\faf3ae85f2470505e1b32d2154de60ef\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\cd3556d1162e8f7df77611c9c4253f7c\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\fe1942c05eda4f9744f80afb4ae76a2d\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\7c233151b685c540524f87931632423a\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4f5069e6497e5e6a381ab6aadf05d6a5\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll ()
MOD - C:\Users\Michael Jeckyll\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files\Alwil Software\Avast5\libcef.dll ()
MOD - C:\Users\Michael Jeckyll\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll ()
MOD - C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMHID4.exe ()
MOD - C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMTray4.exe ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (ClickToRunSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV:64bit: - (TabletServicePen) -- C:\Windows\SysNative\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (Util PlurPush) -- C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe ()
SRV - (Update PlurPush) -- C:\Program Files (x86)\PlurPush\updatePlurPush.exe ()
SRV - (chromoting) -- C:\Program Files (x86)\Google\Chrome Remote Desktop\35.0.1916.52\remoting_host.exe (Google Inc.)
SRV - (CltMngSvc) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (Conduit)
SRV - (BackupStack) -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe (Just Develop It)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (FoxitCloudUpdateService) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Foxit Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (HPSLPSVC) -- C:\Users\James\AppData\Local\Temp\7zS5D72\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (tvnserver) -- C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
SRV - (NanoServiceMain) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (wxpSvc) -- C:\Program Files (x86)\wLite\wService.exe (Moonware Studios)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (ADVService) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Amazon.com)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AMD_RAIDXpert) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
SRV - (Adobe Version Cue CS3) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - ({552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64) -- C:\Windows\SysNative\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys (StdLib)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswstm.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (AODDriver4.1) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (AODDriver4.0) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (PSINAflt) -- C:\Windows\SysNative\drivers\PSINAflt.sys (Panda Security, S.L.)
DRV:64bit: - (PSINProt) -- C:\Windows\SysNative\drivers\PSINProt.sys (Panda Security, S.L.)
DRV:64bit: - (PSINKNC) -- C:\Windows\SysNative\drivers\PSINKNC.sys (Panda Security, S.L.)
DRV:64bit: - (SSMO4Filter) -- C:\Windows\SysNative\drivers\MO4Driver.sys (Sagatek Co. Ltd.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (PSINProc) -- C:\Windows\SysNative\drivers\PSINProc.sys (Panda Security, S.L.)
DRV:64bit: - (PSINFile) -- C:\Windows\SysNative\drivers\PSINFile.sys (Panda Security, S.L.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (MusCAudio) -- C:\Windows\SysNative\drivers\MusCAudio.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {42D17F4A-4F61-45D0-AA64-C00C90C2CBC3}
IE:64bit: - HKLM\..\SearchScopes\{355FE6B9-CE1F-4B91-8BE7-0F688362AEE7}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{42D17F4A-4F61-45D0-AA64-C00C90C2CBC3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {42D17F4A-4F61-45D0-AA64-C00C90C2CBC3}
IE - HKLM\..\SearchScopes\{355FE6B9-CE1F-4B91-8BE7-0F688362AEE7}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{42D17F4A-4F61-45D0-AA64-C00C90C2CBC3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...B65AD7954&SSPV=
IE - HKCU\..\SearchScopes,DefaultScope = {42D17F4A-4F61-45D0-AA64-C00C90C2CBC3}
IE - HKCU\..\SearchScopes\{42D17F4A-4F61-45D0-AA64-C00C90C2CBC3}: "URL" = http://www.bing.com/...E11SR&pc=HPDTDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://search.condui...65AD7954&SSPV="
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:3.0.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.2
FF - prefs.js..browser.search.selectedEngine: "Conduit Search"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\James\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files (x86)\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Michael Jeckyll\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\sony.com/MediaGoDetector: C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2014/04/06 01:19:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/24 03:32:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/31 00:13:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/16 23:52:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/03/20 07:38:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/31 00:13:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/16 23:52:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/03/20 07:38:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011/01/24 16:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael Jeckyll\AppData\Roaming\mozilla\Extensions
[2014/04/26 10:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael Jeckyll\AppData\Roaming\mozilla\Firefox\Profiles\8eedzxye.default\extensions
[2013/10/08 11:01:28 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Michael Jeckyll\AppData\Roaming\mozilla\Firefox\Profiles\8eedzxye.default\extensions\[email protected]
[2014/03/23 14:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael Jeckyll\AppData\Roaming\mozilla\Firefox\Profiles\8eedzxye.default\extensions\staged
[2014/01/22 09:38:38 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Michael Jeckyll\AppData\Roaming\mozilla\Firefox\Profiles\8eedzxye.default\extensions\[email protected]
[2014/04/26 07:34:30 | 000,007,448 | ---- | M] () (No name found) -- C:\Users\Michael Jeckyll\AppData\Roaming\mozilla\firefox\profiles\8eedzxye.default\extensions\{552199fb-9890-4055-9aaf-b2f6d51d46e9}.xpi
[2014/04/26 10:38:58 | 000,000,916 | ---- | M] () -- C:\Users\Michael Jeckyll\AppData\Roaming\mozilla\firefox\profiles\8eedzxye.default\searchplugins\conduit-search.xml
[2013/12/31 00:13:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/31 00:13:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/31 00:13:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/31 00:14:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2013/09/24 03:30:41 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = http://search.condui...rchTerms}&SSPV=
CHR - default_search_provider: suggest_url = http://suggest.searc...={searchTerms},
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft® Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files (x86)\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin:  Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: MyStickies - Sticky notes for the web = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaakpbbojhipcodjiknnbjkafgjolnjn\1.0.0_0\
CHR - Extension: Classic Games = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpckajjkmjncafjlkielcgheibdlnfgc\1.0_0\
CHR - Extension: Send to Kindle for Google Chromeâ„¢ = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea\1.0.1.56_0\
CHR - Extension: Readium = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.13.4_0\
CHR - Extension: Chrome Remote Desktop = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\35.0.1916.37_1\
CHR - Extension: Chain Reaction = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa\1.2_0\
CHR - Extension: avast! Online Security = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.17_1\
CHR - Extension: Cargo Bridge: Armor Games Edition = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj\2.1.1_0\
CHR - Extension: Cloud Reader = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_0\
CHR - Extension: RealDownloader = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: 90`s Games = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\illbbfoihflomkbpcaaakhijinbnejom\1.2_0\
CHR - Extension: Dropbox = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.8_0\
CHR - Extension: SoundCloud = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp\1_0\
CHR - Extension: EMS Epub Reader = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjjndjfljldkanddccaibhokcljgebkh\1.1_0\
CHR - Extension: ShiftEdit = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcgmndephhjcabhhjfcmncnhbmgbkpij\1.39_0\
CHR - Extension: Skype Click to Call = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: Word² = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpibnckjjeaabeepofhfmmpjmnomohee\2.5_0\
CHR - Extension: MouseHunt Horn Timer = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkoojecgfgialnfnllpgmdgdoaofpen\1.10.4_0\
CHR - Extension: Poppit = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: No name found = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk\0.701_0\
CHR - Extension: Ziftr Alerts - formerly FreePriceAlerts.com = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoiabglmnijabkfknliolcbjfcmbmdl\3.5_0\
CHR - Extension: Google Wallet = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.3_0\
CHR - Extension: Online Sticky Notes = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\oicicdeliickcjglahfgmfjondemchnb\0.0.0.1_0\
 
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O2:64bit: - BHO: (FreePriceAlerts) - {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} - C:\Program Files (x86)\FreePriceAlerts\win64\vbobho.dll (FreePriceAlerts.com)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (PlurPush) - {82249076-d5c8-431d-982b-023779779587} - C:\Program Files (x86)\PlurPush\PlurPushBHO.dll (PlurPush)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O2 - BHO: (FreePriceAlerts) - {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} - C:\Program Files (x86)\FreePriceAlerts\vbobho.dll (FreePriceAlerts.com)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ()
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SteelSeries World of Warcraft® MMO Gaming Mouse Legendary Edition] C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMHID4.exe ()
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_77438333B7244717AE9C9494A9658A5D] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk = C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe ()
O4 - Startup: C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michael Jeckyll\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O4 - Startup: C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk = C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\WeatherAlerts.exe (Local Weather LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: LastPass - file://C:\Users\Michael Jeckyll\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\Michael Jeckyll\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: LastPass - file://C:\Users\Michael Jeckyll\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Michael Jeckyll\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pears...ces/ax/stub.cab (Enlite 2.x Simulation Engine Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54F9BA21-92AF-467D-BCD0-E71F53A0AA3E}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Conduit)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/03/02 20:47:55 | 000,000,248 | ---- | M] () - C:\Autoconfig.ini -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/26 12:17:24 | 000,061,112 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys
[2014/04/26 11:50:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michael Jeckyll\Desktop\OTL.exe
[2014/04/26 11:27:06 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Local\ApplicationHistory
[2014/04/26 11:19:46 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Local\VS Revo Group
[2014/04/26 10:42:28 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Local\Local_Weather_LLC
[2014/04/26 10:42:27 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
[2014/04/26 10:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2014/04/26 10:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2014/04/26 10:41:57 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts
[2014/04/26 10:41:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Protector
[2014/04/26 10:41:41 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Roaming\VOPackage
[2014/04/26 10:41:32 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2014/04/26 10:41:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/04/26 10:40:51 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Roaming\Systweak
[2014/04/26 10:40:49 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2014/04/26 10:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2014/04/26 10:39:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PlurPush
[2014/04/26 10:38:50 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Local\SearchProtect
[2014/04/26 10:38:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/04/15 20:23:27 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Local\Foxit Reader
[2014/04/14 15:21:53 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\.netbeans-derby
[2014/04/12 01:37:54 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Roaming\Local
[2014/04/06 21:06:06 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Local\MediaMonkey
[2014/04/06 21:05:48 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Roaming\MediaMonkey
[2014/04/06 21:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
[2014/04/06 21:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMonkey
[2014/04/06 21:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMonkey
[2014/04/06 01:19:16 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/05 08:16:01 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\.android
[2014/04/02 09:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2014/04/02 09:02:02 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Local\Sony
[2014/04/02 09:01:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared
[2014/04/02 09:01:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2014/04/02 09:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2014/04/02 09:00:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/04/02 08:59:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Media Go Install
[2014/04/02 08:59:32 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Roaming\Sony
[2014/04/02 07:14:17 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\.config
[2014/04/02 07:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clementine
[2014/04/02 07:12:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Clementine
[2012/09/06 11:07:16 | 013,024,768 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/26 12:18:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2285044726-644081842-593342182-1012UA.job
[2014/04/26 12:06:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2285044726-644081842-593342182-1001UA.job
[2014/04/26 11:56:20 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/26 11:56:20 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/26 11:56:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/26 11:50:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael Jeckyll\Desktop\OTL.exe
[2014/04/26 11:49:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2285044726-644081842-593342182-1003UA.job
[2014/04/26 11:42:42 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/26 11:40:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/26 11:40:09 | 2141,106,175 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/26 10:50:04 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2014/04/26 10:50:04 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2014/04/26 10:42:31 | 000,000,482 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\Gems Swap.lnk
[2014/04/26 10:42:31 | 000,000,456 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\My Games.lnk
[2014/04/26 10:42:27 | 000,001,180 | ---- | M] () -- C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
[2014/04/26 10:42:07 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2014/04/26 10:41:58 | 000,001,212 | ---- | M] () -- C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
[2014/04/26 10:41:47 | 000,001,931 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\Sync Folder.lnk
[2014/04/26 10:41:43 | 000,001,913 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\Configure VO Package.lnk
[2014/04/26 10:41:32 | 000,001,059 | ---- | M] () -- C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/04/26 10:41:32 | 000,001,049 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\MyPC Backup.lnk
[2014/04/26 10:41:26 | 000,001,802 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\Continue GemSwap.lnk
[2014/04/26 10:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/26 10:18:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2285044726-644081842-593342182-1012Core.job
[2014/04/26 01:49:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2285044726-644081842-593342182-1003Core.job
[2014/04/24 23:03:12 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJames.job
[2014/04/24 13:06:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2285044726-644081842-593342182-1001Core.job
[2014/04/24 12:29:30 | 000,061,112 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys
[2014/04/24 07:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMichael Jeckyll.job
[2014/04/20 08:15:20 | 000,033,534 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\star_trek_photon_torpedo_coffin_ooojy.jpg
[2014/04/19 20:45:40 | 000,795,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/19 20:45:40 | 000,671,152 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/19 20:45:40 | 000,126,278 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/19 02:47:47 | 002,438,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/18 20:17:59 | 000,610,304 | ---- | M] () -- C:\Users\Michael Jeckyll\Documents\Database1.accdb
[2014/04/14 15:15:51 | 000,000,600 | ---- | M] () -- C:\Users\Michael Jeckyll\AppData\Roaming\winscp.rnd
[2014/04/11 12:30:00 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\CMS Application Updater.job
[2014/04/08 09:53:39 | 000,000,877 | ---- | M] () -- C:\Users\Michael Jeckyll\Application Data\Microsoft\Internet Explorer\Quick Launch\Temp BoDs - Shortcut.lnk
[2014/04/06 21:05:48 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2014/04/06 01:19:58 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/04/06 01:19:18 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/04/06 01:19:18 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/04/06 01:19:18 | 000,208,928 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/04/06 01:19:18 | 000,084,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/04/06 01:19:18 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/04/06 01:19:17 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/04/06 01:19:17 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/04/06 01:19:17 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/04/06 01:19:16 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/03 03:03:00 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/04/02 09:02:42 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Media Go.lnk
[2014/04/01 13:28:20 | 000,002,283 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\Kindle.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/26 10:42:31 | 000,000,482 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\Gems Swap.lnk
[2014/04/26 10:42:31 | 000,000,456 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\My Games.lnk
[2014/04/26 10:42:27 | 000,001,180 | ---- | C] () -- C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
[2014/04/26 10:42:07 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2014/04/26 10:41:58 | 000,001,212 | ---- | C] () -- C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
[2014/04/26 10:41:52 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2014/04/26 10:41:47 | 000,001,931 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\Sync Folder.lnk
[2014/04/26 10:41:43 | 000,001,913 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\Configure VO Package.lnk
[2014/04/26 10:41:32 | 000,001,059 | ---- | C] () -- C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2014/04/26 10:41:32 | 000,001,049 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\MyPC Backup.lnk
[2014/04/26 10:41:26 | 000,001,802 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\Continue GemSwap.lnk
[2014/04/26 10:41:11 | 000,000,296 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2014/04/26 10:41:09 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2014/04/20 08:15:19 | 000,033,534 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\star_trek_photon_torpedo_coffin_ooojy.jpg
[2014/04/18 19:57:41 | 000,610,304 | ---- | C] () -- C:\Users\Michael Jeckyll\Documents\Database1.accdb
[2014/04/08 09:53:39 | 000,000,877 | ---- | C] () -- C:\Users\Michael Jeckyll\Application Data\Microsoft\Internet Explorer\Quick Launch\Temp BoDs - Shortcut.lnk
[2014/04/06 21:05:48 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2014/04/06 01:19:58 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/04/02 09:02:42 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Media Go.lnk
[2014/04/01 13:28:20 | 000,002,283 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\Kindle.lnk
[2014/01/31 09:25:12 | 000,000,883 | ---- | C] () -- C:\Users\Michael Jeckyll\.recently-used.xbel
[2014/01/13 22:58:27 | 000,000,600 | ---- | C] () -- C:\Users\Michael Jeckyll\AppData\Roaming\winscp.rnd
[2014/01/12 08:49:44 | 000,152,920 | R--- | C] () -- C:\Windows\Wiainst64.exe
[2014/01/12 08:47:15 | 001,571,160 | ---- | C] () -- C:\Windows\TotalUninstaller.exe
[2013/10/08 11:53:15 | 000,000,208 | ---- | C] () -- C:\Users\Michael Jeckyll\.packettracer
[2013/04/10 03:37:16 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\Ssdevm.dll
[2011/10/22 11:53:55 | 000,000,212 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/12/24 08:17:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/12/03 01:12:46 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\AVAST Software
[2014/03/20 09:42:34 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Battle.net
[2013/10/11 21:25:17 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\com.ninjakiwi.BloonsTD5Deluxe
[2014/04/26 11:51:19 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Dropbox
[2013/12/08 14:02:25 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\e-academy Inc
[2014/04/22 18:23:42 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\FileZilla
[2013/10/02 12:00:29 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Foxit Scanner Images
[2014/03/06 02:23:46 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Foxit Software
[2013/10/11 18:10:41 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\FreePriceAlerts
[2011/01/29 21:29:58 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Genie-Soft
[2013/10/02 09:27:51 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\ICAClient
[2013/10/08 11:49:31 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\JAM Software
[2014/04/12 01:37:54 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Local
[2014/04/07 08:36:27 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\MediaMonkey
[2013/10/23 07:24:23 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\NetBeans
[2013/10/17 09:20:36 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Notepad++
[2013/10/02 11:13:37 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\OpenOffice
[2011/01/29 15:52:43 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\OpenOffice.org
[2013/10/08 10:53:06 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Opera Software
[2014/01/12 08:50:53 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Samsung
[2014/04/02 09:33:15 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Sony
[2013/10/02 09:27:51 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\SteelSeries
[2014/04/26 10:42:15 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Systweak
[2013/12/22 06:43:24 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Thunderbird
[2013/11/26 15:41:48 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Unity
[2014/04/26 10:41:42 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\VOPackage
[2011/01/24 16:41:41 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\WTouch
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

Advertisements


#2
anazopyreo

anazopyreo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

I tried typing in an explanation, but what I typed got intercepted and nothing made it into the text box. I got the OTL report in on my second try. 

Here goes my explanation again...

I downloaded a game that came with RegCleanPro and I think I got rid of that. After doing some Googling I have come to the conclusion that it is not the malware but that it came packaged with malware. I don't know what it would be. I have popups when my PC is turned on that want me to run a backup. I had my homepage hijacked. I have window flying in from the sides when I use Chrome and the longer I'm on Chrome the more adds pop up. Please save me!


  • 0

#3
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

First

On the first time you ran it OTL creates 2 log reports. The one I need is called Extras .txt do you have that log? If so post it might be on the task bar, If not I would like you to re-run OTL once more so we can re create the log, before you run the scan I need you to do this--> under the Extra Registry section please put a check mark in "All" then hit Runscan, when OTL is done scanning 2 logs will be generated, the first log will pop up in front of you, the second log will be mimized to the task bar down by the clock area, called Extras .txt please post that log. Really don't need to post the first one as we already have that one.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
Next

thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

Please post the following logs in your next reply:
  • JRT.txt
  • AdwCleaner[S0].txt
  • Extra's .txt
Thanks
Joe :)
  • 0

#4
anazopyreo

anazopyreo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts
Just finished the 2nd OTL scan. Now I'm working on the next steps.
 
OTL Extras logfile created on: 4/26/2014 1:53:42 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael Jeckyll\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.99 Gb Total Physical Memory | 3.09 Gb Available Physical Memory | 38.64% Memory free
15.98 Gb Paging File | 10.45 Gb Available in Paging File | 65.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.20 Gb Total Space | 254.39 Gb Free Space | 37.07% Space Free | Partition Type: NTFS
Drive D: | 12.33 Gb Total Space | 2.22 Gb Free Space | 17.97% Space Free | Partition Type: NTFS
 
Computer Name: MICHAEL-PC | User Name: Michael Jeckyll | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = jsfile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = jsfile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002CF2AD-56A6-41CF-9015-7497D8134BD2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{0A037AD4-9FD4-4CEA-942B-F518178DD3A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1276B36A-8DF9-4DB9-B9F9-A2EAE711D594}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{146B9ADB-9FF8-470C-A0D9-1C961BC31EF4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{1622DC60-2FA7-4B3C-8CF7-2323E3815C7C}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher | 
"{23922976-D268-4C87-8378-084500328258}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{242CDBB2-56C7-44B7-B3FF-1A99FE195FC1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2D112AA4-A5B4-4008-ACCA-DD96567C1022}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{2FD6C38D-8144-48CD-B5CF-46C99719F806}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{32354C30-6B65-40C3-9491-2D9792439C23}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3AA0EF04-C84C-411B-B1CA-E50908E0FFCF}" = lport=137 | protocol=17 | dir=in | app=system | 
"{43B0D3D8-E6B0-473A-A5C5-8D13436837B9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4CD89445-2A5A-401E-A9DC-5FA6FD7B0F93}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5305640C-BCAC-4AB5-BC72-909239A6E44D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{57259802-1D23-4CA0-BBF5-E0B66FCC3120}" = rport=138 | protocol=17 | dir=out | app=system | 
"{597C8E83-0FD4-49A6-824E-6891BEF96620}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5AFD5720-0479-43CB-B551-8E75E11866A4}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher | 
"{5DE7862A-8F36-40E6-86FD-A2467717B988}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher | 
"{7056AE31-8626-4D55-883E-69764ED2D9B0}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher | 
"{712FF558-A7B8-43C7-8A00-CC4D094D192E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{74165714-E524-4DA1-A61D-708CB46B8D49}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7D8CE695-D8E9-4DD0-B913-2B9B26A07491}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7D8F49B0-EA0A-4731-8917-4221E18C9969}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 
"{82BE115F-673D-4899-8DFC-3A5DC2587F60}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{874B4A33-F192-4193-B70D-966E5125E6D5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{877F1A1E-C471-49DC-ACF8-E319A67E3CF1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{93430A63-34D1-4CA6-B192-3CCA75ED5889}" = lport=6944 | protocol=17 | dir=in | name=league of legends launcher | 
"{95C89422-F875-4019-BD85-F89E22B96E50}" = lport=445 | protocol=6 | dir=in | app=system | 
"{96EC3EDC-4962-4544-B7AB-FF81F9A25630}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{97B58B59-9618-45FD-8B01-A88006C9F3F4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{99C34E44-B947-4008-A0FC-D19889958BA4}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher | 
"{A5340E73-C06C-4616-8C23-34B08DE2C8DB}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{ADE59B4E-9172-4122-BA6E-68F9888ACF94}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B46FF3C9-7C7D-4D45-95AF-D7932FBA2F44}" = lport=6944 | protocol=6 | dir=in | name=league of legends launcher | 
"{BE1B6E5F-44BB-4B2E-9491-AD2BF9447DA1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BF26754D-5E6F-4E53-AE96-9C8ADA4EE362}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{C29246A8-60CF-452B-9FEB-FBA59B248FDE}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher | 
"{C69C73BE-A127-45A5-B7D3-3E8BDC14C521}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{CB93367F-4481-451A-98EF-BC34E9459FA8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D36799C6-97AB-4B11-A21E-F6B0C727051B}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher | 
"{D9BB1899-2BA9-4D90-8D36-4A4E91263AA7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DB52BB2F-B62D-4B56-8A5C-A4E8A9A14F99}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EE0FFFF1-F75D-421B-8D18-1A257ECB8536}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher | 
"{F18A27DA-D1B6-47E8-917D-E6DE250CCA4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F34CC284-C7EF-46D6-BF28-C1C3DFF249FA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F3DC1BB9-D6F9-4509-B044-070E3E60AF6E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F4BF6793-CB39-49DC-AD24-1ECCB6496555}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F8D3BFCB-29DF-47C2-9CA9-529CC087D866}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FA00701D-043B-490C-962B-C1FFBBD886D7}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F25A59-2C36-46B8-8C00-E76FDE3D0F8E}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
"{0174D7C1-E961-4329-A6FC-47449C8E4C23}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{041BC2AF-78DD-4F8B-A20C-C5BC73400206}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{047F7CE4-EA4A-424F-AECF-6F5A5284BD20}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe | 
"{050F621B-1DE4-4914-825F-2F994FD4A5B1}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | 
"{063AE852-C163-47DE-B208-AFFFFAF6EE66}" = protocol=17 | dir=in | app=c:\users\michael jeckyll\appdata\roaming\dropbox\bin\dropbox.exe | 
"{07C75B90-7885-466A-8BBB-244E010BEDF7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0B563219-E0CB-4EC6-AE76-4B0D21D54D46}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe | 
"{0BAAEED0-A918-47F9-97FA-3D900188D1BE}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{0DD66E73-41A2-4E15-928B-F9D5CC0690BA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{1375651A-9B35-41DD-BB56-ECA53269DD8B}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
"{14420585-D8CC-4FCE-B35C-669C1446275F}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | 
"{179C8271-FEB1-475A-989B-89FCF5731586}" = protocol=17 | dir=in | app=c:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe | 
"{17B4818F-A4E7-4D1B-BF31-2023A7B8EC25}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{18FA4B91-6C6D-4D35-B565-135F6D2E7652}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{1926B3AD-D75E-44D4-ADE6-6383CA0615B4}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe | 
"{192EC664-F54D-42A5-8C30-54C5A776DF07}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\uninstall.exe | 
"{19519DBB-5EF8-402C-93A6-7907F88AABC7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{1A645CC1-2C52-4F1E-9607-B95DE89CD91C}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{1AA2E8EE-9384-4FF6-A165-E974FA0E966D}" = protocol=58 | dir=out | [email protected],-28546 | 
"{1CC223E2-24F9-4B59-BDE8-1FBA592B9C5B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2036\agent.exe | 
"{1D99EC22-0D38-4333-A739-70E44B15D955}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1FD6CE93-4C40-4E41-9EF9-03B184B9C92D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{2179A173-E86F-4257-9648-A033B7BADE99}" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe | 
"{21F5CB21-99EE-4237-B870-9CB9459EAC10}" = protocol=6 | dir=in | app=c:\program files (x86)\wlite\wlite.exe | 
"{252A52C3-E2B8-4D07-969C-C15CAE9B0704}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{264740A7-798E-4CAB-B2EF-477D339FCC5F}" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"{26666CE2-8618-43A4-B34C-91BE9CA6A699}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{2B80DB09-314A-4DA5-9F09-1678E9D362E9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{2DC7EA98-F2AE-4444-9988-262C9DC99E22}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{3173366F-1B6B-49BF-9119-5E5787B7BA2A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2036\agent.exe | 
"{335ADD3F-D7D4-459E-AE59-1C73D6399ED5}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
"{360DA37B-9044-4AFA-90F4-28C3EB652015}" = protocol=6 | dir=in | app=c:\program files (x86)\mypoi manager\mypoimanager.exe | 
"{373B9457-6734-43F3-82D6-01BE45F15385}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{37C28D75-72D0-4A12-9462-199BF94ADF37}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\vncviewer.exe | 
"{395008B8-9C20-406B-B375-A8BF93709326}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe | 
"{3BE340D9-415F-4E90-958F-5CCADF633995}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{3FAB60EA-27D9-4048-85ED-D47C22CBB51A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2036\agent.exe | 
"{3FD0684E-4E09-4D09-A844-EE807170ABB0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{40877BC7-09D7-4145-927F-0B1B818DF7DC}" = protocol=17 | dir=in | app=c:\xampp\filezillaftp\filezillaserver.exe | 
"{41706C17-9DD6-4062-ADA2-44FC47411236}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{41972587-7437-4D52-A465-52AA6B668402}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivboot.exe | 
"{44E1D024-8F6E-4077-8840-4845966766E1}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{4550E486-D8EC-4F88-B14D-4570A57120CF}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\uninstall.exe | 
"{4660AC9D-D9B5-4C9A-B85A-0B52E8290D22}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe | 
"{493E3230-59B5-44A3-93A9-B89820DE4C3F}" = protocol=17 | dir=in | app=c:\program files (x86)\wlite\wservice.exe | 
"{494065D1-E14D-4DEC-9B6A-2D335225B350}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{497BF188-254D-4329-879C-E9E1071A988D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | 
"{4AC8549E-3A0E-4642-80B6-DC2465166F1A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe | 
"{4B8F1382-FFE3-49A2-9619-B7F2AFFA2AFD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4BF1E2A7-13C1-4E3F-B9EB-416F7D53E7A5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4BF26236-94A9-4ACB-8796-3CBA0C44A563}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivlauncher.exe | 
"{4DAF8CDD-BA30-4666-810D-3D4D3FF5703E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe | 
"{4F35E531-B037-49B8-B47C-63D3F56F8D48}" = protocol=6 | dir=in | app=c:\users\james\appdata\roaming\dropbox\bin\dropbox.exe | 
"{51908B22-AD2A-4D36-A671-FD678FCA699D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{51DB5FAF-98F6-4A20-9641-19F3198ECC87}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{52E5A6A8-4C66-4989-A349-57BD36ED84E4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
"{55209295-D7AE-4495-B547-C9BA635F1880}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
"{56449503-8014-4C52-8E34-032ED73B479C}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe | 
"{56E0DAAB-1DCC-43AD-A944-093BF647D5A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{570EA8F9-95E6-4627-839B-99D143480A2E}" = protocol=58 | dir=in | [email protected],-28545 | 
"{5763B00F-D0A0-49B3-90B9-BA1955F3C478}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{5834B7D9-44C8-4708-A50F-144EACBE9B8B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{587DE391-A521-4446-B0AB-0FABA885AC4D}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{598B6727-F361-44F0-8C1E-80D84B54366B}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | 
"{5B7A0FFF-8C98-40F1-B229-0D5C10E5757F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{5E725D7A-7D78-4FC5-B2EC-108EA1FCE4E8}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivlauncher.exe | 
"{5EBD336B-31C8-4D1D-8DE3-97EAECAEDF8E}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{5F6A2E55-F6D4-47D7-8488-D7802B60DD2E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe | 
"{5FB2F0F4-465F-4071-B7CB-DEC907423E0F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-enus-ptr-downloader.exe | 
"{6117B9C7-93BB-41B5-B2A5-F9276232C585}" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"{6B63786C-0F3E-4C0C-9EC7-52D8C3434B77}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{6D803ACF-8527-4433-9DEA-B8FEC3249E8C}" = protocol=17 | dir=in | app=c:\users\james\appdata\local\temp\7zs5d72\hppiw.exe | 
"{6EF3AF42-8679-403C-B674-EAC2C4770094}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe | 
"{71C2C40D-36FE-4947-B51F-0251B88E9646}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{72580746-7E6E-43F2-8B5E-A83599A6A557}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{7306F25A-64C8-4ADE-BC93-C6166266D86E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{73482D78-8B70-4E0F-80EF-4FD613C00A60}" = protocol=1 | dir=in | [email protected],-28543 | 
"{73F56998-8812-4196-809D-773FFFB70834}" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe | 
"{741FF594-5C95-4C03-9EB0-BE64F7CF3A44}" = protocol=17 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe | 
"{7498C544-87EF-41C4-B923-36239CF6152D}" = protocol=6 | dir=in | app=c:\users\michael jeckyll\appdata\roaming\dropbox\bin\dropbox.exe | 
"{755DF4F4-574A-4983-8B55-6BF3649816C9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
"{776ACCDD-5268-4F3F-8C22-1EA247AE68A8}" = protocol=17 | dir=in | app=c:\windows\twain_32\samsung\scx3400\scnsearch\usdagent.exe | 
"{79949A3F-7A2C-4751-A60E-D1372FC52FDD}" = protocol=17 | dir=in | app=c:\users\james\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7B10C2EB-44A1-4C61-929D-8DEA7DD6BF39}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
"{7C272C90-D350-43EC-A576-862E3FBAB803}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{7E9CCA1A-D257-4BF5-9366-DD036CE77CD3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{7EBA2855-1B62-4807-92F6-B58A2800B7A1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{7F0AF525-BD9E-43C0-B4E8-FB51CB7E830A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | 
"{7FC272C6-04A6-475B-970C-6F490A11E764}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy document creator\edc.exe | 
"{8237E563-7234-4A94-B196-DCD21067D2D1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"{831A0922-BC1D-4471-A2F8-DF7FD0C0AB0E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{8501D606-0334-400F-8DA9-4BF310323EAB}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe | 
"{866324D2-5E9B-41E5-AB66-3C2373AA7174}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
"{86AA166E-E99A-4FF3-B92F-9038FF62884E}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy document creator\edc.exe | 
"{8ABB6178-DC16-4DBF-8BB8-687F4B361DC0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{8C778ABF-16A0-451D-B2E8-9026F887DDD5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{8C7E2382-7583-4B0F-A753-F90E101AF5E6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{8DED770E-F98B-4A06-91AB-057812E4AAB8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{8FF6BDBD-007F-4A30-A457-D09215A42DA0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{91AAD799-BB2A-48E6-AABA-AF3D03D2EE1E}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{927F3E34-E127-4D69-A0B7-23F2F7445453}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"{92A110C6-AC97-4262-A669-700AADEC0821}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{96B25C96-1590-4BDC-A55F-F21A4D1C88A2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{978DD604-C6EF-422C-8348-4E267C67BBDB}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
"{986CD695-F645-4F1E-8A3F-AA8300F50AA9}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | 
"{9947F840-5F93-470B-9BB1-E2E7B284180A}" = protocol=17 | dir=in | app=c:\program files (x86)\wlite\wlite.exe | 
"{9BA78153-3ACA-4CA9-A1E0-2670520D7A5B}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{9C2B2B24-4058-466F-A818-332CE793D957}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{9C86493D-75EE-4740-9C3A-2173FFC120D7}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe | 
"{9D7BCF44-6453-4ED4-A343-2706C2C3C26B}" = protocol=6 | dir=in | app=c:\windows\twain_32\samsung\scx3400\scnsearch\usdagent.exe | 
"{9EB72F9A-848A-415C-B45D-9218B7606E3D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{A4E3F0C1-17E7-4456-9D22-07FBBA0B9C0E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A6751B30-B828-4029-9F5C-E06843CFA838}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{A76DCC40-7A8D-444F-A0D8-AAFD2B3557F6}" = dir=in | app=c:\program files (x86)\samsung\samsung universal print driver 2\printerselector\supdapp.exe | 
"{A8268B80-84E8-48BB-BF31-B25E9028315D}" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | 
"{A9DFC3D5-784D-4B77-9C80-F8437D2B3208}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AA3CD761-2F21-4E9F-92CB-AB94813248B4}" = protocol=6 | dir=in | app=c:\program files (x86)\wlite\wservice.exe | 
"{AB36D0C5-99BA-400E-B6D1-9064626E676A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{ABE2BF8D-9859-4BAB-B612-72E3B8DB5E72}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{AC73ED2F-669E-44D0-A7AA-D1E83C6BFD43}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | 
"{ADDBFFAF-E354-4A6F-9188-1B87C4343ACA}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe | 
"{AF5389D8-6756-4D3D-872C-BCFA29918B45}" = dir=in | app=c:\users\michael jeckyll\appdata\local\microsoft\skydrive\skydrive.exe | 
"{AF5ECC4E-D204-476F-B0AA-C0877E3CA463}" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"{AFD70461-A9BF-4204-94AB-F94AF7624D1E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
"{B14FD04A-4B51-4EF2-9C5C-7052BCC72ACF}" = protocol=6 | dir=out | app=system | 
"{B2A3B115-282D-41ED-A130-18E4EC2FBD12}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivboot.exe | 
"{B4EA895C-D3EA-49CC-A33E-A5BA05E9CE00}" = protocol=6 | dir=in | app=c:\users\michael jeckyll\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B5316112-7266-4B44-BBAD-52BE31F14994}" = protocol=6 | dir=in | app=c:\users\james\appdata\local\temp\7zs5d72\hppiw.exe | 
"{B63535F6-8715-42C5-A461-21DC1EE8C814}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{B6CD11B3-183C-413B-8727-7FB52D5AFAF2}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{B6F21BF9-D689-484B-B518-863249A92AF3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{B727BB41-2F99-4D2D-93D1-4A432C3439F2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2006\agent.exe | 
"{B8E35C00-996D-4715-9E68-8F9C5B54AE2C}" = dir=in | app=c:\program files (x86)\wyse\pocketcloud windows companion\pocketcloudinstallwizard.exe | 
"{B8FC5AFA-9742-47FE-97FA-3D20B8BB21F4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{B9E7030F-E395-4FCB-8F68-E9E6075599C1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe | 
"{BA0ABB5C-62BB-452B-8074-03E19864B793}" = protocol=17 | dir=in | app=c:\users\michael jeckyll\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BA34B9F0-D558-4260-B5EC-408719BC42E6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{BA764857-E123-4CB2-BF2A-2EF16B05419F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{BB17C8CD-97F1-4E25-9BE9-31764D562C10}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{BBDBF1D6-71AF-47E3-A2F0-5527AE55044E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{BD39765B-9721-49D6-B9F5-98FB3493F9C4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C0E5B720-FBFE-4F3C-AC24-E18BBFD2CAAE}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{C1CCF5F2-F362-4E8C-A601-350FDAE8F937}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
"{C3565E07-33E4-48FE-902E-9C49CC247CE0}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C94B2774-156E-400C-8E04-8B1B5EC1C576}" = protocol=6 | dir=in | app=c:\program files (x86)\tightvnc\tvnserver.exe | 
"{C9E46C92-EA7A-4DDD-A5B9-09A2A522BBD8}" = protocol=17 | dir=in | app=c:\program files (x86)\mypoi manager\mypoimanager.exe | 
"{CA193468-E84D-4B19-96C7-F55E46456D57}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"{CAA6211A-CE76-49DB-B2CA-32A74E5F4D45}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2787\agent.exe | 
"{CB31613C-2FD8-4064-BC7F-5B89EFDB0DAA}" = protocol=6 | dir=in | app=c:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe | 
"{CECB11B1-EECE-4E77-A57F-81854BA06CEE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe | 
"{D0C2BFC4-6466-46E2-83D1-5316E9462B97}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{D54459EF-D2F7-4B26-8A10-591787CAE63C}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{D6B3D580-5217-4262-B224-AF36093F8489}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D7EBBA2E-DBB3-468D-85B8-F9A9BE251BCC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe | 
"{D85F456F-EF79-4A25-9337-25AE13F3A610}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D8647C26-B33A-428F-8C51-20CF95498AB6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{DA04E5B6-8C20-494C-AF87-67AEDB0DAECC}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe | 
"{DC31CBE8-34FA-47D7-81B7-5EA7307E4FB3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DF24103D-C738-4BDE-A9D9-DE41F660464A}" = dir=in | app=c:\program files (x86)\google\chrome remote desktop\35.0.1916.52\remoting_host.exe | 
"{E14EABAC-3C70-48BF-8F31-5D65FA3A77AF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E19E8E4C-80CC-4095-BFB4-14F8003CAA08}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{E7686548-38AC-4CC9-80F9-1A2B0EE96F2B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EAF901B0-2009-4300-96E2-C51936AF3611}" = dir=in | app=c:\program files (x86)\wyse\pocketcloud windows companion\pocketcloudinstallwizard.exe | 
"{EEF17F9B-B243-4DE4-A859-104D994408C6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2000\agent.exe | 
"{F33132C3-8DEE-45BC-B92D-3BEB2A2CFC17}" = protocol=6 | dir=in | app=c:\xampp\filezillaftp\filezillaserver.exe | 
"{F3F0EF26-89EE-4B3C-A12E-DCFE4CB9D8C5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F5678029-4560-4137-AE27-65D9282C7722}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | 
"{F5E52C89-8D5C-406F-8742-C7DEEB885EED}" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | 
"{F68C1188-78CA-412E-A0DC-4F55391CB294}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{F6957517-F7FD-451C-810F-04007B83036B}" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"{F6FF33AD-93F8-4330-8D8F-E68DED4B8CA7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{F857C20F-A737-4521-B6F2-BCBF67DC9101}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F9E82E87-1A88-46B5-9919-411A9A32AC06}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2036\agent.exe | 
"{FFBD33F1-9456-4432-B503-83DCDDEEF868}" = protocol=1 | dir=out | [email protected],-28544 | 
"TCP Query User{00D93969-6CD5-452F-A742-4FDBA3B070E4}C:\program files\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe | 
"TCP Query User{01D64AE8-07D5-47ED-AC8F-E570BB2C1CF8}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"TCP Query User{027E0B72-D6B0-4C99-9EFF-F85420B606DA}C:\users\michael\downloads\downloader_warcraft3_reign_of_chaos_enus(2).exe" = protocol=6 | dir=in | app=c:\users\michael\downloads\downloader_warcraft3_reign_of_chaos_enus(2).exe | 
"TCP Query User{0412EBF2-D42F-4AAE-852F-345A5504C3EC}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{0763321D-9D77-4899-9ED3-0CCEB04FCAB6}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{098BFF4C-A9B6-42A4-AD27-87CE494B9467}C:\program files\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe | 
"TCP Query User{09D4FF8D-AD69-4FF8-A1CC-CA3A350BCC47}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"TCP Query User{0B332417-2F08-4DC5-9634-2F43C7A2363A}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"TCP Query User{0B3443D9-361A-490F-A6AD-B6B130BD0E34}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | 
"TCP Query User{0E6FD444-1A84-4F9B-9AA3-C98CEBEAEAF7}C:\users\public\games\world of warcraft public test\wow-0.3.3.11623-to-0.3.3.11643-enus-ptr-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.3.11623-to-0.3.3.11643-enus-ptr-downloader.exe | 
"TCP Query User{0FFCB614-43B9-4303-AC60-9DB83D44CDEF}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"TCP Query User{1031D6AE-599B-4230-85FD-2C493DC8D3A7}C:\users\james\appdata\local\microsoft\age of empires online\spartan.exe" = protocol=6 | dir=in | app=c:\users\james\appdata\local\microsoft\age of empires online\spartan.exe | 
"TCP Query User{12C4F499-494D-429D-BC3F-730EB1F5FADA}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{1348B956-69A0-48C7-8B42-F7604F4EA408}C:\xampp\filezillaftp\filezillaserver.exe" = protocol=6 | dir=in | app=c:\xampp\filezillaftp\filezillaserver.exe | 
"TCP Query User{1A265671-03F4-4313-AB2A-7D263C28AD42}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"TCP Query User{26AFED5F-0B44-4362-8B4F-C84854D5D239}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"TCP Query User{2B998532-86DC-48C4-A8FE-63D0CE68924C}C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe | 
"TCP Query User{2E006B5E-6446-46F5-BD7E-AD36FA94B5B0}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{2E562F98-EA4A-4A5C-B778-1C951DC029AE}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"TCP Query User{2EF2CD61-03A7-4EB2-AB7D-5E8264A48B36}C:\users\public\games\world of warcraft public test\wow-0.3.5.12045-to-0.3.5.12124-enus-ptr-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.5.12045-to-0.3.5.12124-enus-ptr-downloader.exe | 
"TCP Query User{30D06044-1A6A-4ECC-A977-BCE61EE8B55B}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"TCP Query User{364DBD8F-2CAE-4968-860A-BB8219FFAFEB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{3832151F-097E-47CD-9BB6-FDAB018B3C0C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{3E226D5D-B08D-476D-94AB-394BC2D0A5D8}C:\program files (x86)\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe | 
"TCP Query User{3F1D8544-AA05-44CE-A872-5143AF1D7AD8}C:\program files\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe | 
"TCP Query User{4BE4A48D-59D7-4EBC-B187-F90D06CCB444}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{4CE0CB1E-B738-433D-8115-B8EDB0572FA0}C:\users\public\games\world of warcraft public test\wow-0.3.3.11643-to-0.3.3.11655-enus-ptr-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.3.11643-to-0.3.3.11655-enus-ptr-downloader.exe | 
"TCP Query User{525309AB-232A-44BF-A6F1-1E623433C185}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=6 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe | 
"TCP Query User{54D3B570-F357-462A-B1DD-FA904044C972}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"TCP Query User{58080556-A52B-4A02-A870-CA45D6C6C42D}C:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe" = protocol=6 | dir=in | app=c:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe | 
"TCP Query User{5B8F6D4B-89A3-4AC4-8E22-B2D36DD3C8DD}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe | 
"TCP Query User{5BFC7F8C-9EFB-443B-8433-A7C3009DAC7D}C:\users\michael\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\michael\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe | 
"TCP Query User{619A12A8-499C-4470-8E72-EF25C2F2AB5C}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"TCP Query User{62930269-43FB-477C-86E2-D4817A5CF57C}C:\users\public\games\world of warcraft public test\wow-0.3.5.12148-to-0.3.5.12166-enus-ptr-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.5.12148-to-0.3.5.12166-enus-ptr-downloader.exe | 
"TCP Query User{639A5AA7-FA53-4616-A5D4-61A8F56F8EF7}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{64CE6BB4-8094-47A1-84BD-AF21C1D44648}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe | 
"TCP Query User{66566601-A66B-4895-AFD2-D3A24550D063}C:\users\public\games\world of warcraft public test\wow-0.3.3.11573-to-0.3.3.11599-enus-ptr-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.3.11573-to-0.3.3.11599-enus-ptr-downloader.exe | 
"TCP Query User{7256813F-D559-46D4-BF4B-BB01FC381DCC}C:\program files (x86)\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{778599AA-60DA-47C2-96E4-E6C072602300}C:\program files (x86)\Java\jdk1.7.0_45\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jdk1.7.0_45\bin\java.exe | 
"TCP Query User{79B0A1D8-55EF-4867-9E19-02CF33AEF679}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{7DC6FE0A-9628-41DF-ABAA-9362E5EC48B5}C:\users\michael\downloads\downloader_diablo2_lord_of_destruction_enus.exe" = protocol=6 | dir=in | app=c:\users\michael\downloads\downloader_diablo2_lord_of_destruction_enus.exe | 
"TCP Query User{80CDDD92-686C-46A3-A1C2-DA7F545B7344}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{85865E16-5576-4D6C-826A-5995A33C9C64}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"TCP Query User{8694D6FC-B8F1-4311-87C0-5D426D3AAE5F}C:\users\public\games\world of warcraft public test\wow-0.3.0.10958-to-0.3.3.11573-enus-ptr-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.0.10958-to-0.3.3.11573-enus-ptr-downloader.exe | 
"TCP Query User{880A49FD-B0B1-43AB-A4C6-2DB049012D7E}C:\diablo\diablo.exe" = protocol=6 | dir=in | app=c:\diablo\diablo.exe | 
"TCP Query User{884E04C6-B293-4715-86A4-BFB5EDB96153}C:\users\public\games\world of warcraft public test\wow-0.3.5.12166-to-0.3.5.12196-enus-ptr-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.5.12166-to-0.3.5.12196-enus-ptr-downloader.exe | 
"TCP Query User{8BE54DDB-BEA8-4F53-B9AB-2C41BC7DDCF2}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{8C7EDA09-4376-4DD2-8BB4-4A670BC1EB6F}C:\program files\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe | 
"TCP Query User{90BCCD26-AA6B-456E-89B2-1DD901B26016}C:\users\public\games\world of warcraft public test\wow-0.3.0.10522-to-0.3.0.10958-enus-ptr-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.0.10522-to-0.3.0.10958-enus-ptr-downloader.exe | 
"TCP Query User{92DE8F09-71CF-49B1-A6AE-F52CC126D520}C:\users\public\games\world of warcraft public test\wow-0.3.5.11993-to-0.3.5.12045-enus-ptr-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.5.11993-to-0.3.5.12045-enus-ptr-downloader.exe | 
"TCP Query User{949B485D-69FF-4F79-8F5E-803AA541476E}C:\users\public\games\world of warcraft public test\wow-0.3.3.11655-to-0.3.3.11685-enus-ptr-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.3.11655-to-0.3.3.11685-enus-ptr-downloader.exe | 
"TCP Query User{94D07E94-8F7C-44F8-A35C-1A7B40FEE531}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | 
"TCP Query User{958B9E5B-CF5C-480C-9D05-9003DFAA2F05}C:\programdata\battle.net\agent\agent.913\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"TCP Query User{96E1BA1C-D84E-452A-A157-5146E4697598}C:\program files (x86)\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\secondlife\slvoice.exe | 
"TCP Query User{99F4E82B-472B-4AFE-B902-C63600B2B247}C:\users\public\games\world of warcraft public test\wow-0.3.3.11685-to-0.3.5.11993-enus-ptr-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.3.11685-to-0.3.5.11993-enus-ptr-downloader.exe | 
"TCP Query User{9C05CDE1-A56C-4954-B9C3-4EBB4D333636}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{9DC92506-8847-422E-8A46-415EF68789DF}C:\users\james\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\james\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{A375019D-4AAD-4BFE-B707-9059760FE1E8}C:\users\public\games\world of warcraft public test\wow-0.3.3.11599-to-0.3.3.11623-enus-ptr-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.3.11599-to-0.3.3.11623-enus-ptr-downloader.exe | 
"TCP Query User{A6AB1F0A-D3C8-4325-BF53-38E894CB829E}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"TCP Query User{AB364CEB-57D6-4848-A23F-67F1AC1034A4}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=6 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe | 
"TCP Query User{AB60B3A4-442C-4129-B0D5-298F4319DFE8}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"TCP Query User{BAB32098-DBBF-4511-97F0-2C131F200548}C:\users\public\games\world of warcraft public test\wow-0.3.5.12124-to-0.3.5.12148-enus-ptr-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.5.12124-to-0.3.5.12148-enus-ptr-downloader.exe | 
"TCP Query User{BE7ED9B1-0BE5-4967-BF7D-AC505FB78D2B}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | 
"TCP Query User{C4D1EA7D-6C88-4753-8EDE-F305667B2D90}C:\program files (x86)\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\secondlifeviewer2\slvoice.exe | 
"TCP Query User{C6CA2681-D854-4BFF-AAFF-AAECE15F93C6}C:\users\michael\downloads\downloader_warcraft3_the_frozen_throne_enus.exe" = protocol=6 | dir=in | app=c:\users\michael\downloads\downloader_warcraft3_the_frozen_throne_enus.exe | 
"TCP Query User{C81BC5A6-935C-4D66-8582-B163E1EC811C}C:\users\james\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\james\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{CC42616D-7504-4A89-84B7-AF5FD622C2BF}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
"TCP Query User{CEB55015-7F3A-4719-BBC9-701EC4473340}C:\users\michael\downloads\downloader_diablo2_enus.exe" = protocol=6 | dir=in | app=c:\users\michael\downloads\downloader_diablo2_enus.exe | 
"TCP Query User{D09FE508-E6C5-421A-A17F-94D94FBC5B2A}C:\program files\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe | 
"TCP Query User{D9CDECD3-6F67-48CA-99BB-CFCF11234AD1}C:\users\michael\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\temp\gw2.exe | 
"TCP Query User{E55F3566-094E-41BC-ABC0-B1C82323B4CF}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | 
"TCP Query User{E836D7E0-1E95-4122-98F2-37046BE74840}C:\program files (x86)\polkast\polkastlibrary.exe" = protocol=6 | dir=in | app=c:\program files (x86)\polkast\polkastlibrary.exe | 
"TCP Query User{E8DFB4B8-4E94-496C-BD10-2DBF370D69EA}C:\users\michael\downloads\downloader_warcraft3_reign_of_chaos_enus.exe" = protocol=6 | dir=in | app=c:\users\michael\downloads\downloader_warcraft3_reign_of_chaos_enus.exe | 
"TCP Query User{EB87E3A3-0671-4309-94CA-AE1980CBC5D6}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 
"TCP Query User{EF474083-C1A4-4CB2-B3DD-175D290C1DD6}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{F50F45E2-04E5-4249-88C9-6BC1073269BC}C:\users\michael\downloads\diablo-iii-8370-enus-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\michael\downloads\diablo-iii-8370-enus-installer-downloader.exe | 
"TCP Query User{FBFB7110-CE9B-4AFE-B473-9DB8E276B8B4}C:\users\michael\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{FF245EB2-EB22-44EA-A2DA-62FB6761E4EF}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe | 
"UDP Query User{00E357E0-9486-4FFF-8BDE-4120055392D7}C:\users\michael\downloads\downloader_warcraft3_reign_of_chaos_enus.exe" = protocol=17 | dir=in | app=c:\users\michael\downloads\downloader_warcraft3_reign_of_chaos_enus.exe | 
"UDP Query User{02736ACD-8616-4841-BCD7-5A683B07EE33}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe | 
"UDP Query User{03210B6D-3DEF-4F37-B531-F189313F67E7}C:\program files (x86)\polkast\polkastlibrary.exe" = protocol=17 | dir=in | app=c:\program files (x86)\polkast\polkastlibrary.exe | 
"UDP Query User{05C1EA99-101B-419E-8B38-75D20D064366}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{0950F647-7A38-42D6-AB8F-2FD640618108}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{109062E2-3388-4B32-9AEC-31BD4502673F}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
"UDP Query User{11049EF5-8024-4631-B1BE-5C1D12CB673B}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"UDP Query User{146762E9-78E7-4D91-989A-A69E138C6219}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=17 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe | 
"UDP Query User{1735134D-C7C9-4F3F-B2E5-466EBE10F01B}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe | 
"UDP Query User{1898AE87-D681-442A-8D21-F05DEF4AECD0}C:\users\public\games\world of warcraft public test\wow-0.3.5.12148-to-0.3.5.12166-enus-ptr-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.5.12148-to-0.3.5.12166-enus-ptr-downloader.exe | 
"UDP Query User{1B45351C-59B2-4837-A356-EACCF95A8055}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{1D78471A-BB04-49B1-8D98-B0B96C52C289}C:\program files\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-enus-downloader.exe | 
"UDP Query User{27B6C73A-6839-42AD-92D1-44DD1558AB6A}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"UDP Query User{2A68A5C4-4AD6-4CA9-AB50-F3B245FFFA9B}C:\users\public\games\world of warcraft public test\wow-0.3.3.11599-to-0.3.3.11623-enus-ptr-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.3.11599-to-0.3.3.11623-enus-ptr-downloader.exe | 
"UDP Query User{2DC615C9-07F7-40CE-A593-277DE9481AC1}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe | 
"UDP Query User{2EBB82FB-D4DB-493B-8419-DDC83B5079DC}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{300260D1-05A8-4F55-96A1-A06072AC2708}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"UDP Query User{3064B271-E543-4FA8-A78D-E6A6F9FC57B8}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"UDP Query User{3064EFC2-1AEE-4B2B-9F2A-2E93D20051D3}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{31372DAD-2BF0-4CB3-BE55-0ACBEDFDB744}C:\programdata\battle.net\agent\agent.913\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"UDP Query User{317252C0-865C-4CB4-A352-5249CF031670}C:\users\public\games\world of warcraft public test\wow-0.3.5.12166-to-0.3.5.12196-enus-ptr-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.5.12166-to-0.3.5.12196-enus-ptr-downloader.exe | 
"UDP Query User{3DADF66C-9D9D-4151-A1A5-42918FD9DA8C}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"UDP Query User{3F570D24-1D52-4185-88BD-D8AEBF7AA7A1}C:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cisco packet tracer 5.3.3\bin\packettracer5.exe | 
"UDP Query User{40C44596-EA4D-48D6-8A1B-36A4433A061A}C:\users\michael\downloads\downloader_warcraft3_the_frozen_throne_enus.exe" = protocol=17 | dir=in | app=c:\users\michael\downloads\downloader_warcraft3_the_frozen_throne_enus.exe | 
"UDP Query User{486164DA-1577-4545-9B05-29DB8A22E34F}C:\users\michael\downloads\downloader_diablo2_lord_of_destruction_enus.exe" = protocol=17 | dir=in | app=c:\users\michael\downloads\downloader_diablo2_lord_of_destruction_enus.exe | 
"UDP Query User{4884C43A-D548-43AF-969C-1E1529193E59}C:\program files\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe | 
"UDP Query User{4ABCDA6A-CFB9-41B9-824C-C2C9C3E70FC4}C:\users\michael\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\michael\downloads\wow-3.0.1.8874-ptr-us-installer-downloader.exe | 
"UDP Query User{4FC44235-53B1-48FE-9AEF-7D5A614EF164}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe | 
"UDP Query User{53C8F78E-F81D-4A4E-B3D0-8E6C4DE8AF08}C:\users\michael\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{5571EB2C-46F2-4B2D-B4FF-68733D828239}C:\users\public\games\world of warcraft public test\wow-0.3.5.11993-to-0.3.5.12045-enus-ptr-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.5.11993-to-0.3.5.12045-enus-ptr-downloader.exe | 
"UDP Query User{5E531AE6-BBEC-488E-9229-72F7ACFAE7CE}C:\users\public\games\world of warcraft public test\wow-0.3.3.11685-to-0.3.5.11993-enus-ptr-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.3.11685-to-0.3.5.11993-enus-ptr-downloader.exe | 
"UDP Query User{63E4F206-F01E-4EEE-B0ED-C122BA83BB4D}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | 
"UDP Query User{64F3A681-8C85-4274-AA70-5D1503E25823}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 
"UDP Query User{66B714CC-4555-4979-9C0E-F2D3075C393A}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{72D14E7B-ADC4-4231-9754-B8BF714C6E1E}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | 
"UDP Query User{773FC199-8B3B-418F-8CAF-353E415C68DD}C:\users\michael\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\temp\gw2.exe | 
"UDP Query User{77EF8C82-C489-4498-82B8-EE0F64E48F9D}C:\program files (x86)\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\secondlifeviewer2\slvoice.exe | 
"UDP Query User{7936CE6F-517A-4977-BFC6-788A6F4AA727}C:\users\james\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\james\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{84175D0F-02B8-40A8-815F-10C7E01DCC79}C:\program files (x86)\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\secondlife\slvoice.exe | 
"UDP Query User{860E7C64-2298-4DDF-83B6-4DF88C776093}C:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe" = protocol=17 | dir=in | app=c:\programdata\kingsisle entertainment\pirate101\bin\pirate.exe | 
"UDP Query User{865B19DD-9089-4B3B-BE57-8C2DBDED21A5}C:\users\public\games\world of warcraft public test\wow-0.3.3.11573-to-0.3.3.11599-enus-ptr-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.3.11573-to-0.3.3.11599-enus-ptr-downloader.exe | 
"UDP Query User{88912633-2DBD-4EC6-B942-E5785A5A0874}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"UDP Query User{8C02EAAB-E559-40ED-9298-31908449F9D0}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | 
"UDP Query User{8C7227E8-01AB-4BD7-BF7E-DBCD2AFCFD6E}C:\users\james\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\james\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{8ECF8162-4527-4460-A877-62ED96301AB6}C:\users\michael\downloads\downloader_diablo2_enus.exe" = protocol=17 | dir=in | app=c:\users\michael\downloads\downloader_diablo2_enus.exe | 
"UDP Query User{9080FF30-DFF4-4EF2-88CF-CC2CF1B80BEB}C:\program files\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe | 
"UDP Query User{90FC9241-8C43-476D-85F8-BDEF5F3DE589}C:\program files (x86)\Java\jdk1.7.0_45\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jdk1.7.0_45\bin\java.exe | 
"UDP Query User{97B68EB1-E80E-41D4-9854-6ABEA378EDA2}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"UDP Query User{A07217B7-E56A-4A50-8B1A-E152F962788B}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{A0AA9F85-D06C-4ACB-89C1-FA9A4C47BA9E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{A727FB24-05D1-4069-A682-2CB3F0AA7FCE}C:\program files\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe | 
"UDP Query User{A9EEF422-A43F-41D2-93F5-C67C40978F9B}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"UDP Query User{AA5BDBCA-5DDB-401D-8EDE-613FC0DE2546}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | 
"UDP Query User{AB2684BA-3729-488D-A9E8-20502652C22A}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{AE3A76AE-B382-43DA-B9A6-F08B4CD447CE}C:\program files (x86)\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe | 
"UDP Query User{BABACDDA-EEE2-48EB-B5FC-98F6A6B9D9E6}C:\program files (x86)\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{C00A60EB-2000-4358-8EB9-1D878203C57F}C:\users\james\appdata\local\microsoft\age of empires online\spartan.exe" = protocol=17 | dir=in | app=c:\users\james\appdata\local\microsoft\age of empires online\spartan.exe | 
"UDP Query User{C2EFEC7C-CBD8-4170-9798-3B0B2531EFCE}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"UDP Query User{C65BFCE1-487E-465C-820F-2AD400BF144D}C:\users\public\games\world of warcraft public test\wow-0.3.0.10958-to-0.3.3.11573-enus-ptr-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.0.10958-to-0.3.3.11573-enus-ptr-downloader.exe | 
"UDP Query User{C78CD56E-52F4-4B53-84C8-D9CBFC37A08C}C:\users\public\games\world of warcraft public test\wow-0.3.5.12124-to-0.3.5.12148-enus-ptr-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.5.12124-to-0.3.5.12148-enus-ptr-downloader.exe | 
"UDP Query User{C8703C6A-D5DB-4B87-BD78-79F13490BE10}C:\users\public\games\world of warcraft public test\wow-0.3.3.11655-to-0.3.3.11685-enus-ptr-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.3.11655-to-0.3.3.11685-enus-ptr-downloader.exe | 
"UDP Query User{C8967272-186A-468A-B4C8-0F775A814245}C:\users\michael\downloads\downloader_warcraft3_reign_of_chaos_enus(2).exe" = protocol=17 | dir=in | app=c:\users\michael\downloads\downloader_warcraft3_reign_of_chaos_enus(2).exe | 
"UDP Query User{CFA020F6-C68B-4B74-8BF5-B1C90A020392}C:\users\public\games\world of warcraft public test\wow-0.3.5.12045-to-0.3.5.12124-enus-ptr-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.5.12045-to-0.3.5.12124-enus-ptr-downloader.exe | 
"UDP Query User{D1E9D35E-B524-481E-A30A-6F462B0C947F}C:\program files\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe | 
"UDP Query User{D3519C21-9F2C-45DD-807E-C6F017D17522}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{D6314CE9-0240-4BE5-A25D-CC4141107C01}C:\users\public\games\world of warcraft public test\wow-0.3.0.10522-to-0.3.0.10958-enus-ptr-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.0.10522-to-0.3.0.10958-enus-ptr-downloader.exe | 
"UDP Query User{D891E79A-9A42-45F9-A780-897408AC992B}C:\users\michael\downloads\diablo-iii-8370-enus-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\michael\downloads\diablo-iii-8370-enus-installer-downloader.exe | 
"UDP Query User{DD0A282E-0013-46A0-BAB3-560DCDA56526}C:\users\public\games\world of warcraft public test\wow-0.3.3.11623-to-0.3.3.11643-enus-ptr-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.3.11623-to-0.3.3.11643-enus-ptr-downloader.exe | 
"UDP Query User{DF4BFF7A-7DAF-455F-A742-DDE27BF51114}C:\diablo\diablo.exe" = protocol=17 | dir=in | app=c:\diablo\diablo.exe | 
"UDP Query User{E76F8001-49BF-4CBF-A5EE-2DB0548A1BD1}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{EAE89ACE-402A-4EA9-AB31-6B16198D907C}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"UDP Query User{F1931E79-F3D7-4CB8-9214-9AAD754F6C2C}C:\users\public\games\world of warcraft public test\wow-0.3.3.11643-to-0.3.3.11655-enus-ptr-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\wow-0.3.3.11643-to-0.3.3.11655-enus-ptr-downloader.exe | 
"UDP Query User{F2F3EBE8-57E0-4D7E-8C1E-2220341BC26D}C:\xampp\filezillaftp\filezillaserver.exe" = protocol=17 | dir=in | app=c:\xampp\filezillaftp\filezillaserver.exe | 
"UDP Query User{F3C17F62-A9DF-4392-808F-DF72D745DB98}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"UDP Query User{FACE9DEF-43D1-4766-B333-12708A3B5FBE}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"UDP Query User{FBBE9CB1-68D6-447E-B716-CA766CA3AFFA}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{FD68D7A5-8BB2-4CD0-AD42-EDC8A76A574E}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{FE3B6F2C-CC55-4E49-BE6D-CA64EE01F51F}C:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe" = protocol=17 | dir=in | app=c:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{230C9C86-26A9-437F-8152-34D5F4C3F680}" = Oracle VM VirtualBox 4.2.18
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2D58E228-ACD8-0B8A-E1FF-D3F7020DA30F}" = AMD Media Foundation Decoders
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50431EE1-C1CC-4AE7-BDE3-B60536E7BA92}" = Panda Cloud Antivirus
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6090DF46-8BA4-54AA-F60C-4647AE1016A4}" = ATI AVIVO64 Codecs
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.1
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{936D0DCE-9C2A-7D4C-0E96-7D5B40206DD1}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BABA4667-CF82-B330-A8E5-6E8A09B2D911}" = AMD Accelerated Video Transcoding
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{C0C31BCC-56FB-42a7-8766-D29E1BD74C7d}" = Python 2.7.3 (64-bit)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C6BF8F09-89DB-2CB0-AB90-A8D02BD37DBC}" = AMD Drag and Drop Transcoding
"{CB500A52-1B84-CA65-BB07-D092FCE39E42}" = ccc-utility64
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DC3381CB-10D4-431D-B9B3-7DB84B00645F}" = FreePriceAlerts 2.3.5
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E4490157-303F-F06F-FB6E-D2053A43A182}" = AMD Catalyst Install Manager
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"Microsoft Security Client" = Microsoft Security Essentials
"MyPC Backup" = MyPC Backup 
"O365HomePremRetail - en-us" = Microsoft Office 365 - en-us
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"PlurPush" = PlurPush
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR archiver
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05B2AAA8-F30A-163D-76E4-9E618DBDAFB1}" = Catalyst Control Center InstallProxy
"{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.8
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{116204F9-CEE4-F29F-0CF1-7ACF6EC32E29}" = CCC Help Hungarian
"{12FB6296-8840-11E3-86D7-00163E98E7D0}" = Evernote v. 5.1.2
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{1538446A-B130-4049-B004-46D781583724}" = Ka Kuro Royale
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java™ 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2D0B367F-6BB2-73E2-2D9A-19EFF005A655}" = CCC Help Russian
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E295B5B-1AD4-4D36-97C2-A316084722CF}" = Python 2.7.2
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{32A3A4F4-B792-11D6-A78A-00B0D0170450}" = Java SE Development Kit 7 Update 45
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3528E965-4F0A-C0C7-B99C-920B7FE594E6}" = CCC Help Greek
"{355FBF6C-31EB-C660-F07A-1CC93975A5CA}" = HydraVision
"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
"{37D59F62-2FC7-412D-AA55-3D0E6A9BD9C7}" = Microsoft Live Search Toolbar
"{39A908FD-7322-41AE-B374-C7A076B2FC97}" = Memeo AutoBackup
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = AMD VISION Engine Control Center
"{3E450CF1-F8C4-C8D6-29D1-87AD090E8F2A}" = Catalyst Control Center InstallProxy
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1" = Foxit Cloud
"{41B8D9C5-4DBB-D539-7FFA-8D83CB91A53B}" = CCC Help Portuguese
"{41D168A3-E94D-8F9B-4B7B-41B1AEBE75D2}" = CCC Help French
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}" = OpenOffice 4.0.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{5DE096E8-BCBB-33B1-832C-E602DA635B36}" = CCC Help Finnish
"{662140BE-138C-4DC1-B4CD-B62C6C855A25}" = Pirate101
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{689556B2-BA08-6F09-EAFE-EA361F1742E4}" = CCC Help Chinese Standard
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AEDB189-219A-6326-493E-AECC88AA99AA}" = CCC Help Japanese
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D9C043E-0EB7-6F70-D981-1787F65C4D71}" = CCC Help Danish
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7027908B-573C-4C77-84D4-C488679BCD6F}" = Chrome Remote Desktop Host
"{707D2B5A-03CA-4632-A9D2-D484C6E9F3FE}" = Adobe Setup
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FA7631-3015-4EEC-A002-09488C47A07C}" = Media Go Network Downloader
"{74E9DD22-03B1-DE37-C677-4796ACECE6A7}" = CCC Help German
"{7547239C-FA8A-4FA4-84A6-31EAC0777E1B}" = Media Go
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7915B2E6-DBFA-5BFA-3FD3-726E704CFC94}" = CCC Help Turkish
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7C5AEEE1-6D7C-8922-4548-7BF9096077EC}" = Media Go Video Playback Engine 2.4.102.12040
"{7C70D3E4-8965-4C28-9B19-B526CD9F1C9F}" = ArcSoft MediaImpression for Kodak
"{7D66971C-652B-4065-A6B1-B3EE313C254B}" = BlueJ
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{817B97FF-3CB7-8F10-1832-0890DCDD0526}" = CCC Help Czech
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{91140000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2010
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7A2EBB-3029-493A-8004-2FF7B3A7FF8A}" = Adobe Creative Suite 3 Web Standard
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}" = FINAL FANTASY XIV - A Realm Reborn (Beta Version)
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D003D65-EF1F-03DD-EE3F-AB7753C3A9F0}" = CCC Help Chinese Traditional
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D5A41F8-E603-4403-5E9D-694A9DE49145}" = CCC Help Dutch
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{9EDE7573-F2B0-4FAC-8928-A7E9381BCB91}" = ArcSoft MediaImpression for Kodak
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9947AC7-4FBD-301C-811D-4CA821D8CA03}" = CCC Help Thai
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AA909E80-DC40-4AF0-A693-376F9F1C8582}" = World of Warcraft® MMO Gaming Mouse: Legendary Edition
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC568900-82E7-99FF-6C46-E899F9950D17}" = CCC Help Italian
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B405F81D-3AB8-A7FA-BDDA-BF226815DE28}" = CCC Help Spanish
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}" = SNS Upload for Easy Document Creator
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{CA72A82C-7DBC-4814-8CCB-E5BFAC59FAEF}" = ArcSoft MediaImpression for Kodak
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE96B998-6333-5ADD-F184-6069F7A99F01}" = CCC Help Swedish
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC1DB3CB-C24A-4D30-9531-E74456FD2A7D}" = Ka Kuro Royale
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE18A8A8-7AE2-867F-3911-FA8F1C021B51}" = CCC Help Korean
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E121A4FE-009B-385B-BB0D-B934E2A88288}" = Google Talk Plugin
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E4431953-0C3A-75AF-CCC3-2DF9C0827932}" = CCC Help Norwegian
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E86B07AE-9F94-44D5-AD47-DC2716EA90D2}" = Secure Download Manager
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EF55A180-F177-4BF8-A711-FE297D480245}" = Python 2.7 PyGTK 2.24.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1503245-7BD9-443A-B18D-4400DB736E91}" = Su Doku Royale
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FB3D338C-2717-9B6E-D7A3-4407AC192B26}" = CCC Help Polish
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector
"7-zip" = 7-zip v9.20
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe_2bd2f2898f4adf51f1cbb829561bb29" = Add or Remove Adobe Creative Suite 3 Web Standard
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"ATMA V" = ATMA V 5.05
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"avast" = avast! Free Antivirus
"Battle.net" = Battle.net
"Bloons TD 5 Deluxe_is1" = Bloons TD 5 Deluxe version 1.19
"Cisco Packet Tracer 5.3.3_is1" = Cisco Packet Tracer 5.3.3
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"Clementine" = Clementine
"Diablo" = Diablo
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"Easy Wireless Setup" = Samsung Easy Wireless Setup
"EasyPodcast" = EasyPodcast
"FeedDemon_is1" = FeedDemon
"FileZilla Client" = FileZilla Client 3.7.3
"Foxit Reader_is1" = Foxit Reader
"Free Desktop Timer_is1" = Free Desktop Timer 1.2
"GameOfLife" = Game of Life
"Google Chrome" = Google Chrome
"Guild Wars 2" = Guild Wars 2
"Hearthstone" = Hearthstone
"Hellfire" = Hellfire
"Homepage Protection" = Homepage Protection
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"IPCameraDSFilter" = IP Camera DS Filter
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LAME_is1" = LAME v3.99.3 (for Windows)
"LastPass" = LastPass (uninstall only)
"Live Lite 4 for M-Audio 4.0.4" = Live Lite 4 for M-Audio 4.0.4
"MAGIX Media Manager 2004 silver" = MAGIX Media Manager 2004 silver
"MAGIX music studio 10 deLuxe" = MAGIX music studio 10 deLuxe
"MediaMonkey_is1" = MediaMonkey 4.1
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"Mozilla Thunderbird 24.4.0 (x86 en-US)" = Mozilla Thunderbird 24.4.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.54
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.5
"nbi-nb-base-7.4.0.0.201310111528" = NetBeans IDE 7.4
"Notepad++" = Notepad++
"Office14.AccessR" = Microsoft Access 2010
"Office14.SingleImage" = Microsoft Office Professional 2010
"Opera 20.0.1387.91" = Opera Stable 20.0.1387.91
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"Pen Tablet Driver" = Pen Tablet
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"Plants vs. Zombies" = Plants vs. Zombies
"RaidCall" = RaidCall
"RealPlayer 16.0" = RealPlayer
"Reel Deal Casino Shuffle Master Edition_is1" = Reel Deal Casino Shuffle Master Edition
"RegClean Pro_is1" = RegClean Pro
"Rhapsody" = Rhapsody
"Samsung Easy Document Creator" = Samsung Easy Document Creator
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung OCR Software" = Samsung OCR Software
"Samsung Printer Live Update" = Samsung Printer Live Update
"Samsung Scan Process Machine" = Samsung Scan Process Machine
"Samsung SCX-3400 Series" = Samsung SCX-3400 Series
"Samsung Universal Print Driver 2" = Samsung Universal Print Driver 2
"SearchProtect" = Search Protect
"Sierra Utilities" = Sierra Utilities
"Spotify" = Spotify
"StarCraft II" = StarCraft II
"TightVNC" = TightVNC 2.0.4
"TreeSize Free_is1" = TreeSize Free V2.7
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"View User Guide" = View User's Guide
"VOPackage" = VO Package
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Warcraft III" = Warcraft III
"WildTangent hp Master Uninstall" = HP Games
"WinGimp-2.0_is1" = GIMP 2.6.9
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 5.5
"wLite" = webcamXP Lite
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
"WTA-fbd64a0c-6499-44da-b866-43adaf2efebb" = Reel Deal Slot Quest: Alice in Wonderland
"xampp" = XAMPP
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"DesktopWeatherAlerts" = DesktopWeatherAlerts
"Dropbox" = Dropbox
"OneDriveSetup.exe" = Microsoft OneDrive
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/17/2014 12:00:45 PM | Computer Name = Michael-PC | Source = TabletServicePen | ID = 0
Description = 
 
Error - 4/19/2014 8:31:04 PM | Computer Name = Michael-PC | Source = TabletServicePen | ID = 0
Description = 
 
Error - 4/19/2014 9:09:56 PM | Computer Name = Michael-PC | Source = TabletServicePen | ID = 0
Description = 
 
Error - 4/20/2014 3:24:32 PM | Computer Name = Michael-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
 Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program 
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
 requestedPrivileges elements are not allowed in manifest.
 
Error - 4/21/2014 10:12:26 AM | Computer Name = Michael-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
 Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program 
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
 requestedPrivileges elements are not allowed in manifest.
 
Error - 4/24/2014 9:00:42 AM | Computer Name = Michael-PC | Source = TabletServicePen | ID = 0
Description = 
 
Error - 4/25/2014 4:04:59 PM | Computer Name = Michael-PC | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
 Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program 
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
 requestedPrivileges elements are not allowed in manifest.
 
Error - 4/26/2014 1:00:11 PM | Computer Name = Michael-PC | Source = Application Hang | ID = 1002
Description = The program RegCleanPro.exe version 6.21.65.2763 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: bd8    Start
 Time: 01cf616f9e1393da    Termination Time: 60000    Application Path: C:\Program Files
 (x86)\RegClean Pro\RegCleanPro.exe    Report Id:   
 
Error - 4/26/2014 2:13:43 PM | Computer Name = Michael-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 1bf8    Start Time:
 01cf617806a81cc6    Termination Time: 8    Application Path: C:\Users\Michael Jeckyll\Downloads\OTL.exe
 
Report
 Id:   
 
Error - 4/26/2014 2:22:38 PM | Computer Name = Michael-PC | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 4/26/2014 2:22:38 PM | Computer Name = Michael-PC | Source = Windows Search Service | ID = 7042
Description = 
 
[ Hewlett-Packard Events ]
Error - 9/21/2011 12:21:33 PM | Computer Name = Michael-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091121102130.xml
 File not created by asset agent
 
Error - 11/9/2011 1:32:07 PM | Computer Name = Michael-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Object '/c56af2b3_65cc_44d0_bdbf_9b34af64fe1b/whzbqpqr5t4g05vpuylqghza_5.rem' has
 been disconnected or does not exist at the server.    Name: hpsa_service.exe  Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 7927  Ram Utilization: 50  TargetSite: Void UpdateDetail(System.String)  
 
Error - 11/18/2011 1:11:22 AM | Computer Name = Michael-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Object '/8b5ff10c_2cb3_495b_a684_4adf078b237c/7tc5evgyp2p9r92iniy5d6cw_5.rem' has
 been disconnected or does not exist at the server.    Name: hpsa_service.exe  Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 7927  Ram Utilization: 40  TargetSite: Void UpdateDetail(System.String)  
 
Error - 6/13/2012 1:26:03 PM | Computer Name = Michael-PC | Source = HPSFMsgr.exe | ID = 2000
Description = 
 
Error - 8/12/2012 1:00:22 AM | Computer Name = Michael-PC | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2146233087  Server stack trace:      at System.ServiceModel.Channels.CommunicationObject.ThrowIfDisposedOrNotOpen()
 
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway,
 ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
 
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
 methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
 message)    Exception rethrown at [0]  Message: The communication object, System.ServiceModel.Channels.ServiceChannel,
 cannot be used for communication because it has been Aborted.  StackTrace:  Server 
stack trace:      at System.ServiceModel.Channels.CommunicationObject.ThrowIfDisposedOrNotOpen()
 
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway,
 ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
 
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
 methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
 message)    Exception rethrown at [0]:      at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
 reqMsg, IMessage retMsg)     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
 msgData, Int32 type)     at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicatorCallback.PostponeTuneup(PostponeTime
 time)     at HPSA_Messenger.MessengerPopUpWindow.btnStackRemindMeLater_Click(Object
 sender, RoutedEventArgs e)  Source: mscorlib    Name: HPSFMsgr.exe  Version: 01.00.00.00
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
Format:
 en-US  RAM: 8183  Ram Utilization: 30  TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
 System.Runtime.Remoting.Messaging.IMessage)  
 
Error - 9/12/2012 1:03:28 AM | Computer Name = Michael-PC | Source = HPSFMsgr.exe | ID = 2000
Description = 
 
Error - 10/13/2012 5:40:23 PM | Computer Name = Michael-PC | Source = HPSFMsgr.exe | ID = 2000
Description = 
 
Error - 10/31/2012 12:11:44 PM | Computer Name = Michael-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 1/14/2013 11:28:18 AM | Computer Name = Michael-PC | Source = HPSFMsgr.exe | ID = 2000
Description = 
 
Error - 1/23/2013 1:10:02 PM | Computer Name = Michael-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Object '/cb997543_8c04_4783_b377_a56e9ba3b63e/fi9u_ktdmafawbczlbymyndk_5.rem' has
 been disconnected or does not exist at the server.    Name: hpsa_service.exe  Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 8183  Ram Utilization: 30  TargetSite: Void UpdateDetail(System.String)  
 
[ System Events ]
Error - 4/26/2014 1:26:40 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 4/26/2014 1:26:40 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 4/26/2014 1:26:40 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 4/26/2014 1:27:10 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 4/26/2014 1:27:16 PM | Computer Name = Michael-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 4/26/2014 1:35:12 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
 service which failed to start because of the following error:   %%1068
 
Error - 4/26/2014 1:40:58 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Computer
 Backup (MyPC Backup) service to connect.
 
Error - 4/26/2014 1:40:58 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7000
Description = The Computer Backup (MyPC Backup) service failed to start due to the
 following error:   %%1053
 
Error - 4/26/2014 1:41:00 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error:   %%2
 
Error - 4/26/2014 1:49:58 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.
 
 
< End of report >

  • 0

#5
anazopyreo

anazopyreo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

I've tried running adwCleaner twice and it's hanging on Analyzing browsers... It's been stuck at about 95% (based on length of the blue bar) for about an hour now.


  • 0

#6
anazopyreo

anazopyreo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts
Sorry I couldn't get the adwcleaner one. I kept trying, but it always gets hung up on the last bit.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Michael Jeckyll on Sat 04/26/2014 at 16:43:56.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] cltmngsvc 
Successfully deleted: [Service] cltmngsvc 
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2285044726-644081842-593342182-1011\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\regclean pro_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\reeldealslotquestalice-hpdesktop_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\reeldealslotquestalice-hpdesktop_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\reeldealslotquestalice-hpdesktop_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\reeldealslotquestalice-hpdesktop_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7C0A55C-300E-4193-8FB5-5DB8E6533D35}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A7C0A55C-300E-4193-8FB5-5DB8E6533D35}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\Tasks\RegClean Pro_DEFAULT.job"
Successfully deleted: [File] "C:\Windows\Tasks\RegClean Pro_UPDATES.job"
Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Michael Jeckyll\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\homepage protection"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\regclean pro"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\Michael Jeckyll\AppData\Roaming\mozilla\firefox\profiles\8eedzxye.default\user.js
Successfully deleted the following from C:\Users\Michael Jeckyll\AppData\Roaming\mozilla\firefox\profiles\8eedzxye.default\prefs.js
 
user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3323914&octid=EB_ORIGINAL_CTID&ISID=M790E46C0-AAF6-4D0A-BB0A-5E1F59EBC8B6&SearchSource=69&CUI=&SSPV=&Lay
user_pref("browser.search.defaultenginename", "Conduit Search");
user_pref("browser.search.selectedEngine", "Conduit Search");
user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?gd=&ctid=CT3323914&octid=EB_ORIGINAL_CTID&ISID=M790E46C0-AAF6-4D0A-BB0A-5E1F59EBC8B6&SearchSource=55&CUI=&UM=
Emptied folder: C:\Users\Michael Jeckyll\AppData\Roaming\mozilla\firefox\profiles\8eedzxye.default\minidumps [2 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/26/2014 at 17:02:26.47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#7
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Hello

Lets check your Programs & Features and we find:
  • Java 6 Update 16
  • Java 6 Update 22
  • Pando Media Booster
  • RegClean Pro
  • Search Protect
  • VO Package
  • Lets remove all of those programs listed above if found. Some of them may not be there. Check an see.
    ==> Click > Start > Control Panel > Programs & Features.

    Next

    We need to do a fix to delete some files using OTL
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    SRV - (Util PlurPush) -- C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe ()
    SRV - (Update PlurPush) -- C:\Program Files (x86)\PlurPush\updatePlurPush.exe ()
    SRV - (CltMngSvc) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (Conduit)
    SRV - (BackupStack) -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe (Just Develop It)
    IE - HKLM\..\SearchScopes\{355FE6B9-CE1F-4B91-8BE7-0F688362AEE7}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...B65AD7954&SSPV=
    FF - prefs.js..browser.startup.homepage: "http://search.condui...65AD7954&SSPV="
    FF - prefs.js..browser.search.selectedEngine: "Conduit Search"
    O2:64bit: - BHO: (FreePriceAlerts) - {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} - C:\Program Files (x86)\FreePriceAlerts\win64\vbobho.dll (FreePriceAlerts.com)
    O2 - BHO: (PlurPush) - {82249076-d5c8-431d-982b-023779779587} - C:\Program Files (x86)\PlurPush\PlurPushBHO.dll (PlurPush)
    O2 - BHO: (FreePriceAlerts) - {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} - C:\Program Files (x86)\FreePriceAlerts\vbobho.dll (FreePriceAlerts.com)
    O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Conduit)
    O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
    [2014/04/26 10:41:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Protector
    [2014/04/26 10:41:41 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Roaming\VOPackage
    [2014/04/26 10:41:32 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
    [2014/04/26 10:41:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
    [2014/04/26 10:40:51 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Roaming\Systweak
    [2014/04/26 10:40:49 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
    [2014/04/26 10:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
    [2014/04/26 10:39:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PlurPush
    [2014/04/26 10:38:50 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Local\SearchProtect
    [2014/04/26 10:38:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2014/04/26 10:50:04 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
    [2014/04/26 10:50:04 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
    [2014/04/26 10:42:31 | 000,000,482 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\Gems Swap.lnk
    [2014/04/26 10:42:31 | 000,000,456 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\My Games.lnk
    [2014/04/26 10:42:07 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
    [2014/04/26 10:41:43 | 000,001,913 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\Configure VO Package.lnk
    [2014/04/26 10:41:32 | 000,001,059 | ---- | M] () -- C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
    [2014/04/26 10:41:32 | 000,001,049 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\MyPC Backup.lnk
    [2014/04/26 10:41:26 | 000,001,802 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\Continue GemSwap.lnk
    [2014/04/26 10:42:31 | 000,000,482 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\Gems Swap.lnk
    [2014/04/26 10:42:31 | 000,000,456 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\My Games.lnk
    [2014/04/26 10:41:43 | 000,001,913 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\Configure VO Package.lnk
    [2014/04/26 10:41:32 | 000,001,059 | ---- | C] () -- C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
    [2014/04/26 10:41:32 | 000,001,049 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\MyPC Backup.lnk
    [2014/04/26 10:41:26 | 000,001,802 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\Continue GemSwap.lnk
    [2014/04/26 10:41:11 | 000,000,296 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
    [2014/04/26 10:41:09 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
    
    :Files
    
    ipconfig /flushdns /c
    C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe ()
    C:\Program Files (x86)\PlurPush\updatePlurPush.exe ()
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (Conduit)
    C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (Conduit)
    C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (Conduit)
    C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe (Systweak)
    C:\Program Files (x86)\Advanced System Protector\aspsys.dll ()
    C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll ()
    
    :Commands
    
    [emptytemp]
    [resethosts]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.

    In your next reply post

  • The OTL Fix log located here--> C:\_OTL\Moved Files or it may just pop in in front of you.
  • Fresh OTL Log after quick scan

    Thanks
    Joe :)

  • 0

#8
anazopyreo

anazopyreo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts
there is something left that loads when I log into my profile. I can alt-tab to it, but it doesn't show up in my task list or menu across the bottom. when I alt-tab to it I can close it using f4.
 
 
OTL logfile created on: 4/27/2014 8:41:33 AM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael Jeckyll\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.99 Gb Total Physical Memory | 5.24 Gb Available Physical Memory | 65.58% Memory free
15.98 Gb Paging File | 12.87 Gb Available in Paging File | 80.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.20 Gb Total Space | 268.96 Gb Free Space | 39.20% Space Free | Partition Type: NTFS
Drive D: | 12.33 Gb Total Space | 2.22 Gb Free Space | 17.97% Space Free | Partition Type: NTFS
 
Computer Name: MICHAEL-PC | User Name: Michael Jeckyll | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Michael Jeckyll\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\Chrome Remote Desktop\35.0.1916.52\remoting_host.exe (Google Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Foxit Corporation)
PRC - C:\Users\Michael Jeckyll\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
PRC - C:\Program Files (x86)\OpenOffice 4\program\soffice.bin (Apache Software Foundation)
PRC - C:\Program Files (x86)\OpenOffice 4\program\scalc.exe (Apache Software Foundation)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMHID4.exe ()
PRC - C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMTray4.exe ()
PRC - C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
PRC - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
PRC - C:\Windows\SysWOW64\WinMsgBalloonServer.exe ()
PRC - C:\Windows\SysWOW64\WinMsgBalloonClient.exe ()
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll ()
MOD - C:\Users\Michael Jeckyll\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files\Alwil Software\Avast5\libcef.dll ()
MOD - C:\Users\Michael Jeckyll\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll ()
MOD - C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMHID4.exe ()
MOD - C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMTray4.exe ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (ClickToRunSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV:64bit: - (TabletServicePen) -- C:\Windows\SysNative\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (chromoting) -- C:\Program Files (x86)\Google\Chrome Remote Desktop\35.0.1916.52\remoting_host.exe (Google Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (FoxitCloudUpdateService) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Foxit Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (tvnserver) -- C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
SRV - (NanoServiceMain) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (wxpSvc) -- C:\Program Files (x86)\wLite\wService.exe (Moonware Studios)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (ADVService) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Amazon.com)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AMD_RAIDXpert) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
SRV - (Adobe Version Cue CS3) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - ({552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64) -- C:\Windows\SysNative\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys (StdLib)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswstm.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (AODDriver4.1) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (AODDriver4.0) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (PSINAflt) -- C:\Windows\SysNative\drivers\PSINAflt.sys (Panda Security, S.L.)
DRV:64bit: - (PSINProt) -- C:\Windows\SysNative\drivers\PSINProt.sys (Panda Security, S.L.)
DRV:64bit: - (PSINKNC) -- C:\Windows\SysNative\drivers\PSINKNC.sys (Panda Security, S.L.)
DRV:64bit: - (SSMO4Filter) -- C:\Windows\SysNative\drivers\MO4Driver.sys (Sagatek Co. Ltd.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (PSINProc) -- C:\Windows\SysNative\drivers\PSINProc.sys (Panda Security, S.L.)
DRV:64bit: - (PSINFile) -- C:\Windows\SysNative\drivers\PSINFile.sys (Panda Security, S.L.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (MusCAudio) -- C:\Windows\SysNative\drivers\MusCAudio.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {42D17F4A-4F61-45D0-AA64-C00C90C2CBC3}
IE:64bit: - HKLM\..\SearchScopes\{355FE6B9-CE1F-4B91-8BE7-0F688362AEE7}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{42D17F4A-4F61-45D0-AA64-C00C90C2CBC3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {42D17F4A-4F61-45D0-AA64-C00C90C2CBC3}
IE - HKLM\..\SearchScopes\{42D17F4A-4F61-45D0-AA64-C00C90C2CBC3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{42D17F4A-4F61-45D0-AA64-C00C90C2CBC3}: "URL" = http://www.bing.com/...E11SR&pc=HPDTDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:3.1.1
FF - prefs.js..extensions.enabledAddons: %7B552199fb-9890-4055-9aaf-b2f6d51d46e9%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\James\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files (x86)\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Michael Jeckyll\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\sony.com/MediaGoDetector: C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2014/04/06 01:19:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/24 03:32:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/31 00:13:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/16 23:52:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/03/20 07:38:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/31 00:13:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/16 23:52:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/03/20 07:38:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011/01/24 16:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael Jeckyll\AppData\Roaming\mozilla\Extensions
[2014/04/26 15:57:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael Jeckyll\AppData\Roaming\mozilla\Firefox\Profiles\8eedzxye.default\extensions
[2013/10/08 11:01:28 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Michael Jeckyll\AppData\Roaming\mozilla\Firefox\Profiles\8eedzxye.default\extensions\[email protected]
[2014/04/26 15:57:20 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Michael Jeckyll\AppData\Roaming\mozilla\Firefox\Profiles\8eedzxye.default\extensions\[email protected]
[2014/04/26 12:47:17 | 000,007,448 | ---- | M] () (No name found) -- C:\Users\Michael Jeckyll\AppData\Roaming\mozilla\firefox\profiles\8eedzxye.default\extensions\{552199fb-9890-4055-9aaf-b2f6d51d46e9}.xpi
[2014/04/26 16:37:13 | 000,001,030 | ---- | M] () -- C:\Users\Michael Jeckyll\AppData\Roaming\mozilla\firefox\profiles\8eedzxye.default\searchplugins\conduit-search.xml
[2013/12/31 00:13:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/31 00:13:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/31 00:13:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/31 00:14:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2013/09/24 03:30:41 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: MyStickies - Sticky notes for the web = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaakpbbojhipcodjiknnbjkafgjolnjn\1.0.0_0\
CHR - Extension: Google Docs = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Classic Games = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpckajjkmjncafjlkielcgheibdlnfgc\1.0_0\
CHR - Extension: Send to Kindle for Google Chromeâ„¢ = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea\1.0.1.56_0\
CHR - Extension: Google Search = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Readium = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.13.4_0\
CHR - Extension: Chain Reaction = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa\1.2_0\
CHR - Extension: avast! Online Security = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.17_0\
CHR - Extension: Cargo Bridge: Armor Games Edition = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj\2.1.1_0\
CHR - Extension: Cloud Reader = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_0\
CHR - Extension: RealDownloader = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: 90`s Games = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\illbbfoihflomkbpcaaakhijinbnejom\1.2_0\
CHR - Extension: Dropbox = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.8_0\
CHR - Extension: SoundCloud = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp\1_0\
CHR - Extension: EMS Epub Reader = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjjndjfljldkanddccaibhokcljgebkh\1.1_0\
CHR - Extension: ShiftEdit = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcgmndephhjcabhhjfcmncnhbmgbkpij\1.39_0\
CHR - Extension: Skype Click to Call = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: MouseHunt Horn Timer = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkoojecgfgialnfnllpgmdgdoaofpen\1.10.4_0\
CHR - Extension: Poppit = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Pocket = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk\0.701_0\
CHR - Extension: Ziftr Alerts - formerly FreePriceAlerts.com = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoiabglmnijabkfknliolcbjfcmbmdl\3.5_0\
CHR - Extension: Google Wallet = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.3_0\
CHR - Extension: Gmail = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2014/04/26 18:24:28 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (PlurPush) - {82249076-d5c8-431d-982b-023779779587} - C:\Program Files (x86)\PlurPush\PlurPushBHO.dll File not found
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O4:64bit: - HKLM..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ()
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SteelSeries World of Warcraft® MMO Gaming Mouse Legendary Edition] C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMHID4.exe ()
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_77438333B7244717AE9C9494A9658A5D] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk = C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe ()
O4 - Startup: C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michael Jeckyll\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk = C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\WeatherAlerts.exe (Local Weather LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: LastPass - file://C:\Users\Michael Jeckyll\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\Michael Jeckyll\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: LastPass - file://C:\Users\Michael Jeckyll\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Michael Jeckyll\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pears...ces/ax/stub.cab (Enlite 2.x Simulation Engine Installer)
O16 - DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_51)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_51)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54F9BA21-92AF-467D-BCD0-E71F53A0AA3E}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/03/02 20:47:55 | 000,000,248 | ---- | M] () - C:\Autoconfig.ini -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/26 17:09:58 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
[2014/04/26 16:43:52 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/26 16:41:34 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Michael Jeckyll\Desktop\JRT.exe
[2014/04/26 16:38:46 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/04/26 16:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/04/26 15:54:25 | 000,000,000 | -HSD | C] -- C:\Users\Michael Jeckyll\AppData\Local\EmieUserList
[2014/04/26 15:54:25 | 000,000,000 | -HSD | C] -- C:\Users\Michael Jeckyll\AppData\Local\EmieSiteList
[2014/04/26 14:55:17 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/04/26 14:52:38 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/26 12:17:24 | 000,061,112 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys
[2014/04/26 11:50:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michael Jeckyll\Desktop\OTL.exe
[2014/04/26 11:27:06 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Local\ApplicationHistory
[2014/04/26 11:19:46 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Local\VS Revo Group
[2014/04/26 10:42:28 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Local\Local_Weather_LLC
[2014/04/26 10:42:27 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
[2014/04/26 10:41:57 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts
[2014/04/15 20:23:27 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Local\Foxit Reader
[2014/04/14 15:21:53 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\.netbeans-derby
[2014/04/12 01:37:54 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Roaming\Local
[2014/04/06 21:06:06 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Local\MediaMonkey
[2014/04/06 21:05:48 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Roaming\MediaMonkey
[2014/04/06 21:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
[2014/04/06 21:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMonkey
[2014/04/06 21:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMonkey
[2014/04/06 01:19:16 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/05 08:16:01 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\.android
[2014/04/02 09:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2014/04/02 09:02:02 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Local\Sony
[2014/04/02 09:01:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared
[2014/04/02 09:01:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2014/04/02 09:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2014/04/02 09:00:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/04/02 08:59:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Media Go Install
[2014/04/02 08:59:32 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Roaming\Sony
[2014/04/02 07:14:17 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\.config
[2014/04/02 07:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clementine
[2014/04/02 07:12:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Clementine
[2012/09/06 11:07:16 | 013,024,768 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/27 08:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/27 08:35:50 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/27 08:35:50 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/27 08:26:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/27 08:24:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/27 08:23:42 | 2141,106,175 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/27 01:49:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2285044726-644081842-593342182-1003UA.job
[2014/04/27 01:49:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2285044726-644081842-593342182-1003Core.job
[2014/04/27 01:18:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2285044726-644081842-593342182-1012UA.job
[2014/04/26 23:06:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2285044726-644081842-593342182-1001UA.job
[2014/04/26 22:56:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/26 18:24:28 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/04/26 17:17:22 | 000,002,381 | ---- | M] () -- C:\Users\Michael Jeckyll\Application Data\Microsoft\Internet Explorer\Quick Launch\WebHosting - Chrome.lnk
[2014/04/26 17:17:19 | 000,002,381 | ---- | M] () -- C:\Users\Michael Jeckyll\Application Data\Microsoft\Internet Explorer\Quick Launch\School - Chrome.lnk
[2014/04/26 17:17:16 | 000,002,381 | ---- | M] () -- C:\Users\Michael Jeckyll\Application Data\Microsoft\Internet Explorer\Quick Launch\General - Chrome.lnk
[2014/04/26 17:14:14 | 000,002,381 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\WebHosting - Chrome.lnk
[2014/04/26 17:09:57 | 000,002,381 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\School - Chrome.lnk
[2014/04/26 17:07:31 | 000,002,381 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\General - Chrome.lnk
[2014/04/26 16:42:05 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Michael Jeckyll\Desktop\JRT.exe
[2014/04/26 16:38:46 | 000,002,261 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\Chrome App Launcher.lnk
[2014/04/26 16:38:39 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/26 16:27:50 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/26 16:20:18 | 000,001,188 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\Live PC Help.lnk
[2014/04/26 16:13:31 | 001,329,501 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\adwcleaner.exe
[2014/04/26 13:06:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2285044726-644081842-593342182-1001Core.job
[2014/04/26 11:50:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael Jeckyll\Desktop\OTL.exe
[2014/04/26 10:42:27 | 000,001,180 | ---- | M] () -- C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
[2014/04/26 10:41:58 | 000,001,212 | ---- | M] () -- C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
[2014/04/26 10:18:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2285044726-644081842-593342182-1012Core.job
[2014/04/24 23:03:12 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJames.job
[2014/04/24 12:29:30 | 000,061,112 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys
[2014/04/24 07:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMichael Jeckyll.job
[2014/04/20 08:15:20 | 000,033,534 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\star_trek_photon_torpedo_coffin_ooojy.jpg
[2014/04/19 20:45:40 | 000,795,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/19 20:45:40 | 000,671,152 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/19 20:45:40 | 000,126,278 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/19 02:47:47 | 002,438,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/18 20:17:59 | 000,610,304 | ---- | M] () -- C:\Users\Michael Jeckyll\Documents\Database1.accdb
[2014/04/14 15:15:51 | 000,000,600 | ---- | M] () -- C:\Users\Michael Jeckyll\AppData\Roaming\winscp.rnd
[2014/04/11 12:30:00 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\CMS Application Updater.job
[2014/04/08 09:53:39 | 000,000,877 | ---- | M] () -- C:\Users\Michael Jeckyll\Application Data\Microsoft\Internet Explorer\Quick Launch\Temp BoDs - Shortcut.lnk
[2014/04/06 21:05:48 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2014/04/06 01:19:58 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/04/06 01:19:18 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/04/06 01:19:18 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/04/06 01:19:18 | 000,208,928 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/04/06 01:19:18 | 000,084,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/04/06 01:19:18 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/04/06 01:19:17 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/04/06 01:19:17 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/04/06 01:19:17 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/04/06 01:19:16 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/03 03:03:00 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/04/02 09:02:42 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Media Go.lnk
[2014/04/01 13:28:20 | 000,002,283 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\Kindle.lnk
 
========== Files Created - No Company Name ==========
 
[2014/04/26 17:17:22 | 000,002,381 | ---- | C] () -- C:\Users\Michael Jeckyll\Application Data\Microsoft\Internet Explorer\Quick Launch\WebHosting - Chrome.lnk
[2014/04/26 17:17:19 | 000,002,381 | ---- | C] () -- C:\Users\Michael Jeckyll\Application Data\Microsoft\Internet Explorer\Quick Launch\School - Chrome.lnk
[2014/04/26 17:17:16 | 000,002,381 | ---- | C] () -- C:\Users\Michael Jeckyll\Application Data\Microsoft\Internet Explorer\Quick Launch\General - Chrome.lnk
[2014/04/26 17:13:36 | 000,002,381 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\WebHosting - Chrome.lnk
[2014/04/26 17:09:57 | 000,002,381 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\School - Chrome.lnk
[2014/04/26 17:07:31 | 000,002,381 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\General - Chrome.lnk
[2014/04/26 16:38:46 | 000,002,261 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\Chrome App Launcher.lnk
[2014/04/26 16:38:39 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/26 16:27:49 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/26 16:20:18 | 000,001,188 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\Live PC Help.lnk
[2014/04/26 16:13:07 | 001,329,501 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\adwcleaner.exe
[2014/04/26 10:42:27 | 000,001,180 | ---- | C] () -- C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk
[2014/04/26 10:41:58 | 000,001,212 | ---- | C] () -- C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk
[2014/04/20 08:15:19 | 000,033,534 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\star_trek_photon_torpedo_coffin_ooojy.jpg
[2014/04/18 19:57:41 | 000,610,304 | ---- | C] () -- C:\Users\Michael Jeckyll\Documents\Database1.accdb
[2014/04/08 09:53:39 | 000,000,877 | ---- | C] () -- C:\Users\Michael Jeckyll\Application Data\Microsoft\Internet Explorer\Quick Launch\Temp BoDs - Shortcut.lnk
[2014/04/06 21:05:48 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2014/04/06 01:19:58 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/04/02 09:02:42 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Media Go.lnk
[2014/04/01 13:28:20 | 000,002,283 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\Kindle.lnk
[2014/01/31 09:25:12 | 000,000,883 | ---- | C] () -- C:\Users\Michael Jeckyll\.recently-used.xbel
[2014/01/13 22:58:27 | 000,000,600 | ---- | C] () -- C:\Users\Michael Jeckyll\AppData\Roaming\winscp.rnd
[2014/01/12 08:49:44 | 000,152,920 | R--- | C] () -- C:\Windows\Wiainst64.exe
[2014/01/12 08:47:15 | 001,571,160 | ---- | C] () -- C:\Windows\TotalUninstaller.exe
[2013/10/08 11:53:15 | 000,000,208 | ---- | C] () -- C:\Users\Michael Jeckyll\.packettracer
[2013/04/10 03:37:16 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\Ssdevm.dll
[2011/10/22 11:53:55 | 000,000,212 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/12/24 08:17:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/12/03 01:12:46 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\AVAST Software
[2014/03/20 09:42:34 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Battle.net
[2013/10/11 21:25:17 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\com.ninjakiwi.BloonsTD5Deluxe
[2014/04/27 08:30:48 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Dropbox
[2013/12/08 14:02:25 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\e-academy Inc
[2014/04/22 18:23:42 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\FileZilla
[2013/10/02 12:00:29 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Foxit Scanner Images
[2014/03/06 02:23:46 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Foxit Software
[2013/10/11 18:10:41 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\FreePriceAlerts
[2011/01/29 21:29:58 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Genie-Soft
[2013/10/02 09:27:51 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\ICAClient
[2013/10/08 11:49:31 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\JAM Software
[2014/04/12 01:37:54 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Local
[2014/04/07 08:36:27 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\MediaMonkey
[2013/10/23 07:24:23 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\NetBeans
[2013/10/17 09:20:36 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Notepad++
[2013/10/02 11:13:37 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\OpenOffice
[2011/01/29 15:52:43 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\OpenOffice.org
[2013/10/08 10:53:06 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Opera Software
[2014/01/12 08:50:53 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Samsung
[2014/04/02 09:33:15 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Sony
[2013/10/02 09:27:51 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\SteelSeries
[2013/12/22 06:43:24 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Thunderbird
[2013/11/26 15:41:48 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Unity
[2011/01/24 16:41:41 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\WTouch
 
========== Purity Check ==========
 
 
 
< End of report >
 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: Unable to stop service Util PlurPush!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util PlurPush deleted successfully.
C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe moved successfully.
Error: Unable to stop service Update PlurPush!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update PlurPush deleted successfully.
C:\Program Files (x86)\PlurPush\updatePlurPush.exe moved successfully.
Error: No service named CltMngSvc was found to stop!
Service\Driver key CltMngSvc not found.
File  C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe  not found.
Error: No service named BackupStack was found to stop!
Service\Driver key BackupStack not found.
File  C:\Program Files (x86)\MyPC Backup\BackupStack.exe  not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{355FE6B9-CE1F-4B91-8BE7-0F688362AEE7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{355FE6B9-CE1F-4B91-8BE7-0F688362AEE7}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "http://search.condui....65AD7954&SSPV=" removed from browser.startup.homepage
Prefs.js: "Conduit Search" removed from browser.search.selectedEngine
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7C0A55C-300E-4193-8FB5-5DB8E6533D35}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7C0A55C-300E-4193-8FB5-5DB8E6533D35}\ deleted successfully.
C:\Program Files (x86)\FreePriceAlerts\win64\vbobho.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82249076-d5c8-431d-982b-023779779587}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82249076-d5c8-431d-982b-023779779587}\ deleted successfully.
C:\Program Files (x86)\PlurPush\PlurPushBHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7C0A55C-300E-4193-8FB5-5DB8E6533D35}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7C0A55C-300E-4193-8FB5-5DB8E6533D35}\ not found.
C:\Program Files (x86)\FreePriceAlerts\vbobho.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll deleted successfully.
File C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll deleted successfully.
File C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll not found.
Folder C:\Program Files (x86)\Advanced System Protector\ not found.
Folder C:\Users\Michael Jeckyll\AppData\Roaming\VOPackage\ not found.
Folder C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup\ not found.
Folder C:\Program Files (x86)\MyPC Backup\ not found.
File 14/04/26 10:40:51 | 000,000,000 | ---D | not found.
C:\Windows\SysNative\roboot64.exe moved successfully.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\ not found.
C:\Program Files (x86)\PlurPush\bin\TEMP folder moved successfully.
C:\Program Files (x86)\PlurPush\bin\plugins folder moved successfully.
Folder move failed. C:\Program Files (x86)\PlurPush\bin scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\PlurPush scheduled to be moved on reboot.
C:\Users\Michael Jeckyll\AppData\Local\SearchProtect\UI\rep folder moved successfully.
C:\Users\Michael Jeckyll\AppData\Local\SearchProtect\UI folder moved successfully.
C:\Users\Michael Jeckyll\AppData\Local\SearchProtect\SearchProtect\STG folder moved successfully.
C:\Users\Michael Jeckyll\AppData\Local\SearchProtect\SearchProtect\rep folder moved successfully.
C:\Users\Michael Jeckyll\AppData\Local\SearchProtect\SearchProtect folder moved successfully.
C:\Users\Michael Jeckyll\AppData\Local\SearchProtect folder moved successfully.
Folder C:\Program Files (x86)\SearchProtect\ not found.
C:\Windows\0C6DB6B92D174AA5A20742D28BF9F434.TMP folder deleted successfully.
File C:\Windows\tasks\RegClean Pro_UPDATES.job not found.
File C:\Windows\tasks\RegClean Pro_DEFAULT.job not found.
C:\Users\Michael Jeckyll\Desktop\Gems Swap.lnk moved successfully.
File C:\Users\Michael not found.
File C:\Users\Public\Desktop\Advanced System Protector.lnk not found.
File C:\Users\Michael Jeckyll\Desktop\Configure VO Package.lnk not found.
File C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk not found.
File C:\Users\Michael Jeckyll\Desktop\MyPC Backup.lnk not found.
C:\Users\Michael Jeckyll\Desktop\Continue GemSwap.lnk moved successfully.
File C:\Users\Michael Jeckyll\Desktop\Gems Swap.lnk not found.
C:\Users\Michael Jeckyll\Desktop\My Games.lnk moved successfully.
File C:\Users\Michael Jeckyll\Desktop\Configure VO Package.lnk not found.
File 14/04/26 10:41:32 | 000,001,059 | ---- | C] () -- not found.
File C:\Users\Michael Jeckyll\Desktop\MyPC Backup.lnk not found.
File C:\Users\Michael Jeckyll\Desktop\Continue GemSwap.lnk not found.
File C:\Windows\tasks\RegClean Pro_DEFAULT.job not found.
File C:\Windows\tasks\RegClean Pro_UPDATES.job not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Michael Jeckyll\Desktop\cmd.bat deleted successfully.
C:\Users\Michael Jeckyll\Desktop\cmd.txt deleted successfully.
File\Folder C:\Program Files (x86)\PlurPush\bin\utilPlurPush.exe () not found.
File\Folder C:\Program Files (x86)\PlurPush\updatePlurPush.exe () not found.
File\Folder C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (Conduit) not found.
File\Folder C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (Conduit) not found.
File\Folder C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (Conduit) not found.
File\Folder C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe (Systweak) not found.
File\Folder C:\Program Files (x86)\Advanced System not found.
File\Folder Protector\aspsys.dll () not found.
File\Folder C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll () not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: James
->Temp folder emptied: 6990771340 bytes
->Temporary Internet Files folder emptied: 220170100 bytes
->Java cache emptied: 1597350 bytes
->FireFox cache emptied: 244176108 bytes
->Google Chrome cache emptied: 445301184 bytes
->Apple Safari cache emptied: 16384 bytes
->Flash cache emptied: 29995 bytes
 
User: Michael
->Temp folder emptied: 403265659 bytes
->Temporary Internet Files folder emptied: 1344342478 bytes
->Java cache emptied: 281561 bytes
->FireFox cache emptied: 445849976 bytes
->Google Chrome cache emptied: 419559502 bytes
->Apple Safari cache emptied: 39687168 bytes
->Flash cache emptied: 188190 bytes
 
User: Michael Jeckyll
->Temp folder emptied: 1647982196 bytes
->Temporary Internet Files folder emptied: 11872658 bytes
->Java cache emptied: 646329 bytes
->FireFox cache emptied: 21690379 bytes
->Google Chrome cache emptied: 213131144 bytes
->Apple Safari cache emptied: 60416 bytes
->Flash cache emptied: 1648 bytes
 
User: Mr. Dinh
 
User: Public
 
User: Shawn
->Temp folder emptied: 51274460 bytes
->Temporary Internet Files folder emptied: 2138499 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 20103637 bytes
->Google Chrome cache emptied: 28464774 bytes
->Flash cache emptied: 581 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1314612254 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1878629 bytes
RecycleBin emptied: 1181330912 bytes
 
Total Files Cleaned = 14,353.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 04262014_180351
 
Files\Folders moved on Reboot...
C:\Program Files (x86)\PlurPush\bin folder moved successfully.
C:\Program Files (x86)\PlurPush folder moved successfully.
C:\Users\James\AppData\Local\Temp\7zS5D72\HPSLPSVC64.DLL moved successfully.
C:\Users\Michael Jeckyll\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Michael Jeckyll\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\hsperfdata_MICHAEL-PC$\2064 not found!
C:\Windows\temp\MICHAEL-PC-20140426-1141.log moved successfully.
File\Folder C:\Windows\temp\officeclicktorun.exe_c2ruidll(20140426114100A74).log not found!
File\Folder C:\Windows\temp\officeclicktorun.exe_streamserver(20140426114100A74).log not found!
File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 

  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
You have 3 Anti Virus programs running
1- Avast
2- Panda
3- Microsoft Security Essentials

The real-time protection of two antivirus programs may conflict with each other and cause the following:

* False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.

* Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.

* Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.

* Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.


I suggest you keep Avast and uninstall the other 2.

Next

Please download Malwarebytes' Anti-Malware to your desktop from Here
Double Click mbam-setup.exe to install the application.
• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


1 Post a Malwarebytes log

2 Post a new OTL Log

Thanks
Joe
  • 0

#10
anazopyreo

anazopyreo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/27/2014
Scan Time: 3:33:40 PM
Logfile: scan log.txt
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.27.05
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Michael Jeckyll
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 401727
Time Elapsed: 27 min, 27 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\WeatherAlerts.exe, 4024, Delete-on-Reboot, [61f074bbc2b98da9b64187debd454cb4]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 12
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [c38e1d1213688da965814808ca38639d], 
PUP.Optional.PlurPush.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{82249076-d5c8-431d-982b-023779779587}, Quarantined, [9eb3ed4292e911257be6510159a9619f], 
PUP.Optional.PlurPush.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{089ede16-f82f-4cb5-b64e-433860459d81}, Quarantined, [9eb3ed4292e911257be6510159a9619f], 
PUP.Optional.PlurPush.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6A9F605F-89D1-4AF7-8747-2A17F002E20E}, Quarantined, [9eb3ed4292e911257be6510159a9619f], 
PUP.Optional.PlurPush.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6A9F605F-89D1-4AF7-8747-2A17F002E20E}, Quarantined, [9eb3ed4292e911257be6510159a9619f], 
PUP.Optional.PlurPush.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{089ede16-f82f-4cb5-b64e-433860459d81}, Quarantined, [9eb3ed4292e911257be6510159a9619f], 
PUP.Optional.PlurPush.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{82249076-D5C8-431D-982B-023779779587}, Quarantined, [9eb3ed4292e911257be6510159a9619f], 
PUP.Optional.PlurPush.A, HKU\S-1-5-21-2285044726-644081842-593342182-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{82249076-D5C8-431D-982B-023779779587}, Quarantined, [9eb3ed4292e911257be6510159a9619f], 
PUP.Optional.WeatherAlerts.A, HKU\S-1-5-21-2285044726-644081842-593342182-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DesktopWeatherAlerts, Quarantined, [cb86b47b4833c17501a10f4b956f13ed], 
PUP.Optional.PlurPush.A, HKLM\SOFTWARE\WOW6432NODE\PlurPush, Quarantined, [133e64cb5427e15599bef2b21ce758a8], 
PUP.Optional.PlurPush.A, HKU\S-1-5-21-2285044726-644081842-593342182-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PlurPush, Quarantined, [e76af43be19ad363b5a17a2a32d16d93], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2285044726-644081842-593342182-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT, Quarantined, [4d040f203b403ef8a70a7b0a6c969d63], 
 
Registry Values: 1
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2285044726-644081842-593342182-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT|Install, 1, Quarantined, [4d040f203b403ef8a70a7b0a6c969d63]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 8
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\Local_Weather_LLC, Quarantined, [b1a074bbc3b860d6ca2c4f16a35f5fa1], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_g5bufx1rthcreub22gxwbqzworr25tzs, Quarantined, [b1a074bbc3b860d6ca2c4f16a35f5fa1], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_g5bufx1rthcreub22gxwbqzworr25tzs\1.4.0.0, Quarantined, [b1a074bbc3b860d6ca2c4f16a35f5fa1], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts, Delete-on-Reboot, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426104227, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426111853, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0427011430, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
 
Files: 126
PUP.Optional.OptimumInstaller.A, C:\$Recycle.Bin\S-1-5-21-2285044726-644081842-593342182-1011\$RCK7I65.exe, Quarantined, [54fd2d02c1bab77f40a0c782da27a45c], 
PUP.Optional.OptimumInstaller.A, C:\$Recycle.Bin\S-1-5-21-2285044726-644081842-593342182-1011\$RKP2U8P.exe, Quarantined, [361bfd32473485b1d20e6cdd0df43dc3], 
PUP.Optional.OptimumInstaller.A, C:\$Recycle.Bin\S-1-5-21-2285044726-644081842-593342182-1011\$RQIQQ4E.exe, Quarantined, [c28fc9662b5045f130b059f028d97f81], 
Trojan.Agent, C:\$Recycle.Bin\S-1-5-21-2285044726-644081842-593342182-1011\$RZWLH14.exe, Quarantined, [341dff30b0cb6acc7361011720e2a957], 
PUP.Optional.WeatherAlerts.A, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\DesktopWeatherAlertsuninstall.exe, Quarantined, [cb86b47b4833c17501a10f4b956f13ed], 
PUP.Optional.Conduit.A, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\scrkbqtd.default\searchplugins\conduit.xml, Quarantined, [e66b72bdc7b48caa18276417a55d0ef2], 
PUP.Optional.Conduit.A, C:\Users\Michael Jeckyll\AppData\Roaming\Mozilla\Firefox\Profiles\8eedzxye.default\searchplugins\conduit-search.xml, Quarantined, [123ff837c0bb41f5a8988fecd131926e], 
PUP.Optional.PlurPush.A, C:\Users\Michael Jeckyll\AppData\Roaming\Mozilla\Firefox\Profiles\8eedzxye.default\extensions\{552199fb-9890-4055-9aaf-b2f6d51d46e9}.xpi, Quarantined, [420f7bb41368e84e5a7473080200847c], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopWeatherAlerts.lnk, Quarantined, [1c354be43e3d79bdb7728ff6748e7f81], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk, Quarantined, [ce839798d5a6bd797fab7510f50dfc04], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_g5bufx1rthcreub22gxwbqzworr25tzs\1.4.0.0\user.config, Quarantined, [b1a074bbc3b860d6ca2c4f16a35f5fa1], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe.config, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp0.dat, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\DesktopWeatherAlertsBrowser.exe, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\DesktopWeatherAlertsBrowser.exe.config, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\DesktopWeatherAlertsK.dat, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\DesktopWeatherAlertsU.dat, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\ICSharpCode.SharpZipLib.dll, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\mod.DesktopWeatherAlertsApp0.dat, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\uninstall.exe, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\WAUpdater.exe, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\WAUpdater.exe.config, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\WeatherAlerts.exe, Delete-on-Reboot, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\WeatherAlerts.exe.config, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426104227\3739.0.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426104227\3739.1.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426104227\3739.10.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426104227\3739.11.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426104227\3739.12.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426104227\3739.13.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426104227\3739.14.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426104227\3739.15.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426104227\3739.16.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426104227\3739.17.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426104227\3739.18.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426104227\3739.2.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426104227\3739.3.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426104227\3739.4.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426104227\3739.5.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426104227\3739.6.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426104227\3739.7.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426104227\3739.8.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426104227\3739.9.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.0.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.1.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.10.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.11.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.12.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.13.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.14.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.15.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.16.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.17.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.18.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.19.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.2.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.20.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.21.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.22.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.23.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.24.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.25.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.27.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.28.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.29.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.3.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.30.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.31.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.32.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.33.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.34.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.35.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.36.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.37.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.38.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.39.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.4.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.40.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.41.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.42.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.43.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.26.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.44.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.45.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.46.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.47.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.48.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.49.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.5.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.50.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.51.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.52.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.53.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.54.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.55.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.56.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.57.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.58.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.59.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.6.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.7.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.8.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426105453\3738.9.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426111853\3738.59.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426111853\3738.60.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426111853\3738.61.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426111853\3738.62.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426111853\3738.63.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426111853\3738.64.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426111853\3738.65.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426111853\3738.66.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426111853\3738.67.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426111853\3738.68.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426111853\3738.69.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426111853\3738.70.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426111853\3738.71.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426111853\3738.72.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426111853\3738.73.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0426111853\3738.74.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0427011430\3739.3739.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0427011430\3740.3740.tmp, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.WeatherAlerts, C:\Users\Michael Jeckyll\AppData\Local\WeatherAlerts\0427011430\mergetree, Quarantined, [61f074bbc2b98da9b64187debd454cb4], 
PUP.Optional.Conduit.A, C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://search.condui...B65AD7954&SSPV=",), Replaced,[4b068aa5afcc053108cd66f7f21219e7]
PUP.Optional.Conduit.A, C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://search.condui...B65AD7954&SSPV=", "https://fish-wrangler.com/", "http://toodledo.com/", "http://statcounter.com/", "https://www.google.com/calendar/render" ],), Replaced,[afa2d857c4b7bc7a4cbbd7878a7a53ad]
PUP.Optional.Conduit.A, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\scrkbqtd.default\prefs.js, Good: (), Bad: (user_pref("browser.search.defaulturl", "http://search.condui...archSource=3&q={searchTerms}");), Replaced,[a8a9e34c3744aa8c18a09bc242c2ab55]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 

OTL logfile created on: 4/27/2014 3:50:00 PM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael Jeckyll\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.99 Gb Total Physical Memory | 5.20 Gb Available Physical Memory | 65.08% Memory free
15.98 Gb Paging File | 12.89 Gb Available in Paging File | 80.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.20 Gb Total Space | 265.27 Gb Free Space | 38.66% Space Free | Partition Type: NTFS
Drive D: | 12.33 Gb Total Space | 2.22 Gb Free Space | 17.97% Space Free | Partition Type: NTFS
 
Computer Name: MICHAEL-PC | User Name: Michael Jeckyll | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Michael Jeckyll\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\Chrome Remote Desktop\35.0.1916.52\remoting_host.exe (Google Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Foxit Corporation)
PRC - C:\Users\Michael Jeckyll\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMHID4.exe ()
PRC - C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMTray4.exe ()
PRC - C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
PRC - C:\Windows\SysWOW64\WinMsgBalloonServer.exe ()
PRC - C:\Windows\SysWOW64\WinMsgBalloonClient.exe ()
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll ()
MOD - C:\Users\Michael Jeckyll\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files\Alwil Software\Avast5\libcef.dll ()
MOD - C:\Users\Michael Jeckyll\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMHID4.exe ()
MOD - C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMTray4.exe ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (ClickToRunSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV:64bit: - (TabletServicePen) -- C:\Windows\SysNative\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (chromoting) -- C:\Program Files (x86)\Google\Chrome Remote Desktop\35.0.1916.52\remoting_host.exe (Google Inc.)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (FoxitCloudUpdateService) -- C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Foxit Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (tvnserver) -- C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (wxpSvc) -- C:\Program Files (x86)\wLite\wService.exe (Moonware Studios)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (ADVService) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Amazon.com)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AMD_RAIDXpert) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
SRV - (Adobe Version Cue CS3) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - ({552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64) -- C:\Windows\SysNative\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys (StdLib)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswstm.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (AODDriver4.1) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (AODDriver4.0) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (PSINAflt) -- C:\Windows\SysNative\drivers\PSINAflt.sys (Panda Security, S.L.)
DRV:64bit: - (PSINProt) -- C:\Windows\SysNative\drivers\PSINProt.sys (Panda Security, S.L.)
DRV:64bit: - (PSINKNC) -- C:\Windows\SysNative\drivers\PSINKNC.sys (Panda Security, S.L.)
DRV:64bit: - (SSMO4Filter) -- C:\Windows\SysNative\drivers\MO4Driver.sys (Sagatek Co. Ltd.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (PSINProc) -- C:\Windows\SysNative\drivers\PSINProc.sys (Panda Security, S.L.)
DRV:64bit: - (PSINFile) -- C:\Windows\SysNative\drivers\PSINFile.sys (Panda Security, S.L.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (MusCAudio) -- C:\Windows\SysNative\drivers\MusCAudio.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {42D17F4A-4F61-45D0-AA64-C00C90C2CBC3}
IE:64bit: - HKLM\..\SearchScopes\{355FE6B9-CE1F-4B91-8BE7-0F688362AEE7}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{42D17F4A-4F61-45D0-AA64-C00C90C2CBC3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {42D17F4A-4F61-45D0-AA64-C00C90C2CBC3}
IE - HKLM\..\SearchScopes\{42D17F4A-4F61-45D0-AA64-C00C90C2CBC3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{42D17F4A-4F61-45D0-AA64-C00C90C2CBC3}: "URL" = http://www.bing.com/...E11SR&pc=HPDTDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:3.1.1
FF - prefs.js..extensions.enabledAddons: %7B552199fb-9890-4055-9aaf-b2f6d51d46e9%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\James\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files (x86)\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Michael Jeckyll\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\sony.com/MediaGoDetector: C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2014/04/06 01:19:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/24 03:32:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/31 00:13:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/16 23:52:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/03/20 07:38:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/31 00:13:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/16 23:52:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014/03/20 07:38:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011/01/24 16:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael Jeckyll\AppData\Roaming\mozilla\Extensions
[2014/04/27 15:33:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael Jeckyll\AppData\Roaming\mozilla\Firefox\Profiles\8eedzxye.default\extensions
[2013/10/08 11:01:28 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Michael Jeckyll\AppData\Roaming\mozilla\Firefox\Profiles\8eedzxye.default\extensions\[email protected]
[2014/04/26 15:57:20 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Michael Jeckyll\AppData\Roaming\mozilla\Firefox\Profiles\8eedzxye.default\extensions\[email protected]
[2013/12/31 00:13:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/31 00:13:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/31 00:13:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/31 00:14:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\MICHAEL JECKYLL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8EEDZXYE.DEFAULT\EXTENSIONS\{552199FB-9890-4055-9AAF-B2F6D51D46E9}.XPI
[2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2013/09/24 03:30:41 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: MyStickies - Sticky notes for the web = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaakpbbojhipcodjiknnbjkafgjolnjn\1.0.0_0\
CHR - Extension: Google Docs = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Classic Games = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpckajjkmjncafjlkielcgheibdlnfgc\1.0_0\
CHR - Extension: Send to Kindle for Google Chromeâ„¢ = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea\1.0.1.56_0\
CHR - Extension: Google Search = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Readium = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.13.4_0\
CHR - Extension: Chain Reaction = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa\1.2_0\
CHR - Extension: avast! Online Security = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.17_0\
CHR - Extension: Cargo Bridge: Armor Games Edition = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj\2.1.1_0\
CHR - Extension: Cloud Reader = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_0\
CHR - Extension: RealDownloader = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: 90`s Games = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\illbbfoihflomkbpcaaakhijinbnejom\1.2_0\
CHR - Extension: Dropbox = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.8_0\
CHR - Extension: SoundCloud = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp\1_0\
CHR - Extension: EMS Epub Reader = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjjndjfljldkanddccaibhokcljgebkh\1.1_0\
CHR - Extension: ShiftEdit = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcgmndephhjcabhhjfcmncnhbmgbkpij\1.39_0\
CHR - Extension: Skype Click to Call = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: MouseHunt Horn Timer = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkoojecgfgialnfnllpgmdgdoaofpen\1.10.4_0\
CHR - Extension: Poppit = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Pocket = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk\0.701_0\
CHR - Extension: Ziftr Alerts - formerly FreePriceAlerts.com = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoiabglmnijabkfknliolcbjfcmbmdl\3.5_0\
CHR - Extension: Google Wallet = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.3_0\
CHR - Extension: Gmail = C:\Users\Michael Jeckyll\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2014/04/26 18:24:28 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O4:64bit: - HKLM..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ()
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SteelSeries World of Warcraft® MMO Gaming Mouse Legendary Edition] C:\Program Files (x86)\SteelSeries\World of Warcraft® MMO Gaming Mouse Legendary Edition\WoWMHID4.exe ()
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_77438333B7244717AE9C9494A9658A5D] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Michael Jeckyll\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: LastPass - file://C:\Users\Michael Jeckyll\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\Michael Jeckyll\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: LastPass - file://C:\Users\Michael Jeckyll\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Michael Jeckyll\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pears...ces/ax/stub.cab (Enlite 2.x Simulation Engine Installer)
O16 - DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_51)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_51)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54F9BA21-92AF-467D-BCD0-E71F53A0AA3E}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/03/02 20:47:55 | 000,000,248 | ---- | M] () - C:\Autoconfig.ini -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/27 14:52:12 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/27 14:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/27 14:51:47 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/27 14:51:47 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/27 14:51:47 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/27 14:51:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/26 17:09:58 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
[2014/04/26 16:43:52 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/26 16:41:34 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Michael Jeckyll\Desktop\JRT.exe
[2014/04/26 16:38:46 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/04/26 16:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/04/26 15:54:25 | 000,000,000 | -HSD | C] -- C:\Users\Michael Jeckyll\AppData\Local\EmieUserList
[2014/04/26 15:54:25 | 000,000,000 | -HSD | C] -- C:\Users\Michael Jeckyll\AppData\Local\EmieSiteList
[2014/04/26 14:55:17 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/04/26 14:52:38 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/26 12:17:24 | 000,061,112 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys
[2014/04/26 11:50:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michael Jeckyll\Desktop\OTL.exe
[2014/04/26 11:27:06 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Local\ApplicationHistory
[2014/04/26 11:19:46 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Local\VS Revo Group
[2014/04/26 10:42:27 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
[2014/04/15 20:23:27 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Local\Foxit Reader
[2014/04/14 15:21:53 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\.netbeans-derby
[2014/04/12 01:37:54 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Roaming\Local
[2014/04/06 21:06:06 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Local\MediaMonkey
[2014/04/06 21:05:48 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Roaming\MediaMonkey
[2014/04/06 21:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
[2014/04/06 21:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMonkey
[2014/04/06 21:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMonkey
[2014/04/06 01:19:16 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/05 08:16:01 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\.android
[2014/04/02 09:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2014/04/02 09:02:02 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Local\Sony
[2014/04/02 09:01:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared
[2014/04/02 09:01:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2014/04/02 09:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2014/04/02 09:00:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/04/02 08:59:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Media Go Install
[2014/04/02 08:59:32 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\AppData\Roaming\Sony
[2014/04/02 07:14:17 | 000,000,000 | ---D | C] -- C:\Users\Michael Jeckyll\.config
[2014/04/02 07:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clementine
[2014/04/02 07:12:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Clementine
[2012/09/06 11:07:16 | 013,024,768 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/27 15:56:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/27 15:49:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2285044726-644081842-593342182-1003UA.job
[2014/04/27 15:47:28 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/27 15:47:28 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/27 15:40:50 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/27 15:36:39 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/27 15:36:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/27 15:36:05 | 2141,106,175 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/27 15:18:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2285044726-644081842-593342182-1012UA.job
[2014/04/27 15:06:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2285044726-644081842-593342182-1001UA.job
[2014/04/27 14:57:52 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/27 14:36:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/27 14:30:19 | 000,000,000 | ---- | M] () -- C:\ProgramData\0x0304A000.sfl
[2014/04/27 14:10:33 | 655,852,255 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/04/27 14:05:21 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/04/27 01:49:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2285044726-644081842-593342182-1003Core.job
[2014/04/26 18:24:28 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/04/26 17:17:22 | 000,002,381 | ---- | M] () -- C:\Users\Michael Jeckyll\Application Data\Microsoft\Internet Explorer\Quick Launch\WebHosting - Chrome.lnk
[2014/04/26 17:17:19 | 000,002,381 | ---- | M] () -- C:\Users\Michael Jeckyll\Application Data\Microsoft\Internet Explorer\Quick Launch\School - Chrome.lnk
[2014/04/26 17:17:16 | 000,002,381 | ---- | M] () -- C:\Users\Michael Jeckyll\Application Data\Microsoft\Internet Explorer\Quick Launch\General - Chrome.lnk
[2014/04/26 17:14:14 | 000,002,381 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\WebHosting - Chrome.lnk
[2014/04/26 17:09:57 | 000,002,381 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\School - Chrome.lnk
[2014/04/26 17:07:31 | 000,002,381 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\General - Chrome.lnk
[2014/04/26 16:42:05 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Michael Jeckyll\Desktop\JRT.exe
[2014/04/26 16:38:46 | 000,002,261 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\Chrome App Launcher.lnk
[2014/04/26 16:38:39 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/26 16:27:50 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/26 16:20:18 | 000,001,188 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\Live PC Help.lnk
[2014/04/26 16:13:31 | 001,329,501 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\adwcleaner.exe
[2014/04/26 13:06:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2285044726-644081842-593342182-1001Core.job
[2014/04/26 11:50:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael Jeckyll\Desktop\OTL.exe
[2014/04/26 10:18:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2285044726-644081842-593342182-1012Core.job
[2014/04/24 23:03:12 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJames.job
[2014/04/24 12:29:30 | 000,061,112 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys
[2014/04/24 07:00:04 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMichael Jeckyll.job
[2014/04/20 08:15:20 | 000,033,534 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\star_trek_photon_torpedo_coffin_ooojy.jpg
[2014/04/19 20:45:40 | 000,795,754 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/19 20:45:40 | 000,671,152 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/19 20:45:40 | 000,126,278 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/19 02:47:47 | 002,438,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/04/18 20:17:59 | 000,610,304 | ---- | M] () -- C:\Users\Michael Jeckyll\Documents\Database1.accdb
[2014/04/14 15:15:51 | 000,000,600 | ---- | M] () -- C:\Users\Michael Jeckyll\AppData\Roaming\winscp.rnd
[2014/04/11 12:30:00 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\CMS Application Updater.job
[2014/04/08 09:53:39 | 000,000,877 | ---- | M] () -- C:\Users\Michael Jeckyll\Application Data\Microsoft\Internet Explorer\Quick Launch\Temp BoDs - Shortcut.lnk
[2014/04/06 21:05:48 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2014/04/06 01:19:58 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/04/06 01:19:18 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/04/06 01:19:18 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/04/06 01:19:18 | 000,208,928 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/04/06 01:19:18 | 000,084,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/04/06 01:19:18 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/04/06 01:19:17 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/04/06 01:19:17 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/04/06 01:19:17 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/04/06 01:19:16 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/04/02 09:02:42 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Media Go.lnk
[2014/04/01 13:28:20 | 000,002,283 | ---- | M] () -- C:\Users\Michael Jeckyll\Desktop\Kindle.lnk
 
========== Files Created - No Company Name ==========
 
[2014/04/27 14:51:55 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/27 14:30:19 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2014/04/26 17:17:22 | 000,002,381 | ---- | C] () -- C:\Users\Michael Jeckyll\Application Data\Microsoft\Internet Explorer\Quick Launch\WebHosting - Chrome.lnk
[2014/04/26 17:17:19 | 000,002,381 | ---- | C] () -- C:\Users\Michael Jeckyll\Application Data\Microsoft\Internet Explorer\Quick Launch\School - Chrome.lnk
[2014/04/26 17:17:16 | 000,002,381 | ---- | C] () -- C:\Users\Michael Jeckyll\Application Data\Microsoft\Internet Explorer\Quick Launch\General - Chrome.lnk
[2014/04/26 17:13:36 | 000,002,381 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\WebHosting - Chrome.lnk
[2014/04/26 17:09:57 | 000,002,381 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\School - Chrome.lnk
[2014/04/26 17:07:31 | 000,002,381 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\General - Chrome.lnk
[2014/04/26 16:38:46 | 000,002,261 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\Chrome App Launcher.lnk
[2014/04/26 16:38:39 | 000,002,217 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/26 16:27:49 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/04/26 16:20:18 | 000,001,188 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\Live PC Help.lnk
[2014/04/26 16:13:07 | 001,329,501 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\adwcleaner.exe
[2014/04/20 08:15:19 | 000,033,534 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\star_trek_photon_torpedo_coffin_ooojy.jpg
[2014/04/18 19:57:41 | 000,610,304 | ---- | C] () -- C:\Users\Michael Jeckyll\Documents\Database1.accdb
[2014/04/08 09:53:39 | 000,000,877 | ---- | C] () -- C:\Users\Michael Jeckyll\Application Data\Microsoft\Internet Explorer\Quick Launch\Temp BoDs - Shortcut.lnk
[2014/04/06 21:05:48 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2014/04/06 01:19:58 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/04/02 09:02:42 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Media Go.lnk
[2014/04/01 13:28:20 | 000,002,283 | ---- | C] () -- C:\Users\Michael Jeckyll\Desktop\Kindle.lnk
[2014/01/31 09:25:12 | 000,000,883 | ---- | C] () -- C:\Users\Michael Jeckyll\.recently-used.xbel
[2014/01/13 22:58:27 | 000,000,600 | ---- | C] () -- C:\Users\Michael Jeckyll\AppData\Roaming\winscp.rnd
[2014/01/12 08:49:44 | 000,152,920 | R--- | C] () -- C:\Windows\Wiainst64.exe
[2014/01/12 08:47:15 | 001,571,160 | ---- | C] () -- C:\Windows\TotalUninstaller.exe
[2013/10/08 11:53:15 | 000,000,208 | ---- | C] () -- C:\Users\Michael Jeckyll\.packettracer
[2013/04/10 03:37:16 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\Ssdevm.dll
[2011/10/22 11:53:55 | 000,000,212 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/12/24 08:17:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/12/03 01:12:46 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\AVAST Software
[2014/03/20 09:42:34 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Battle.net
[2013/10/11 21:25:17 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\com.ninjakiwi.BloonsTD5Deluxe
[2014/04/27 15:43:44 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Dropbox
[2013/12/08 14:02:25 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\e-academy Inc
[2014/04/22 18:23:42 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\FileZilla
[2013/10/02 12:00:29 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Foxit Scanner Images
[2014/03/06 02:23:46 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Foxit Software
[2013/10/11 18:10:41 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\FreePriceAlerts
[2011/01/29 21:29:58 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Genie-Soft
[2013/10/02 09:27:51 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\ICAClient
[2013/10/08 11:49:31 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\JAM Software
[2014/04/12 01:37:54 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Local
[2014/04/07 08:36:27 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\MediaMonkey
[2013/10/23 07:24:23 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\NetBeans
[2013/10/17 09:20:36 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Notepad++
[2013/10/02 11:13:37 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\OpenOffice
[2011/01/29 15:52:43 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\OpenOffice.org
[2013/10/08 10:53:06 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Opera Software
[2014/01/12 08:50:53 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Samsung
[2014/04/02 09:33:15 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Sony
[2013/10/02 09:27:51 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\SteelSeries
[2013/12/22 06:43:24 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Thunderbird
[2013/11/26 15:41:48 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\Unity
[2011/01/24 16:41:41 | 000,000,000 | ---D | M] -- C:\Users\Michael Jeckyll\AppData\Roaming\WTouch
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

Advertisements


#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
Hello,

How are things now, the log looks good !

Joe
  • 0

#12
anazopyreo

anazopyreo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

It seems to be clean now. Thanks a ton for your help!


  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
We still have more to do, so don't run away just yet. We need to run an online scan, and clean up the tools that we used. I'll be back with those instructions for you.

Joe
  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,107 posts
When you get time run this, it may take a while and it may list a bunch of malware that's already been Quarantined.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
Post the ESET Log report
  • 0

#15
anazopyreo

anazopyreo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

I tried running ESET but it was taking way too long. My wife finally needed the computer and stopped it around 50%. It had found 3 threats at that point. I will try running it again tonight. Hopefully it will go faster since that initial file is already downloaded. 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP