Jump to content

dollarbang

Honorary Members
  • Posts

    51
  • Joined

  • Last visited

Everything posted by dollarbang

  1. Eset has finished: C:\External HD\Oracle 11g\Downloads\vmwareWorkStation-7 from class desktops\keygen.exe a variant of Win32/Keygen.BN application C:\Program Files\SecureCRT\scrt505-tbe.exe a variant of Win32/HackTool.Patcher.A application C:\Users\harold\Downloads\SoftonicDownloader_for_google-play-apk.exe a variant of Win32/SoftonicDownloader.E application
  2. Step 4: AdwCleaner has completed: # AdwCleaner v2.303 - Logfile created 06/27/2013 at 10:11:06 # Updated 08/06/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : harold - GATEWAY # Boot Mode : Normal # Running from : C:\Users\harold\Desktop\AdwCleaner(1).exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\WNLT Key Deleted : HKCU\Software\YahooPartnerToolbar ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16611 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) File : C:\Users\harold\AppData\Roaming\Mozilla\Firefox\Profiles\5q78soxe.default\prefs.js Deleted : user_pref("sfLog.10:19:20 PM:150.0896-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:19:20 PM:150.0899-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:19:22 PM:162.0911-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:19:22 PM:163.0914-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:19:22 PM:174.0926-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:19:22 PM:175.0929-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:19:22 PM:725.0941-wsEngine:::myExtension 888888888888888888888888888888888888888[...] Deleted : user_pref("sfLog.10:19:23 PM:295.0964-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:19:23 PM:296.0967-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:19:25 PM:607.0979-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:19:25 PM:607.0982-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:22:12 PM:638.1039-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:22:12 PM:639.1042-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:22:28 PM:716.1054-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:22:28 PM:717.1057-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:22:29 PM:506.1069-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:22:29 PM:506.1072-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:32 PM:381.4490-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:32 PM:381.4493-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:32 PM:638.4504-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:32 PM:638.4507-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:32 PM:641.4518-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:32 PM:641.4521-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:33 PM:238.4602-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:33 PM:238.4605-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:33 PM:478.4616-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:33 PM:478.4619-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:33 PM:495.4630-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:33 PM:495.4633-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:33 PM:537.4644-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:33 PM:538.4647-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:33 PM:59.4532-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:33 PM:59.4535-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:33 PM:70.4546-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:33 PM:70.4549-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:33 PM:73.4560-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:33 PM:73.4563-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:33 PM:76.4574-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:33 PM:77.4577-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:33 PM:781.4658-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:33 PM:781.4661-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:33 PM:789.4672-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:33 PM:789.4675-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:33 PM:93.4588-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:33 PM:93.4591-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:34 PM:292.4686-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:34 PM:292.4689-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:34 PM:671.4700-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:34 PM:671.4703-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:34 PM:754.4714-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:34 PM:754.4717-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:34 PM:767.4728-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:34 PM:767.4731-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:35 PM:554.4742-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:35 PM:555.4745-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:35 PM:686.4756-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:35 PM:686.4759-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:35 PM:697.4770-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:35 PM:697.4773-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:36 PM:103.4798-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:36 PM:103.4801-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:36 PM:105.4812-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:36 PM:105.4815-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:36 PM:75.4784-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:36 PM:75.4787-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:40 PM:393.4826-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:40 PM:394.4829-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:40 PM:404.4840-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:40 PM:405.4843-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:40 PM:408.4854-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:40 PM:408.4857-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:40 PM:411.4868-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:40 PM:411.4871-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:40 PM:415.4882-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:40 PM:415.4885-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:40 PM:418.4896-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:40 PM:419.4899-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:40 PM:536.4910-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:40 PM:536.4913-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:40 PM:592.4924-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:40 PM:593.4927-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:40 PM:620.4938-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:40 PM:621.4941-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:41 PM:2.4952-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:41 PM:3.4955-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:42 PM:180.4966-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:42 PM:180.4969-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:42 PM:628.4980-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:42 PM:629.4983-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:42 PM:889.4994-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:42 PM:889.4997-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:49 PM:187.5008-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:49 PM:188.5011-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:49 PM:191.5022-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:49 PM:191.5025-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:49 PM:725.5036-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:35:49 PM:726.5039-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:36:04 PM:181.5050-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:36:04 PM:182.5053-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:36:04 PM:215.5064-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:36:04 PM:216.5067-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:36:04 PM:755.5078-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:36:04 PM:756.5081-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:36:05 PM:74.5092-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:36:05 PM:75.5095-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:36:05 PM:78.5106-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:36:05 PM:79.5109-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:36:22 PM:999.5120-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:36:23 PM:0.5123-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:36:23 PM:31.5134-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:36:23 PM:32.5137-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:36:23 PM:418.5162-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:36:23 PM:418.5165-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:36:23 PM:75.5148-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:36:23 PM:76.5151-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:36:24 PM:69.5176-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:36:24 PM:70.5179-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:36:24 PM:73.5190-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:36:24 PM:73.5193-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:49:55 PM:510.2172-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:49:55 PM:510.2175-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:50:04 PM:91.2187-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:50:04 PM:92.2190-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:50:21 PM:127.2202-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:50:21 PM:128.2205-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:50:23 PM:261.2217-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:50:23 PM:262.2220-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:55:24 AM:113.1087-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.10:55:24 AM:114.1090-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.11:44:36 AM:458.8651-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.11:44:36 AM:458.8654-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.11:44:37 AM:269.8666-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.11:44:37 AM:269.8669-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:03:41 PM:77.25310-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:03:41 PM:77.25313-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:03:42 PM:162.25325-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:03:42 PM:163.25328-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:03:43 PM:697.25340-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:03:43 PM:698.25343-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:03:45 PM:860.25355-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:03:45 PM:861.25358-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:03:45 PM:976.25370-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:03:45 PM:977.25373-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:03:45 PM:994.25385-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:03:45 PM:995.25388-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:03:48 PM:175.25400-wsEngine:::myExtension 88888888888888888888888888888888888888[...] Deleted : user_pref("sfLog.12:03:49 PM:889.25423-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:03:49 PM:890.25426-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:05:02 PM:3.25438-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:05:02 PM:4.25441-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:05:03 PM:113.25453-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:05:03 PM:113.25456-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:08:50 PM:985.25468-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:08:50 PM:987.25471-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:09:04 PM:897.25483-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:09:04 PM:898.25486-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:09:05 PM:733.25498-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:09:05 PM:734.25501-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:21:34 PM:151.25655-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:21:34 PM:152.25658-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:21:35 PM:197.25670-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.12:21:35 PM:197.25673-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.1:13:14 PM:451.2061-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.1:13:14 PM:451.2064-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.3:55:42 PM:4.0835-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.3:55:42 PM:4.0838-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.3:55:43 PM:159.0850-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.3:55:43 PM:160.0853-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.3:55:43 PM:166.0865-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.3:55:43 PM:167.0868-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.3:55:43 PM:691.0880-wsEngine:::myExtension 8888888888888888888888888888888888888888[...] Deleted : user_pref("sfLog.3:55:44 PM:555.0903-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.3:55:44 PM:555.0906-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.3:55:45 PM:874.0918-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.3:55:45 PM:874.0921-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.3:55:48 PM:569.0933-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.3:55:48 PM:569.0936-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.7:28:19 PM:80.5204-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.7:28:19 PM:81.5207-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.7:28:21 PM:951.5218-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.7:28:21 PM:952.5221-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.7:28:23 PM:332.5232-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.7:28:23 PM:333.5235-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.7:28:44 PM:898.5246-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.7:28:44 PM:898.5249-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:02:13 PM:28.1758-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:02:13 PM:28.1761-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:02:15 PM:422.1773-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:02:15 PM:422.1776-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:02:17 PM:179.1788-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:02:17 PM:180.1791-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:02:19 PM:610.1803-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:02:19 PM:611.1806-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:07:20 PM:529.3412-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:07:20 PM:534.3415-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:12:11 PM:705.2232-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:12:11 PM:706.2235-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:12:12 PM:80.2247-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:12:12 PM:80.2250-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:12:28 PM:767.2368-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:12:28 PM:768.2371-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:14:55 PM:109.2451-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:14:55 PM:110.2454-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:14:55 PM:546.2466-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:14:55 PM:547.2469-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:17:31 PM:350.2655-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:17:31 PM:350.2658-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:37:02 PM:473.16071-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:37:02 PM:474.16074-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:37:04 PM:528.16086-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:37:04 PM:529.16089-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:37:06 PM:251.16101-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:37:06 PM:253.16104-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:38:58 PM:900.16116-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:38:58 PM:901.16119-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:39:00 PM:988.16131-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:39:00 PM:988.16134-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:42:06 PM:63.16146-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.8:42:06 PM:64.16149-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:10:49 PM:463.3544-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:10:49 PM:463.3547-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:12:43 AM:373.1513-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:12:43 AM:373.1516-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:13:12 AM:106.1528-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:13:12 AM:107.1531-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:13:12 AM:684.1543-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:13:12 AM:684.1546-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:18:15 AM:274.1558-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:18:15 AM:275.1561-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:19:15 PM:209.2683-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:19:15 PM:210.2686-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:19:19 PM:809.2698-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:19:19 PM:810.2701-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:19:23 PM:83.2713-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:19:23 PM:84.2716-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:19:37 PM:424.2728-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:19:37 PM:425.2731-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:19:42 PM:2.2743-wsEngine:::onStateStopped 1 )))))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:19:42 PM:2.2746-wsEngine:::onStateStopped 1 3))))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:24:24 PM:41.2758-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:24:24 PM:42.2761-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:46:29 PM:474.26039-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:46:29 PM:475.26042-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:51:30 PM:529.26054-wsEngine:::onStateStopped 1 ))))))))))))))))))))))))))))))))))[...] Deleted : user_pref("sfLog.9:51:30 PM:530.26057-wsEngine:::onStateStopped 1 3)))))))))))))))))))))))))))))))))[...] Deleted : user_pref("wc_prefs.WC_Carriers", "Caribbean|Digicel Caribbean||Caribbean|GT&T Guyana||Caribbean|LIM[...] Deleted : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...] File : C:\Users\harold\AppData\Roaming\Mozilla\Firefox\Profiles\hfwryneh.default\prefs.js [OK] File is clean. File : C:\Users\brenda\AppData\Roaming\Mozilla\Firefox\Profiles\ylcmprtt.default\prefs.js [OK] File is clean. -\\ Google Chrome v27.0.1453.116 File : C:\Users\harold\AppData\Local\Google\Chrome\User Data\Default\Preferences ************************* AdwCleaner[R1].txt - [29774 octets] - [27/06/2013 10:05:45] AdwCleaner[s1].txt - [30172 octets] - [27/06/2013 10:11:06] ########## EOF - C:\AdwCleaner[s1].txt - [30233 octets] ##########
  3. Step 3 complete: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by harold on Thu 06/27/2013 at 9:40:33.64 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4116355697-4065115202-1601442756-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" Successfully deleted: [Registry Key] "hkey_local_machine\software\pip" ~~~ Files Successfully deleted: [File] C:\eula.1028.txt Successfully deleted: [File] C:\eula.1031.txt Successfully deleted: [File] C:\eula.1033.txt Successfully deleted: [File] C:\eula.1036.txt Successfully deleted: [File] C:\eula.1040.txt Successfully deleted: [File] C:\eula.1041.txt Successfully deleted: [File] C:\eula.1042.txt Successfully deleted: [File] C:\eula.2052.txt Successfully deleted: [File] C:\install.res.1028.dll Successfully deleted: [File] C:\install.res.1031.dll Successfully deleted: [File] C:\install.res.1033.dll Successfully deleted: [File] C:\install.res.1036.dll Successfully deleted: [File] C:\install.res.1040.dll Successfully deleted: [File] C:\install.res.1041.dll Successfully deleted: [File] C:\install.res.1042.dll Successfully deleted: [File] C:\install.res.2052.dll Successfully deleted: [File] C:\install.res.3082.dll ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\partner" Successfully deleted: [Folder] "C:\Users\harold\AppData\Roaming\software" Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{0139E6D1-23CE-4778-8FAC-2B8E9321BD83} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{05E5070A-304F-4DE2-8171-93957AFAF4AD} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{09D31374-E8DA-4AE6-99D5-55959B181B91} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{0A88E484-D5D4-40D3-BDC5-D0BE5E187B61} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{0BC4304C-C47C-489E-8756-DB262C7F8407} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{0FE5421E-AEFC-426E-9CA5-2DA5591304C8} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{14B2FE15-88A7-42A2-B2A4-578BC1668B33} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{1E31D3FE-8230-4897-B9E1-C0BF46182C87} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{2639AE59-FAB3-4852-9C7F-D1CC216EFFCD} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{2DB09CE8-F5E5-4F2B-AF3A-58DF97C3A08A} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{3010B05F-C7DC-4450-BE23-53EF94D515F1} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{37A97111-CDA2-4FBA-A97A-19C30579BA16} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{3B0C4AF9-07C8-420B-8FD9-F2961C2C13FE} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{3EB79D0A-9BCE-456D-8705-B8C04B90D676} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{4D5BE7B7-9FAB-4C5C-86AA-DA4453347BCC} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{4EF165DA-5200-4800-8DE5-A030B084BF39} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{5089A4CC-EDC5-4E46-B829-2B4B5157DDCF} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{681604F1-0FEB-4B9B-A784-744F28750ED0} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{68BA4029-36E5-4B67-9267-65EFED2D8FAB} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{6AFF0E98-017F-4A0B-9163-AF967E35FBCE} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{6EE6ABED-CF66-4C95-B6E0-9BD296D569B7} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{738DE620-159A-4363-A60C-341575DFABE9} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{7ABA2970-F842-48B0-BBD4-51409BCDD92C} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{84B727D5-5CCB-4E9F-835C-5D9099C84685} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{868B2099-88F5-41C3-8FC8-DC176D000BA5} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{86919045-0A3D-4249-9725-1F34E38D4419} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{87947662-A3CB-4F11-8DA8-C048C1CF195A} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{8B4411D0-FDA8-4E67-BB40-CF09C506FAD3} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{8BACB5F4-229D-4F12-9E56-B113EC60D9E2} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{8DE9B831-F3EA-4E4A-80BC-4FDB3D204415} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{929A4FA1-C86D-4FE9-8163-E7F06F3512E6} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{96EF42E7-75F5-46F3-A254-40C8797891D4} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{9865CB46-D4A4-40DF-A54F-874A315F5585} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{9DB78942-8B6D-4E92-820B-BC902067BFCB} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{A2162EDF-7FEA-4F1F-92B9-14C3292B77AF} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{A2BE11D2-53B9-4493-BEED-727679122BD9} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{AADA486E-3EED-449D-935C-5CF0B985A7AC} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{AE2EF15F-0926-4D23-8C32-BB1E7EF17D48} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{C3A15111-B492-456B-8B55-EC2BF3B906A2} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{D137AE5D-DD74-4219-B86F-F36E1212E586} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{D336BBC2-75CF-4A12-958D-8E98104DA366} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{D5F6E435-601B-40E5-A8FF-0F5711CE201E} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{DC53C09F-AC15-4C05-BADD-CB21EE448378} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{DE4B4F07-7E51-41AB-91C9-4361226ED657} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{EB856141-F5D3-4E4C-B148-04FC16A5F2B6} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{EC181A2A-5BD7-4864-91E0-7597682AE216} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{F6CE9FCF-8D0D-4B0C-81A4-7E0E20DA8B43} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{F6ECA57E-D8CA-4C03-961B-7C3438FD9467} Successfully deleted: [Empty Folder] C:\Users\harold\appdata\local\{FD38411B-B366-47AA-A836-E73B752B8A24} ~~~ FireFox Successfully deleted: [File] "C:\Users\harold\AppData\Roaming\mozilla\firefox\profiles\5q78soxe.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi" Successfully deleted: [Folder] C:\Users\harold\AppData\Roaming\mozilla\firefox\profiles\5q78soxe.default\jetpack Successfully deleted: [Folder] C:\Users\harold\AppData\Roaming\mozilla\firefox\profiles\5q78soxe.default\extensions\superfish@superfish.com Successfully deleted the following from C:\Users\harold\AppData\Roaming\mozilla\firefox\profiles\5q78soxe.default\prefs.js user_pref("de.soerenrinne.googlebuttons.userlist", "Mail,Reader,Web Search,Maps,Calendar,Wave,Dashboard,Alerts,Google Shortcuts Settings,"); user_pref("sfLog.8:44:09 PM:504.1936-wsEngine:::onStateStopped 4 5 1 OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO aDomDocument.location.host=www.deltabravosierra.us", "wsEngine" user_pref("sfLog.8:44:09 PM:770.1989-wsEngine:::onStateStopped 4 5 1 OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO aDomDocument.location.host=www.deltabravosierra.us", "wsEngine" user_pref("sfLog.8:44:10 PM:212.2004-wsEngine:::onStateStopped 4 5 1 OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO aDomDocument.location.host=www.deltabravosierra.us", "wsEngine" user_pref("sfLog.8:44:10 PM:258.2019-wsEngine:::onStateStopped 4 5 1 OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO aDomDocument.location.host=www.deltabravosierra.us", "wsEngine" user_pref("sfLog.8:44:10 PM:299.2022-wsEngine:::myExtension 8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888 location user_pref("sfLog.8:44:10 PM:455.2045-wsEngine:::myExtension 8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888 location user_pref("sfLog.8:44:10 PM:648.2068-wsEngine:::myExtension 8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888 location user_pref("sfLog.8:44:11 PM:576.2103-wsEngine:::onStateStopped 4 5 1 OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO aDomDocument.location.host=www.deltabravosierra.us", "wsEngine" user_pref("sfLog.8:44:15 PM:101.2118-wsEngine:::onStateStopped 4 5 1 OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO aDomDocument.location.host=www.deltabravosierra.us", "wsEngine" user_pref("sfLog.8:44:15 PM:282.2171-wsEngine:::onStateStopped 4 5 1 OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO aDomDocument.location.host=www.deltabravosierra.us", "wsEngine" user_pref("sfLog.8:44:15 PM:344.2186-wsEngine:::onStateStopped 4 5 1 OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO aDomDocument.location.host=www.deltabravosierra.us", "wsEngine" user_pref("sfLog.8:44:15 PM:533.2201-wsEngine:::onStateStopped 4 5 1 OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO aDomDocument.location.host=www.deltabravosierra.us", "wsEngine" user_pref("sfLog.8:44:15 PM:867.2204-wsEngine:::myExtension 8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888 location user_pref("sfLog.8:44:15 PM:995.2239-wsEngine:::onStateStopped 4 5 1 OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO aDomDocument.location.host=www.deltabravosierra.us", "wsEngine" user_pref("sfLog.8:44:16 PM:19.2242-wsEngine:::myExtension 8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888 location= user_pref("sfLog.8:44:16 PM:203.2265-wsEngine:::myExtension 8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888 location user_pref("sfLog.8:44:29 PM:796.2300-wsEngine:::onStateStopped 4 5 1 OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO aDomDocument.location.host=www.deltabravosierra.us", "wsEngine" user_pref("sfLog.8:44:29 PM:957.2353-wsEngine:::onStateStopped 4 5 1 OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO aDomDocument.location.host=www.deltabravosierra.us", "wsEngine" user_pref("sfLog.8:44:30 PM:14.2368-wsEngine:::onStateStopped 4 5 1 OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO aDomDocument.location.host=www.deltabravosierra.us", "wsEngine") user_pref("sfLog.8:44:30 PM:201.2383-wsEngine:::onStateStopped 4 5 1 OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO aDomDocument.location.host=www.deltabravosierra.us", "wsEngine" user_pref("sfLog.8:44:30 PM:535.2386-wsEngine:::myExtension 8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888 location user_pref("sfLog.8:44:30 PM:688.2409-wsEngine:::myExtension 8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888 location user_pref("sfLog.8:44:30 PM:712.2444-wsEngine:::onStateStopped 4 5 1 OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO aDomDocument.location.host=www.deltabravosierra.us", "wsEngine" user_pref("sfLog.8:44:30 PM:886.2447-wsEngine:::myExtension 8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888 location user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocatio user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home. user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_product_name", "Updater By SweetPacks"); Emptied folder: C:\Users\harold\AppData\Roaming\mozilla\firefox\profiles\5q78soxe.default\minidumps [20 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 06/27/2013 at 9:45:47.75 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  4. MBAR completed: Malwarebytes Anti-Rootkit BETA 1.06.0.1004 www.malwarebytes.org Database version: v2013.06.27.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 harold :: GATEWAY [administrator] 6/27/2013 8:25:54 AM mbar-log-2013-06-27 (08-25-54).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 302087 Time elapsed: 13 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1004 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16618 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.260000 GHz Memory total: 3007840256, free: 1080102912 Downloaded database version: v2013.06.27.05 Initializing... ------------ Kernel report ------------ 06/27/2013 08:25:48 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\DRIVERS\MpFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\k57nd60a.sys \SystemRoot\system32\DRIVERS\athrx.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\SysWOW64\Drivers\DKbFltr.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\Apfiltr.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\SysWOW64\drivers\Afc.sys \??\C:\Windows\system32\drivers\UBHelper.sys \??\C:\Windows\system32\drivers\NTIDrvr.sys \SystemRoot\system32\DRIVERS\Impcd.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\serscan.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\loop.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\vmnetadapter.sys \SystemRoot\system32\DRIVERS\VMNET.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\CAXHWAZL.sys \SystemRoot\system32\DRIVERS\CAX_DPV.sys \SystemRoot\system32\DRIVERS\CAX_CNXT.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\system32\drivers\NMgamingms.sys \SystemRoot\system32\drivers\hidusb.sys \SystemRoot\system32\drivers\HIDCLASS.SYS \SystemRoot\system32\drivers\HIDPARSE.SYS \SystemRoot\system32\drivers\USBD.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\vmnetbridge.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\TurboB.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\drivers\hcmon.sys \??\C:\Windows\system32\drivers\vmci.sys \??\C:\Windows\system32\drivers\vmx86.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\DRIVERS\mdmxsdk.sys \SystemRoot\system32\DRIVERS\NisDrvWFP.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \??\C:\Windows\SysWOW64\drivers\supersafer64.sys \SystemRoot\System32\drivers\tcpipreg.sys \??\C:\Windows\system32\drivers\vmnetuserif.sys \SystemRoot\system32\DRIVERS\XAudio64.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \??\C:\Users\harold\AppData\Local\Temp\ALSysIO64.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\setupapi.dll \Windows\System32\wininet.dll \Windows\System32\ole32.dll \Windows\System32\imm32.dll \Windows\System32\rpcrt4.dll \Windows\System32\msvcrt.dll \Windows\System32\ws2_32.dll \Windows\System32\msctf.dll \Windows\System32\urlmon.dll \Windows\System32\user32.dll \Windows\System32\sechost.dll \Windows\System32\psapi.dll \Windows\System32\iertutil.dll \Windows\System32\Wldap32.dll \Windows\System32\shell32.dll \Windows\System32\usp10.dll \Windows\System32\advapi32.dll \Windows\System32\shlwapi.dll \Windows\System32\normaliz.dll \Windows\System32\imagehlp.dll \Windows\System32\oleaut32.dll \Windows\System32\kernel32.dll \Windows\System32\comdlg32.dll \Windows\System32\gdi32.dll \Windows\System32\clbcatq.dll \Windows\System32\lpk.dll \Windows\System32\difxapi.dll \Windows\System32\nsi.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\comctl32.dll \Windows\System32\KernelBase.dll \Windows\System32\crypt32.dll \Windows\System32\wintrust.dll \Windows\System32\cfgmgr32.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\devobj.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa80032e3060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa800306f050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Device number: 0, partition: 3 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa80032e3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80032e3b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80032e3060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800306f050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 3 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 3 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: E553E553 Partition information: Partition 0 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 24576000 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 24578048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 24782848 Numsec = 505436208 Partition 3 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 530221056 Numsec = 446550016 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)... Done! Scan finished ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_24578048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removal finished
  5. Step 1, complete Step 2, running Step 3, downloaded JRT and waiting for Step to complete.
  6. My laptop has the Sweetpack hijacking malware. I have ran CCleaner and have been able to remove two installed Sweetpack programs (one was an Uninstaller, the other installed a Internet Explorer bar). I ran MBAM earlier but didn't capture the log file. I have run it again, but that was after I used CCleaner to remove the two installed programs, and removed the IE Bar. Mozilla Firefox reported that it had the Sweepacks add-on, I have it disabled at the present time because I wanted to remember just what it was the PC has been infected with. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.06.26.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 harold :: GATEWAY [administrator] 6/27/2013 12:09:55 AM mbam-log-2013-06-27 (00-09-55).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 280771 Time elapsed: 4 minute(s), 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) and DDS.SCR DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.25.2 Run by harold at 0:04:38 on 2013-06-27 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2868.1085 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files (x86)\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe C:\Prey\platform\windows\cronsvc.exe C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Users\harold\AppData\Roaming\Mikogo 4\M4-Service.exe C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe C:\Users\harold\AppData\Roaming\Mikogo 4\M4-Capture.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe C:\Windows\system32\taskhost.exe C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Core Temp\Core Temp.exe C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe C:\Windows\SysWOW64\vmnat.exe C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\Tomcat6.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\VMware\VMware Server\vmware-authd.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Apoint2K\Apoint.exe C:\Windows\SysWOW64\vmnetdhcp.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe C:\Windows\PLFSetI.exe C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Greenshot\Greenshot.exe C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe C:\Users\harold\AppData\Roaming\Mikogo 4\mikogo-host.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe C:\Program Files (x86)\Video Web Camera\traybar.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\Apoint2K\HidFind.exe C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\explorer.exe C:\Windows\system32\taskhost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [Google Update] "C:\Users\harold\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [Greenshot] C:\Program Files (x86)\Greenshot\Greenshot.exe uRun: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe uRun: [Mikogo] "C:\Users\harold\AppData\Roaming\Mikogo 4\mikogo-host.exe" -asp uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe" mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [CLMLServer] "c:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe" mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe mRun: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" dRun: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe dRun: [Mikogo] "C:\Users\harold\AppData\Roaming\Mikogo 4\mikogo-host.exe" -asp mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll LSP: C:\Program Files (x86)\VMware\VMware Server\vsocklib.dll Trusted Zone: gateway TCP: NameServer = 192.168.1.1 TCP: Interfaces\{4A92AFED-7E14-42E3-B5D8-64D726F90DD7} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{4A92AFED-7E14-42E3-B5D8-64D726F90DD7}\05564756974416777613 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{4A92AFED-7E14-42E3-B5D8-64D726F90DD7}\05C616E647164796F6E62613 : DHCPNameServer = 208.67.222.222 208.67.220.220 TCP: Interfaces\{4A92AFED-7E14-42E3-B5D8-64D726F90DD7}\144574 : DHCPNameServer = 192.168.3.70 192.168.3.4 TCP: Interfaces\{4A92AFED-7E14-42E3-B5D8-64D726F90DD7}\334786D275 : DHCPNameServer = 24.93.41.125 24.93.41.126 TCP: Interfaces\{4A92AFED-7E14-42E3-B5D8-64D726F90DD7}\65562796A7F6E6024425F49444022514A5250243533373 : DHCPNameServer = 192.168.43.1 TCP: Interfaces\{4A92AFED-7E14-42E3-B5D8-64D726F90DD7}\C696E6B6379737F5355435F55343033373 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{4A92AFED-7E14-42E3-B5D8-64D726F90DD7}\D4974427F69646 : DHCPNameServer = 192.168.42.1 TCP: Interfaces\{73746A43-734B-4274-9307-25681CB3A598} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files (x86)\Quest Software\Toad for Oracle\RNetPin.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe x64-Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned> x64-Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> Hosts: 192.168.198.128 ATG11GR2.DOMAIN ATG11gR2 Hosts: 192.168.109.213 classerver.com classerver Hosts: 192.168.1.78 win2008.domain win2008 . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\harold\AppData\Roaming\Mozilla\Firefox\Profiles\5q78soxe.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://apod.nasa.gov/apod/|http://www.userfriendly.org/static/|chrome://newsfox/content/newsfox.xul FF - prefs.js: network.proxy.type - 0 FF - component: C:\Users\harold\AppData\Roaming\Mozilla\Firefox\Profiles\5q78soxe.default\extensions\{b58ca710-f62c-4f38-a0e8-cc9b177463e5}\lib\WINNT\ff3\AbineComponent.dll FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\harold\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Users\harold\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll FF - plugin: C:\Users\harold\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll FF - plugin: C:\Users\harold\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\harold\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\harold\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-06-22 23:27; {EEE6C361-6118-11DC-9C72-001320C79847}; C:\Users\harold\AppData\Roaming\Mozilla\Firefox\Profiles\5q78soxe.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi FF - ExtSQL: 2013-06-26 22:18; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\harold\AppData\Roaming\Mozilla\Firefox\Profiles\5q78soxe.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320] R2 BMFMySQL;BMFMySQL;C:\Program Files (x86)\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe [2005-10-22 4431872] R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-12-22 844320] R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496] R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136] R2 M4-Service;M4-Service;C:\Users\harold\AppData\Roaming\Mikogo 4\M4-Service.exe [2012-8-13 1008032] R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-2-1 214896] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-9-24 62720] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208] R2 supersafer64;supersafer64;C:\Windows\SysWOW64\drivers\supersafer64.sys [2011-7-26 238072] R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-1-9 3574624] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-6 2320920] R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-11-6 240160] R2 VMwareHostd;VMware Host Agent;C:\Program Files (x86)\VMware\VMware Server\vmware-hostd.exe [2009-10-20 322096] R2 VMwareServerWebAccess;VMware Server Web Access;C:\Program Files (x86)\VMware\VMware Server\tomcat\bin\tomcat6.exe [2009-10-20 57344] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.EXE [2013-4-2 240264] R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-12-22 292864] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-6 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-12-22 151936] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-12-22 244736] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-8-6 320040] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360] R3 NMgamingmsFltr;USB Optical Mouse;C:\Windows\System32\drivers\NMgamingms.sys [2009-7-24 11264] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.EXE [2013-4-2 193672] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384] S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-7-22 40448] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-25 48488] S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744] S3 mv2;mv2;C:\Windows\System32\drivers\mv2.sys [2012-1-24 12904] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-20 19456] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-20 57856] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-14 1255736] . =============== File Associations =============== . FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice] ShellExec: sqldeveloperW.exe: Open="C:\app\oracle\product\11.2.0\client_1\sqldeveloper\sqldeveloper\bin\sqldeveloperW.exe" . =============== Created Last 30 ================ . 2013-06-27 02:08:16 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-27 00:51:36 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1195C0CD-391D-46E8-BCA0-E0E13BA0C069}\mpengine.dll 2013-06-27 00:51:32 -------- d-----w- C:\Users\harold\AppData\Roaming\Malwarebytes 2013-06-27 00:51:08 -------- d-----w- C:\ProgramData\Malwarebytes 2013-06-27 00:51:05 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-06-27 00:51:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-06-23 03:26:09 829264 ----a-w- C:\Windows\System32\msvcr100.dll 2013-06-23 03:26:09 608080 ----a-w- C:\Windows\System32\msvcp100.dll 2013-06-23 03:09:06 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-06-21 15:52:05 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6A044CF-A3DF-465E-87B2-1E3769F03F53}\gapaengine.dll 2013-06-12 19:24:10 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-06-05 21:47:23 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll . ==================== Find3M ==================== . 2013-06-27 03:47:37 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat 2013-06-27 02:08:03 867240 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2013-06-27 02:08:03 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-06-12 20:27:41 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-12 20:27:41 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-05-01 07:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2013-05-01 07:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-03-31 22:52:16 1887232 ----a-w- C:\Windows\System32\d3d11.dll . ============= FINISH: 0:05:20.74 ===============
  7. Hello DFB, I want to thank you for the help you gave me in getting my PC back online. As far as the SPYWare programs, I had Search&Destroy at one time, but it appeared to be interfering with Microsoft Security Essentials. The PC would run very slow. I'll be putting at least one of your suggestions on all of my Microsoft OS PCs (all run Microsoft Security Essentials). I had been ignoring the JAVA updates, but dang sure will not from now on. I'm also doing some major cleanup, especially in the download folders. Thank you again, Harold
  8. I'm on the Java website, but it doesn't look like jre-7u3 is available. http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html
  9. Sorry for not getting back sooner. We lost power and the Phone/DSL went down also.
  10. All processes killed ========== OTL ========== C:\Windows\assembly\Desktop.ini moved successfully. File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found. File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found. File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found. Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found. Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found. C:\Windows\System32\lMMLDeleteUserData42107612FX.tmp deleted successfully. C:\Windows\msdownld.tmp folder deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Harold ->Temp folder emptied: 44826849 bytes ->Temporary Internet Files folder emptied: 903 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 20527083 bytes ->Google Chrome cache emptied: 338417039 bytes ->Flash cache emptied: 674 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 24002 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 107667337 bytes Total Files Cleaned = 488.00 mb [EMPTYJAVA] User: Administrator User: All Users User: Default User: Default User User: Harold ->Java cache emptied: 0 bytes User: Public Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: Administrator User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Harold ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 06132013_222916 Files\Folders moved on Reboot... C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2236.log moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  11. The DSL connection was offline, probably about 4pm EST. I reset my home network and was able to reconnect.
  12. ESET finally finished, found and deleted two additional Malware files. E:\Archive\Mozilla Downloads\Download_PowerISO_4.exe Win32/Adware.1ClickDownload.C application cleaned by deleting - quarantined E:\Archive\Mozilla Downloads\Windows_7_SP1_Ultimate_x64_-_updates_&_auto-activation.exe Win32/Adware.1ClickDownload.C application cleaned by deleting - quarantined
  13. OTL Extras logfile created on: 6/13/2013 1:48:24 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Harold\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.25 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 50.34% Memory free 6.49 Gb Paging File | 4.59 Gb Available in Paging File | 70.72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221.61 Gb Total Space | 142.96 Gb Free Space | 64.51% Space Free | Partition Type: NTFS Drive D: | 244.14 Gb Total Space | 59.63 Gb Free Space | 24.42% Space Free | Partition Type: NTFS Drive E: | 221.61 Gb Total Space | 41.43 Gb Free Space | 18.69% Space Free | Partition Type: NTFS Drive F: | 244.14 Gb Total Space | 237.69 Gb Free Space | 97.36% Space Free | Partition Type: NTFS Drive G: | 3.78 Gb Total Space | 3.58 Gb Free Space | 94.59% Space Free | Partition Type: NTFS Computer Name: INTEL-5200-W7 | User Name: Harold | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3768385454-1112087948-439529202-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0329DC04-4BD4-4BCF-9A48-5E347FD60B52}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{136C6D5A-D096-49A3-92F0-CE6E8ECB50CC}" = rport=138 | protocol=17 | dir=out | app=system | "{18EDAC06-0268-4DAB-BAE2-C29FC45262A8}" = lport=10243 | protocol=6 | dir=in | app=system | "{1A0FC60A-EFA7-4643-B2E2-EDFDD4FDD611}" = lport=2869 | protocol=6 | dir=in | app=system | "{1FC52662-2677-40E9-8DD2-D4288E37C754}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe | "{1FD8289C-803E-4C5B-890A-82D8B9AF8B89}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{209412B5-10D4-4DC8-9108-7452D9C2A190}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{233DAF0A-F262-4804-AD23-41B6A9176F2C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{268B7F2D-EC75-4CDD-B8A8-4241044F0BFE}" = rport=445 | protocol=6 | dir=out | app=system | "{28873F7A-1D28-4A89-BAAD-6AF1822D9F83}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe | "{29D12D0D-8535-4F97-AFDE-8BC27BF11D5D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{324D3AD5-963B-49E6-868A-A80FD0B02783}" = lport=139 | protocol=6 | dir=in | app=system | "{38D16A9C-D088-43C5-B2F1-44004937C5BF}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | "{40870FD1-3350-426F-9F75-4DCB9FC0A67A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{45849C74-B661-4761-A789-AA411C38F95E}" = lport=80 | protocol=6 | dir=in | app=system | "{46C019BA-6A4B-4907-A7CE-F687E07E91DE}" = lport=2869 | protocol=6 | dir=in | app=system | "{55F8A572-1B01-41C5-BC54-9EE946C8A421}" = lport=138 | protocol=17 | dir=in | app=system | "{66FEE158-CBF1-4F0C-A881-6E9D2CE91C7D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{681B382B-0D10-44AA-B1D2-58D80C701F4F}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe | "{6E8DB50D-EF58-4FAB-B96A-2C24C99C3CFC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6EBCBC5F-EC6C-4C77-8E89-1917E66D0167}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{726262D9-0EA2-4481-A107-DA402C211A8E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{73C10AE5-56FA-490F-90AB-8925A9F7388B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7FF520CB-031A-4E20-A747-77D3DDB07832}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8181E1B7-40F9-47E7-BF05-59709D3DC668}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{82050247-CD13-4296-94FB-3D1CA08CF7A8}" = rport=139 | protocol=6 | dir=out | app=system | "{9051C10C-D241-43BB-84F6-5DD3E3E9A03D}" = lport=137 | protocol=17 | dir=in | app=system | "{9F9C8609-F5AA-4B0B-8361-1778BA304092}" = lport=445 | protocol=6 | dir=in | app=system | "{AF6DB300-4806-4F19-B842-2D5EDF96D3F9}" = rport=10243 | protocol=6 | dir=out | app=system | "{BA73D4BA-A521-4A8B-99AA-7D7F55090B58}" = lport=5985 | protocol=6 | dir=in | app=system | "{D953CE43-09DC-437C-A19E-467048D8A6D6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{DA8B6384-04F0-45F7-929D-A949C8D69B76}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | "{E08C38E9-3B41-4E36-BF5D-B3F1A5ED494D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E0A6729A-8E6B-4CE6-92D5-E64AFF7F5AD4}" = rport=137 | protocol=17 | dir=out | app=system | "{F0D19AB2-2EFA-45EA-9EB2-0C5695FEFA13}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe | "{FC5F087F-41DC-4E73-A204-61AC2A67035B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0072B792-D8CE-41AE-9A71-E3E802B8164B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{00C48505-6302-4E52-B2B6-AE2E4FDB5D13}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{012DCC3C-A6FE-41BF-A55D-73437EC7E7AF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{02AC1732-DC6C-4229-B8D8-9430F89102FA}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{063E769E-D7AE-4B81-B593-4E9A74C2B734}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{06D6868D-5EC4-4A95-80FB-2CC7813FA898}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0AE85F55-551D-499E-837E-76CA10ACA9A4}" = protocol=6 | dir=in | app=c:\users\harold\appdata\local\google\google talk plugin\googletalkplugin.exe | "{0C6F68CB-D762-46ED-825C-64F1576E63CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0D7B3263-D994-48E3-AF5A-266469DAB02B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0E61230C-6FF7-4CF2-8862-5C4FB7AE4601}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1215E6CE-D1D2-4D2B-9E48-81FD4F676D40}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{12D413DB-38DE-4B10-A045-3C27816CDDEB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{14966D27-D2A2-44A9-8B5E-14D1DF4B04E1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{14A21A4B-9573-45BB-B727-6059B6A04128}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | "{17C14B70-E232-4466-BE59-4FFCC1468DA0}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | "{17FF1CC0-CF46-439F-8C97-9970CA855761}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1AF2F665-BC43-4386-9BFB-E5EB0F50E3AC}" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe | "{1E6367AC-4B66-47E7-A997-889F7690C1DD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{206E554A-D16D-4155-9CB3-1789D63DA474}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{20E0FC40-099A-4DA6-A915-B21891A6D664}" = protocol=17 | dir=in | app=c:\program files\mp3 skype recorder\mp3 skype recorder.exe | "{22CAE050-75A6-47F9-949B-58D87071AFEF}" = protocol=17 | dir=in | app=c:\users\harold\appdata\local\google\google talk plugin\googletalkplugin.exe | "{25198C9C-93BA-4406-8263-28FC1AF48A11}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2878170A-12F7-45A9-AC18-6DEDE6A90E65}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{298E2877-0B74-45A2-9273-187805B9E7B8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{29A7F1D9-00DE-46BC-91E7-46CB6F02464D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2ADE689A-A2A8-44DF-A2C2-926696E7213A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2CADCE84-D0C2-43B7-81C2-DB14AADF9550}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2CB4661C-DF22-4F66-A4EB-02F93C9D826A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2D6F2D50-B675-470E-BB25-B9EDFFA2FD9A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{31085B4C-026C-4F25-8BD6-98AADACF569C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{31A287CF-9900-4364-A90E-748AB35AB5A1}" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "{3482A97F-C7AC-41B2-84E8-2920E68A3101}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{362A46A3-CA79-49C6-92A1-E7070F964DDA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{378EE4EA-31E8-43FD-98E1-47D18E327E61}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{3875618A-CB6E-4E27-8F55-80AFF55D8C4F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3A170378-7EC4-438E-93A8-6ACA27695A92}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3A6880E2-3C3E-4956-A435-2A4FD8EE9444}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3C42E378-5F05-4D9D-A474-9C305B6F4555}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{3C6BC3E4-B9A3-446A-A927-E1F023B4417D}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl06a\faxrx.exe | "{3DD80266-E343-454C-8740-D456A286A7E8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3F020C92-EE7C-4483-B6B7-F1DE7B1C4658}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4739B19F-CCA2-4C9E-A792-50672CA2BA8F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{48235E66-1486-402F-B56F-C0932FC1D942}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4A643DCA-3DF8-4400-8D01-788517D3AD5B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4A75A7F3-5F72-47B7-B715-536310624683}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4AA8F079-D524-4F8B-AEBC-A0F83D50A0F7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4BB2FF93-1A39-462E-BC7A-086D2ECD7AA2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{53055D81-DDF1-4C2B-9A36-E1E354B41482}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | "{551D57AF-2CE5-47B9-B1C0-C362DC2CDB38}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{59E41E2B-608C-4608-B1D2-EB2EE059CA88}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{5A440BCE-77D2-49F5-AE6D-922425547820}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | "{5DCD44C4-4B35-4D5F-9C84-8556F1AC9A6D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{5DEA0773-675A-4E8A-9768-9E3CEB6465E8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{61177501-B1AC-435E-B52F-122E6614806F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{64FD87A3-B500-49B1-B007-E7DE04B5610B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{67A15979-A40D-4AA7-8827-DF43A405C678}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6B75ABA2-D981-4961-A6E5-8B5DB5D2708E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6C8E5494-A7D3-4533-B5D4-EF3B20B5D9A3}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl06a\faxrx.exe | "{6CD82D6B-7036-4631-975E-2305519937EE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{6CEE6C69-6B86-4A0D-9534-5DCCA643DCF4}" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe | "{6DF8E96B-CE74-49B5-93EB-F5FD81DF9F6D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7371B082-4EB0-4EA4-9AE0-CB212200AF1E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{758EDCD5-F0FD-4DCC-9A00-4716540C3AC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7660864E-CDE0-4529-88E9-6B702E173083}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | "{76624069-B32B-4603-980F-760A5B8A7299}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{7C05AC70-4008-4A63-8F7F-2573CE11F012}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{812AE9C1-0B12-4542-A5D1-9EAF594B0058}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8151961D-AEFA-40D3-8650-E32F0F1B37F5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8156ACD6-ED93-4D72-91FB-9D5A9525C7D5}" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe | "{83C0547B-74E3-47F8-B7E9-8A4B222B808D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{84B8B879-02F0-4A25-AB01-5AD7652EF91D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{85702FBB-B2D0-4CCF-B240-2762319DB33D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{89409F15-D430-41DD-BA1C-6CA7F22E0DA4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8A2E262D-EED7-41B3-A6E3-D309CA42ED80}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8A7394FD-022D-454A-B340-2935CDC9B1AA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8C6CA9CC-DF15-4A2E-A761-54433C600F04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{90D3E686-6036-496D-876A-FD51F9C6CF08}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | "{91955C49-C839-49C9-9EC6-C2AB84FD5D76}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{940C4C0C-D088-4CF6-9C32-CB60CE3BC17F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{954175C2-61D3-4510-A914-A31E1E99FD1F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{962D8CB6-2BC7-4591-82AE-A301FD90A2D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{97C2055E-92DF-40C7-8D90-FA9D624FEA9A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{99E39DD8-3BC8-4967-B14D-3C891A5D80F7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9AE300BB-6334-4155-9FC3-09645F95B1DF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9B1FA067-898B-4024-8EB9-E0308D363168}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9D338CC7-D11C-4403-8690-BA9E0D9E9132}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A0372F35-610E-448A-8B90-7D8E0A3C8B64}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A14D70C3-9CAE-414A-AA2B-3FFC549C261D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A812CCC5-48D2-469F-863F-EDF248046FD1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{A90A68AC-73BE-40C3-B131-4FF02B9A6F73}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A9A43338-F04C-48C4-9DAA-FC7794D06216}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A9CCC356-3CD7-4275-8613-FBA805ECF2C5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AB7F9688-12F9-4530-96F7-EE25D84B676B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{ADCFB333-D5CD-40B0-ADE0-FA32BE912D8C}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | "{AE5833F4-D997-4F2B-9CC4-2975A85688F8}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{AE589B50-3494-4C2B-A36C-23ECB631C10C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AE88898E-11DC-41DD-B54D-49C8885C40AE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B20286AF-FEAE-47E8-AFBC-23AB7641BFE1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B3CC9EF9-5242-405B-9D01-D5BAC18CDB8A}" = protocol=6 | dir=in | app=c:\program files\mp3 skype recorder\mp3 skype recorder.exe | "{B4D2077C-FF00-4E06-807E-FE1B7E2D9E27}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe | "{B5A5DBDE-7731-481B-A687-9651FCD2A81C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B5DA1C40-177E-4662-A6B8-01DDB1A92A70}" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "{B6CDB7C7-01D0-4691-AC95-0AF3ADA413E0}" = protocol=17 | dir=in | app=c:\users\harold\appdata\local\google\google talk plugin\googletalkplugin.exe | "{B71FE1E3-8A1B-4B34-AFFC-A89C569DB288}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B7BD6028-9D3C-4971-B986-83C6238935EC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B7C470C4-0B8B-4090-ACC3-A0D666DD7C80}" = protocol=17 | dir=in | app=c:\program files\gnucash\bin\gnucash-bin.exe | "{B86DBA95-5085-4DF8-B5C7-CBEF821FDFC5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B9163F4B-CE23-4AAC-946D-93D4990D5981}" = protocol=17 | dir=in | app=c:\program files\gnucash\bin\gconfd-2.exe | "{BB7F2A26-0E20-4852-B672-02147BA4D6AA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BC4F2081-4F52-40D5-B676-1A4116C3330F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BCB7AD30-2657-4875-94D7-9B3A791F254F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BE6D931A-E3C9-4006-B9F8-915C9034E29D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{BF705C51-0F76-4268-A9C8-5139E263B547}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C08A0458-D5BB-40CA-A3A0-31CBFA167F78}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C119E8E7-A9A9-4B98-8213-725F55AB4988}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C423E730-9B36-4199-B20B-008A56DC9383}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C5365AA3-5E8F-4E4E-B1BD-91EC8A7EC2C9}" = protocol=6 | dir=in | app=c:\users\harold\appdata\local\google\google talk plugin\googletalkplugin.exe | "{C74B09B1-DB52-4F13-AEDB-63C90D0674E2}" = protocol=6 | dir=in | app=c:\program files\gnucash\bin\gconfd-2.exe | "{C81778A7-B220-4605-8684-82F1D06703E2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{CA96654D-098E-4383-8EA1-EA18000CD372}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{CE61CC4A-3A2F-4FFD-A5DD-193044E9138D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CE6787E7-9100-4DD5-83CC-0F2BEB1C84A3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D0238875-38BE-45BD-A1A1-A64892D26373}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D03C81CA-8510-4989-BB59-FB6715699C80}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | "{D43D1D00-A170-4B1F-AEF4-38A977098A0D}" = protocol=6 | dir=in | app=c:\program files\gnucash\bin\gnucash-bin.exe | "{D503A590-1EF8-4DD5-A179-863E4100CACE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DB3424FE-366B-4A5C-BB3A-EC0646AE3418}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DB93BC39-BA48-41D5-90E0-A705B17EA2A1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DDBB4747-CEB4-4ACB-BD97-E90D54637D98}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{DE0CB1F2-013D-4171-A328-F17407979171}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DF4052BE-CD69-4A26-A957-527027BAE952}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E1381ADE-2DD4-4C9B-B31F-8297416B6AF5}" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe | "{E16A63E1-7B9B-47A2-826E-49D6EA8FF72B}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl06a\faxrx.exe | "{E16F5988-3A27-4A08-9EAF-363C4947C989}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E1FBC6AE-9F7B-4C44-A446-ABC778738DD7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E5857A01-25E0-45F5-8C37-6FF2AE1B29EC}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E5AB7B0E-2961-4D28-9559-E339A8C90960}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E60F8276-4128-44F1-B5D6-20FA17654642}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EC408F1B-0CC3-496E-B9DD-A94B7FCB3385}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F1DDC7C6-3E34-41A5-AD83-4E41DAA7F722}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F264C5FB-A7E7-427C-8418-06870B79A032}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F3B72D26-80E8-47A4-95E6-A7FFC2BD1487}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F60B529B-F3BA-472B-B545-F09578590001}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F6BA7DE4-203A-402B-9B84-F0C67F517651}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F7FA84B1-3AD0-4C0B-8769-71BB797DE475}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FA08EAC6-A938-4CFA-B4AE-487C6B4CF146}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FB66968A-561A-42A4-A059-D95E26AB3FC7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FC6D7DCA-CA98-4D90-8117-64D3E1624790}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe | "{FCA36A25-89F7-43E5-B5F5-BBE1AC6899F0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FCE463E6-3D2C-4E9A-8242-297879D2B7A5}" = protocol=6 | dir=out | app=system | "{FD593B1B-E10C-42D0-BC9E-48506250D6D5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FD8116B2-9383-4960-88B5-478E91D59ECC}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl06a\faxrx.exe | "TCP Query User{1A7CD2A5-5C5A-4D82-B75F-954F8496C4E2}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{1AB318F8-0251-4174-92DA-B85CF86347BB}C:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe | "TCP Query User{26040AD8-6E9C-40DD-94C2-72A5BD521078}C:\program files\mp3 skype recorder\mp3 skype recorder.exe" = protocol=6 | dir=in | app=c:\program files\mp3 skype recorder\mp3 skype recorder.exe | "TCP Query User{3EB088C8-2820-43DC-BAF3-3BBF81CED165}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{600BBC7D-EE50-45A0-ACEF-7FEE62DC61E3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{B0546BE6-60C4-40CA-815A-6228218A3444}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe | "TCP Query User{CE8BD569-ECE6-46A7-80C1-8331EF18B23E}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe | "UDP Query User{07C79F78-32E9-4D83-96E9-39840F903D3D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{2A457123-51A0-4268-9784-99A22D9B2108}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe | "UDP Query User{70335DBC-B31C-4782-8521-F3B5204DA791}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{86D72FD5-5848-436F-A3DA-233B028A5744}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{9F8BB9CE-65F7-4F48-ADE8-7140DDAC5EB1}C:\program files\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files\1clickdownload\1clickdownloader.exe | "UDP Query User{DA4BEAFE-AD6E-419A-895F-D9EC085D3AE0}C:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe | "UDP Query User{FC2E0D22-0577-4694-AE92-D5F049FC0EFC}C:\program files\mp3 skype recorder\mp3 skype recorder.exe" = protocol=17 | dir=in | app=c:\program files\mp3 skype recorder\mp3 skype recorder.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport "{080E275F-67BF-6E44-10A5-6B25BD0C73E6}" = ccc-utility "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{13CD417D-F1F1-4AC4-945D-FDDEB884756F}" = Microsoft Baseline Security Analyzer 2.2 "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware "{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{2730415C-DEAE-4C1A-B81E-B74778D2BF81}" = Garmin Update Service "{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{293B2D75-5735-4DFE-8642-F0EDEE9EB064}" = TurboTax 2010 wgaiper "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD8 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{334713BA-B8E7-4A60-988C-4110753A191E}" = ArcSoft Magic-i Visual Effects 2 "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{35F8C4C9-5AB5-4FDA-9FB2-08C56FBA627C}" = Blio "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset "{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C8BBCC8-8363-11E2-A3F4-984BE15F174E}" = Evernote v. 4.6.3 "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper "{596ECF31-381D-406D-9C22-6B805C3D7A8F}" = TurboTax 2011 wgaiper "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{60DDF5DB-1D28-4C93-BD23-BAF440D0BB67}" = PDF Download for Internet Explorer "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{647BB978-2876-487B-9B0E-FDB73F0EA4A2}" = Garmin Communicator Plugin "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers "{67E0C987-AAC3-E5A2-B32D-1BE48BC297E1}" = ATI Catalyst Install Manager "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6c14a7ec-7ed6-47f1-bb64-afc001a60a24}" = Garmin Express "{6D8EACA3-664E-4F83-8A84-BE3AE952DAB6}" = ArcSoft WebCam Companion 3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{729E66B3-1B80-4F2F-8D19-342A89631E0A}_is1" = Wav to Mp3 "{74FF7860-85D8-D261-52C6-D41E946235F1}" = AMD Drag and Drop Transcoding "{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = Snappy1.0.0 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7E48AFD3-F28A-4E54-99A8-9F3A4A27DBC4}" = Brother MFL-Pro Suite MFC-845CW "{8004E5FD-A3A1-F723-EDAF-D5808A756DDC}" = Catalyst Control Center Graphics Previews Common "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.19 "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8ED262EE-FC73-47A9-BB86-D92223246881}" = PowerChute Personal Edition 3.0.2 "{8FD4407C-A901-092A-EB3C-602B52C361DC}" = Catalyst Control Center "{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam 0.3.6 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B260944-746E-4966-8918-0F9636930456}" = ArcSoft MediaImpression for Kodak "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86) "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation "{A45C5EC7-F13E-4414-99BE-47373935C0FE}" = Eraser 6.0.10.2620 "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel® Processor ID Utility "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B3B00119-6B5F-4187-B6C4-F6004DD576D3}_is1" = Magic Audio Converter and CD Ripper "{B543A7E3-943D-4E9B-9222-D7B04447E64D}" = Elevated Installer "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center "{BA31F48A-C811-30B4-AD93-1986C7838442}" = Google Talk Plugin "{BB751CFD-8BCE-9754-ACBE-D6EFDC69C937}" = WMV9/VC-1 Video Playback "{C24B0741-A616-6C3F-F952-BAC0CE90761F}" = CCC Help English "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CA634931-0CC3-4067-ABCC-7182E1DC23B7}" = HP Button Manager "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport "{CB606F47-7D0E-40DF-95BB-0E5413A1295F}" = MP3 Skype Recorder "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CCB71FF8-DE82-469C-8641-44378F4443EB}" = Garmin WebUpdater "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux "{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools "{D31612BB-C6D7-4142-96AE-16DB062354CF}" = HP Webcam User's Guide "{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU "{D4328CA9-E332-456F-B68D-3D3DE90E50B5}" = calibre "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D732E36A-B0C2-4DFF-8C60-4AC06233B2BC}" = Motorola Mobile Drivers Installation 6.0.0 "{D9EF7417-8625-483D-A2D3-687C2EF83138}" = Garmin Express "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DEAD13D3-BC70-4AAE-AEF9-BE6297E106D1}" = Motorola Device Software Update "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E371C150-A9F1-49CE-ACC1-51AEFD01C1D4}_is1" = Turbo Tax Audit Support Center 3.0 "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E9BECF5D-5BA8-950F-7757-17D825A37371}" = Catalyst Control Center InstallProxy "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3BD8E81-C020-44F9-B014-1E0214D23556}" = SA30xx Media Converter "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{F56F50A2-451B-47A6-9542-1225DAFA1831}" = Garmin Express Tray "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "7-Zip" = 7-Zip 9.21beta "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Android SDK Tools" = Android SDK Tools "Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12 "Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2 "AudibleManager" = AudibleManager "bot-sentry" = Bot Sentry 1.3.0 (remove only) "CCleaner" = CCleaner "CPUID CPU-Z_is1" = CPUID CPU-Z 1.62.0 "Defraggler" = Defraggler "DiskCheckup_is1" = DiskCheckup v3.0.1007 "FLV Player2.0.25" = FLV Player "Foxit Reader_is1" = Foxit Reader "Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16 "GNU Aspell_is1" = GNU Aspell 0.50-3 "GnuCash_is1" = GnuCash 2.2.9 "Google Chrome" = Google Chrome "HWiNFO32_is1" = HWiNFO32 Version 3.73 "Index.Dat Viewer 3" = Index.Dat Viewer 3 "Installing HSP56 MicroModem Drivers" = HSP56 Modem Drivers "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD8 "InterActual Player" = InterActual Player "Karen's Alarm Clock" = Karen's Alarm Clock "LinkedIn Internet Explorer Toolbar" = LinkedIn Internet Explorer Toolbar "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US) "Mozilla Thunderbird 17.0.6 (x86 en-US)" = Mozilla Thunderbird 17.0.6 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Nero8Lite_is1" = Nero 8 Lite 8.3.2.1 "NirSoft IPNetInfo" = NirSoft IPNetInfo "NirSoft WhoisThisDomain" = NirSoft WhoisThisDomain "Notepad++" = Notepad++ "Office14.SingleImage" = Microsoft Office Home and Student 2010 "OpenAL" = OpenAL "Picasa 3" = Picasa 3 "Pidgin" = Pidgin "pidgin-guifications" = Guifications Plugin (remove only) "Portforward Static IP Address" = Portforward Static IP Address 1.0.47 "QuuxPlayer" = QuuxPlayer "Rapport_msi" = Rapport "SDEPRO20_is1" = SDExplorer 3.1 "Secunia PSI" = Secunia PSI (2.0.0.3003) "ST6UNST #1" = Karen's Time Cop "TeamViewer 8" = TeamViewer 8 "Torrent Episode Downloader 0.9715" = Torrent Episode Downloader "Torrent Episode Downloader 0.972" = Torrent Episode Downloader "TurboTax 2010" = TurboTax 2010 "TurboTax 2011" = TurboTax 2011 "Unlocker" = Unlocker 1.9.0 "uTorrent" = µTorrent "VMware_Workstation" = VMware Workstation "Windows 7 - Codec Pack" = Windows 7 Codec Pack 3.0.0 "WinLiveSuite" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.2 "Wireshark" = Wireshark 1.8.5 (32-bit) "YTdetect" = Yahoo! Detect ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3768385454-1112087948-439529202-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Geotag" = Geotag "HuluDesktop" = Hulu Desktop ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/12/2013 8:51:23 PM | Computer Name = Intel-5200-W7 | Source = Software Protection Platform Service | ID = 8198 Description = License Activation (slui.exe) failed with the following error code: 0x800706BE Error - 6/12/2013 9:58:36 PM | Computer Name = Intel-5200-W7 | Source = System Restore | ID = 8204 Description = Error - 6/12/2013 9:58:39 PM | Computer Name = Intel-5200-W7 | Source = Application Error | ID = 1000 Description = Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec Exception code: 0xc0000005 Fault offset: 0x0001af76 Faulting process id: 0x3cc Faulting application start time: 0x01ce67d984d37ce1 Faulting application path: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Faulting module path: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Report Id: c3d20b28-d3cc-11e2-bd1b-005056c00008 Error - 6/12/2013 10:01:14 PM | Computer Name = Intel-5200-W7 | Source = VSS | ID = 8193 Description = Error - 6/12/2013 10:20:06 PM | Computer Name = Intel-5200-W7 | Source = Application Error | ID = 1000 Description = Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec Exception code: 0xc0000005 Fault offset: 0x0001af76 Faulting process id: 0x85c Faulting application start time: 0x01ce67dc84b7ed09 Faulting application path: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Faulting module path: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Report Id: c319607e-d3cf-11e2-bd73-005056c00008 Error - 6/12/2013 10:43:48 PM | Computer Name = Intel-5200-W7 | Source = Application Error | ID = 1000 Description = Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec Exception code: 0xc0000005 Fault offset: 0x0001af76 Faulting process id: 0xfe0 Faulting application start time: 0x01ce67dfd33e8ee1 Faulting application path: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Faulting module path: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Report Id: 124dc6ca-d3d3-11e2-bd67-005056c00008 Error - 6/12/2013 11:24:02 PM | Computer Name = Intel-5200-W7 | Source = VSS | ID = 8194 Description = Error - 6/12/2013 11:24:02 PM | Computer Name = Intel-5200-W7 | Source = VSS | ID = 8193 Description = Error - 6/12/2013 11:24:03 PM | Computer Name = Intel-5200-W7 | Source = VSS | ID = 8193 Description = Error - 6/12/2013 11:26:53 PM | Computer Name = Intel-5200-W7 | Source = Application Error | ID = 1000 Description = Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec Exception code: 0xc0000005 Fault offset: 0x0001af76 Faulting process id: 0x85c Faulting application start time: 0x01ce67e5d809d45c Faulting application path: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Faulting module path: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Report Id: 1743e50a-d3d9-11e2-bd2e-005056c00008 Error - 6/13/2013 1:41:05 AM | Computer Name = Intel-5200-W7 | Source = Application Error | ID = 1000 Description = Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec Exception code: 0xc0000005 Fault offset: 0x0001af76 Faulting process id: 0x588 Faulting application start time: 0x01ce67f8977820f7 Faulting application path: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Faulting module path: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Report Id: d64250f8-d3eb-11e2-965c-005056c00008 [ System Events ] Error - 6/12/2013 11:26:19 PM | Computer Name = Intel-5200-W7 | Source = Microsoft-Windows-TaskScheduler | ID = 412 Description = Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942402. Error - 6/13/2013 12:51:00 AM | Computer Name = Intel-5200-W7 | Source = Service Control Manager | ID = 7034 Description = The M4-Service service terminated unexpectedly. It has done this 1 time(s). Error - 6/13/2013 12:53:47 AM | Computer Name = Intel-5200-W7 | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 6/13/2013 1:00:57 AM | Computer Name = Intel-5200-W7 | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 6/13/2013 1:06:56 AM | Computer Name = Intel-5200-W7 | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 6/13/2013 1:07:06 AM | Computer Name = Intel-5200-W7 | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 6/13/2013 1:08:22 AM | Computer Name = Intel-5200-W7 | Source = EventLog | ID = 6008 Description = The previous system shutdown at 1:06:58 AM on ?6/?13/?2013 was unexpected. Error - 6/13/2013 1:08:26 AM | Computer Name = Intel-5200-W7 | Source = Microsoft-Windows-TaskScheduler | ID = 412 Description = Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942402. Error - 6/13/2013 1:38:49 AM | Computer Name = Intel-5200-W7 | Source = DCOM | ID = 10010 Description = Error - 6/13/2013 1:40:41 AM | Computer Name = Intel-5200-W7 | Source = Microsoft-Windows-TaskScheduler | ID = 412 Description = Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942402. < End of report >
  14. I'm back. The PC rebooted sometime overnight. Microsoft patches were applied, but three failed, will look at those later. OTL finished, and generated the OTL.txt and Extras.txt OTL logfile created on: 6/13/2013 1:48:24 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Harold\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.25 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 50.34% Memory free 6.49 Gb Paging File | 4.59 Gb Available in Paging File | 70.72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221.61 Gb Total Space | 142.96 Gb Free Space | 64.51% Space Free | Partition Type: NTFS Drive D: | 244.14 Gb Total Space | 59.63 Gb Free Space | 24.42% Space Free | Partition Type: NTFS Drive E: | 221.61 Gb Total Space | 41.43 Gb Free Space | 18.69% Space Free | Partition Type: NTFS Drive F: | 244.14 Gb Total Space | 237.69 Gb Free Space | 97.36% Space Free | Partition Type: NTFS Drive G: | 3.78 Gb Total Space | 3.58 Gb Free Space | 94.59% Space Free | Partition Type: NTFS Computer Name: INTEL-5200-W7 | User Name: Harold | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/06/13 01:36:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Harold\Desktop\OTL.exe PRC - [2013/06/12 23:26:29 | 001,592,208 | ---- | M] () -- C:\Users\Harold\AppData\Local\Mikogo4\Viewer\Service\M4-Capture.exe PRC - [2013/06/07 08:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2013/06/07 08:39:24 | 011,077,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer.exe PRC - [2013/06/07 08:31:02 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\tv_w32.exe PRC - [2013/05/29 01:27:40 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2013/05/24 01:39:15 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/05/02 23:48:22 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe PRC - [2013/04/16 16:10:44 | 019,662,744 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe PRC - [2013/03/25 15:45:52 | 000,694,584 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe PRC - [2013/03/25 15:45:52 | 000,121,144 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe PRC - [2013/03/20 16:36:28 | 001,100,120 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Express Tray\ExpressTray.exe PRC - [2013/03/20 16:35:40 | 000,186,200 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe PRC - [2013/02/24 21:16:38 | 001,008,032 | ---- | M] () -- C:\Users\Harold\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe PRC - [2013/01/27 12:11:46 | 000,284,304 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/05/22 08:13:12 | 000,980,920 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe PRC - [2012/01/24 16:21:22 | 000,021,880 | ---- | M] (Schneider Electric) -- C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe PRC - [2012/01/24 16:11:56 | 000,705,912 | ---- | M] (Schneider Electric) -- C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe PRC - [2012/01/24 16:06:48 | 000,673,144 | ---- | M] (Schneider Electric) -- C:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe PRC - [2011/11/18 00:02:32 | 001,975,296 | ---- | M] (Alexander Nikiforov) -- C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe PRC - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe PRC - [2011/04/20 02:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/12 13:24:16 | 000,073,728 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe PRC - [2010/04/22 10:31:46 | 001,344,744 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe PRC - [2010/04/22 10:31:44 | 000,824,552 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe PRC - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe PRC - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe PRC - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2009/07/23 12:06:16 | 000,323,584 | ---- | M] () -- C:\Program Files\HP\Button Manager\BM.exe PRC - [2009/03/26 07:53:14 | 000,524,288 | ---- | M] (Brother Industries Ltd.) -- C:\Program Files\Brother\Brmfl06a\FAXRX.exe PRC - [2009/02/24 15:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe PRC - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe PRC - [2005/10/03 12:23:36 | 000,020,480 | ---- | M] () -- C:\Windows\CameraFixer.exe PRC - [2005/09/09 16:32:38 | 000,102,400 | ---- | M] (sonix) -- C:\Windows\tsnp2std.exe PRC - [2003/10/30 09:12:42 | 000,180,224 | ---- | M] () -- C:\Windows\System32\pctspk.exe ========== Modules (No Company Name) ========== MOD - [2013/06/13 01:41:29 | 000,128,512 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\_elementtree.pyd MOD - [2013/06/13 01:41:29 | 000,044,032 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\_socket.pyd MOD - [2013/06/13 01:41:28 | 000,557,056 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\pysqlite2._sqlite.pyd MOD - [2013/06/13 01:41:28 | 000,320,512 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\win32com.shell.shell.pyd MOD - [2013/06/13 01:41:28 | 000,098,816 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\win32api.pyd MOD - [2013/06/13 01:41:28 | 000,070,656 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\wx._html2.pyd MOD - [2013/06/13 01:41:28 | 000,026,624 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\_multiprocessing.pyd MOD - [2013/06/13 01:41:28 | 000,022,528 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\win32ts.pyd MOD - [2013/06/13 01:41:27 | 001,022,416 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\windows._cacheinvalidation.pyd MOD - [2013/06/13 01:41:27 | 000,805,888 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\wx._gdi_.pyd MOD - [2013/06/13 01:41:27 | 000,011,264 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\win32crypt.pyd MOD - [2013/06/13 01:41:26 | 000,087,040 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\_ctypes.pyd MOD - [2013/06/13 01:41:26 | 000,017,408 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\win32profile.pyd MOD - [2013/06/13 01:41:25 | 000,735,232 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\wx._misc_.pyd MOD - [2013/06/13 01:41:25 | 000,364,544 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\pythoncom27.dll MOD - [2013/06/13 01:41:24 | 001,175,040 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\wx._core_.pyd MOD - [2013/06/13 01:41:24 | 000,110,080 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\PyWinTypes27.dll MOD - [2013/06/13 01:41:24 | 000,108,544 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\win32security.pyd MOD - [2013/06/13 01:41:22 | 001,153,024 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\_ssl.pyd MOD - [2013/06/13 01:41:22 | 000,711,680 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\_hashlib.pyd MOD - [2013/06/13 01:41:22 | 000,035,840 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\win32process.pyd MOD - [2013/06/13 01:41:22 | 000,025,600 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\win32pdh.pyd MOD - [2013/06/13 01:41:21 | 000,811,008 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\wx._windows_.pyd MOD - [2013/06/13 01:41:21 | 000,122,368 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\wx._wizard.pyd MOD - [2013/06/13 01:41:20 | 000,119,808 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\win32file.pyd MOD - [2013/06/13 01:41:19 | 000,038,912 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\win32inet.pyd MOD - [2013/06/13 01:41:17 | 001,062,400 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\wx._controls_.pyd MOD - [2013/06/13 01:41:15 | 000,686,080 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\unicodedata.pyd MOD - [2013/06/13 01:41:15 | 000,127,488 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\pyexpat.pyd MOD - [2013/06/13 01:41:15 | 000,018,432 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\win32event.pyd MOD - [2013/06/13 01:41:14 | 000,010,240 | ---- | M] () -- C:\Users\Harold\AppData\Local\temp\_MEI44402\select.pyd MOD - [2013/05/24 01:38:18 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2013/05/16 03:40:56 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll MOD - [2013/05/16 03:39:05 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll MOD - [2013/05/16 03:38:38 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013/05/16 03:38:21 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll MOD - [2013/05/16 03:38:01 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013/05/16 03:37:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013/05/16 03:22:54 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\98e8641e2ca570f03352a91836b0b97a\System.ServiceModel.Routing.ni.dll MOD - [2013/05/16 03:22:53 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0e5d2997438866de453e8b1401d84398\System.ServiceModel.Discovery.ni.dll MOD - [2013/05/16 03:22:50 | 001,393,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\4dbbfceeddfc9180d5f621f0fc586e2c\System.ServiceModel.Activities.ni.dll MOD - [2013/05/16 03:22:50 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\3a75004c8363a598f4997686c16ae55e\System.ServiceModel.Channels.ni.dll MOD - [2013/05/16 03:22:46 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\be692307d47b83000bba8bb6b484aff0\System.ServiceModel.ni.dll MOD - [2013/05/16 03:22:08 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\6ff6bd832b03b5d6ea275ba9bee2d3ef\System.IdentityModel.ni.dll MOD - [2013/05/16 03:18:00 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b\System.Runtime.DurableInstancing.ni.dll MOD - [2013/05/16 03:17:58 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\2609614ca03927f7a99418c74844059b\System.Runtime.Serialization.ni.dll MOD - [2013/05/16 03:17:53 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8732d692f02402dbd81280b0d3c4f6a9\System.Xml.Linq.ni.dll MOD - [2013/05/16 03:13:37 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll MOD - [2013/05/16 03:13:12 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll MOD - [2013/05/16 03:13:02 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll MOD - [2013/05/16 03:12:44 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll MOD - [2013/05/16 03:12:40 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll MOD - [2013/05/16 03:12:30 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll MOD - [2013/02/14 04:37:09 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll MOD - [2013/02/14 04:35:36 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll MOD - [2013/02/14 04:32:16 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013/01/10 11:45:45 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll MOD - [2013/01/10 11:45:37 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll MOD - [2013/01/10 10:51:56 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013/01/10 10:51:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013/01/10 10:50:24 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/10 10:50:20 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll MOD - [2013/01/10 10:49:50 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/01/10 10:49:41 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/10 10:49:30 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013/01/10 09:21:02 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll MOD - [2013/01/10 09:21:01 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll MOD - [2013/01/10 09:20:32 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll MOD - [2013/01/10 09:20:22 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll MOD - [2013/01/10 09:20:09 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll MOD - [2011/03/09 00:24:12 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2009/12/15 13:19:30 | 000,561,152 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll MOD - [2009/07/23 12:06:16 | 000,323,584 | ---- | M] () -- C:\Program Files\HP\Button Manager\BM.exe MOD - [2009/02/27 16:38:22 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll MOD - [2005/10/03 12:23:36 | 000,020,480 | ---- | M] () -- C:\Windows\CameraFixer.exe MOD - [2005/02/02 13:38:18 | 000,024,576 | ---- | M] () -- C:\Program Files\Brother\Brmfl06a\brrunpp.dll MOD - [2003/10/30 09:12:42 | 000,180,224 | ---- | M] () -- C:\Windows\System32\pctspk.exe MOD - [2002/11/26 14:43:18 | 000,106,496 | ---- | M] () -- C:\Windows\System32\BrMuSNMP.dll ========== Services (SafeList) ========== SRV - [2013/06/12 03:25:48 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/06/07 08:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013/05/24 01:39:14 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/03/25 15:45:52 | 000,121,144 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager) SRV - [2013/03/20 16:35:40 | 000,186,200 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service) SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/02/24 21:16:38 | 001,008,032 | ---- | M] () [Auto | Running] -- C:\Users\Harold\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe -- (M4-Service) SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012/01/24 16:21:22 | 000,021,880 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe -- (APC Data Service) SRV - [2012/01/24 16:11:56 | 000,705,912 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe -- (APC UPS Service) SRV - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service) SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2011/04/20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010/04/22 10:31:44 | 000,824,552 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) SRV - [2010/04/10 17:05:58 | 000,266,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc) SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010/03/03 14:35:40 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service) SRV - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2009/10/12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60) SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2008/03/18 06:28:46 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Util\Cygwin\bin\cygrunsrv.exe -- (BrlAPI) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\Sandra.sys -- (SANDRA) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motusbdevice.sys -- (motusbdevice) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motport.sys -- (motport) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Motousbnet.sys -- (Motousbnet) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motswch.sys -- (MotoSwitchService) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgpfl.sys -- (motccgpfl) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motccgp.sys -- (motccgp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Harold\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motfilt.sys -- (BTCFilterService) DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2012/08/23 10:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012/08/23 10:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2011/04/20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011/04/20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/17 08:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2010/09/30 00:13:46 | 000,020,088 | ---- | M] (REALiX) [Kernel | System | Running] -- C:\Program Files\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32) DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2010/06/25 13:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2010/04/22 10:32:04 | 000,157,160 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG) DRV - [2010/04/22 10:32:04 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL) DRV - [2009/10/22 05:00:46 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86) DRV - [2009/10/22 05:00:44 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci) DRV - [2009/10/22 05:00:44 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif) DRV - [2009/10/22 05:00:44 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd) DRV - [2009/10/22 04:59:48 | 000,014,896 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmparport.sys -- (VMparport) DRV - [2009/10/22 03:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon) DRV - [2009/10/22 00:13:32 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge) DRV - [2009/10/22 00:13:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV - [2009/10/12 14:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2009/07/10 13:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motoandroid.sys -- (motandroidusb) DRV - [2009/05/26 14:32:02 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV - [2008/02/01 17:24:04 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2003/11/25 12:04:44 | 000,356,159 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ptserial.sys -- (Ptserial) DRV - [2003/11/25 11:58:04 | 000,801,778 | ---- | M] (PCtel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpctcom.sys -- (Vpctcom) DRV - [2003/10/30 16:08:14 | 000,070,320 | ---- | M] (PCtel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vvoice.sys -- (Vvoice) DRV - [2003/10/30 16:07:40 | 000,703,673 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmodem.sys -- (Vmodem) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3768385454-1112087948-439529202-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3768385454-1112087948-439529202-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://igoogle.com/ IE - HKU\S-1-5-21-3768385454-1112087948-439529202-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-3768385454-1112087948-439529202-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 60 44 CB FF DF CB 01 [binary data] IE - HKU\S-1-5-21-3768385454-1112087948-439529202-1001\..\SearchScopes,DefaultScope = {17EF37F6-24A8-4102-B652-E512382781FD} IE - HKU\S-1-5-21-3768385454-1112087948-439529202-1001\..\SearchScopes\{017EC812-7421-42AE-B9AF-6D1C8F3FF35F}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms} IE - HKU\S-1-5-21-3768385454-1112087948-439529202-1001\..\SearchScopes\{05799638-0D3B-4e23-9A83-52B86197D709}: "URL" = http://www.linkedin.com/search?search=%20&reset=%20&searchOrigin=I&keywords={searchTerms} IE - HKU\S-1-5-21-3768385454-1112087948-439529202-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-3768385454-1112087948-439529202-1001\..\SearchScopes\{17EF37F6-24A8-4102-B652-E512382781FD}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_enUS362'>http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_enUS362 IE - HKU\S-1-5-21-3768385454-1112087948-439529202-1001\..\SearchScopes\{3439C644-8588-4ED6-8900-721F562DDA46}: "URL" = http://www.hulu.com/search?query={searchTerms}&ref=os IE - HKU\S-1-5-21-3768385454-1112087948-439529202-1001\..\SearchScopes\{3A375589-06B7-4EAA-8E5F-36CF4BCE5A51}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8 IE - HKU\S-1-5-21-3768385454-1112087948-439529202-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3768385454-1112087948-439529202-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3768385454-1112087948-439529202-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.* ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://antwrp.gsfc.nasa.gov/apod/|http://www.userfriendly.org/static/|chrome://newsfox/content/newsfox.xul" FF - prefs.js..extensions.enabledAddons: %7Bcd617372-6743-4ee4-bac4-fbf60f35719e%7D:2.0 FF - prefs.js..extensions.enabledAddons: %7BB17C1C5A-04B1-11DB-9804-B622A1EF5492%7D:1.2.1 FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2 FF - prefs.js..extensions.enabledAddons: tinyurl.addon%40fast-chat.co.uk:2.6.1 FF - prefs.js..extensions.enabledAddons: memoryrestart%40teamextension.com:1.12 FF - prefs.js..extensions.enabledAddons: %7Bb422f337-27e5-4d5c-bb07-c189e7e7d7f2%7D:0.4.8 FF - prefs.js..extensions.enabledAddons: %7B899DF1F8-2F43-4394-8315-37F6744E6319%7D:1.0.8.4.2 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515 FF - prefs.js..extensions.enabledAddons: googledictionary%40toptip.ca:6.3.1 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9 FF - prefs.js..extensions.enabledAddons: abine%40abine.com:0.753 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..keyword.URL: "https://duckduckgo.com/?q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Harold\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Harold\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll File not found FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Harold\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Harold\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Harold\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/05/15 08:53:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013/05/16 07:02:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/05/15 08:53:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013/05/16 07:02:06 | 000,000,000 | ---D | M] [2013/03/29 22:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harold\AppData\Roaming\Mozilla\Extensions [2013/06/05 06:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\extensions [2013/04/02 10:07:55 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013/05/16 06:57:54 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013/05/24 19:54:13 | 000,000,000 | ---D | M] (PrivacySuite) -- C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\extensions\abine@abine.com [2013/05/19 20:26:48 | 000,052,486 | ---- | M] () (No name found) -- C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\extensions\googledictionary@toptip.ca.xpi [2013/06/05 06:26:55 | 000,319,949 | ---- | M] () (No name found) -- C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013/04/02 10:07:55 | 000,055,723 | ---- | M] () (No name found) -- C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\extensions\memoryrestart@teamextension.com.xpi [2013/04/26 15:47:01 | 000,120,870 | ---- | M] () (No name found) -- C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\extensions\searchy@searchy.xpi [2013/04/02 10:07:55 | 000,090,868 | ---- | M] () (No name found) -- C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\extensions\tinyurl.addon@fast-chat.co.uk.xpi [2013/04/26 14:42:55 | 000,288,182 | ---- | M] () (No name found) -- C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\extensions\{899DF1F8-2F43-4394-8315-37F6744E6319}.xpi [2013/04/02 10:07:55 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2013/04/04 07:52:18 | 000,014,166 | ---- | M] () (No name found) -- C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\extensions\{b422f337-27e5-4d5c-bb07-c189e7e7d7f2}.xpi [2013/04/02 10:07:54 | 000,008,283 | ---- | M] () (No name found) -- C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}.xpi [2013/05/24 19:53:49 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013/04/13 06:00:32 | 000,010,339 | ---- | M] () -- C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\searchplugins\duckduckgo-1.xml [2013/04/13 06:00:26 | 000,010,339 | ---- | M] () -- C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\searchplugins\duckduckgo.xml [2013/04/13 06:02:04 | 000,000,705 | ---- | M] () -- C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\searchplugins\webster.xml [2013/04/13 06:01:54 | 000,001,032 | ---- | M] () -- C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\searchplugins\wikipedia-eng.xml [2013/05/24 01:39:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/05/24 01:38:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/05/24 01:39:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013/05/24 01:39:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Harold\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Harold\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Hulu Desktop (Enabled) = C:\Users\Harold\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Ancient History Encyclopedia = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahggffalhoajbhlaogbplamaaghnncle\3_0\ CHR - Extension: Google Drive = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: 100,000 Books - Wattpad = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgbiianmgbopnpohjfbkmdjmmdlndjfj\2_0\ CHR - Extension: YouTube = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Wikipedia SSL = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbjclclcokdnbfkhnmiocjcjmdeoeaj\321.0_0\ CHR - Extension: Google Search = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: TinyURL.com URL shortener (by Tiny-URL.info) = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbpggaodbilneopgpjgbimgpaecdchfm\0.3.1_0\ CHR - Extension: Solitaire Card Games = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkelcbhdkpcdiiancfjhjcpdinbbfolp\1.0.0.6_0\ CHR - Extension: Facebook Disconnect = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0\ CHR - Extension: Solitaire Games = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljmkmbmhmgmpmmbkagbobpmpocacdbo\1.0.0.3_0\ CHR - Extension: Android Freeware = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\faijocccbppcdmakdenmbbiflcagbapp\1.0_0\ CHR - Extension: Collusion for Chrome = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp\2.2.0_0\ CHR - Extension: The QR Code Generator = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.4_0\ CHR - Extension: Click&Clean = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0\ CHR - Extension: MagicScroll eBook Reader = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble\3.0_0\ CHR - Extension: Keep My Opt-Outs = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.14_0\ CHR - Extension: Dictionary Instant = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\hngaklbjlbjhmoilkegninbmpfigheol\2.0.0_0\ CHR - Extension: World of Solitaire = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn\1.0.1_0\ CHR - Extension: Zillow = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\iifccoboedmhjapdlpgkigibgnkmdjoh\1.2_0\ CHR - Extension: Disconnect = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.3.0_0\ CHR - Extension: Google Voice (by Google) = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.4.1_0\ CHR - Extension: G Disconnect = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\kglfocodeikakacbeoajjhnplhlaoook\1.6.6_0\ CHR - Extension: Evernote Web = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\ CHR - Extension: Twitter Disconnect = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\mepbfdngnnnpcnnijhibnejcogmidpig\1.1.0_0\ CHR - Extension: Awesome New Tab Page = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg\2013.122.3.1_0\ CHR - Extension: Google Chrome to Phone Extension = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\ CHR - Extension: PC Spy = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\oblkikbdfkdjhcbcaehapnehcomhoiio\1.0_0\ CHR - Extension: Click&Clean App = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_1\ CHR - Extension: Outlook.com = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge\1.0.2_0\ CHR - Extension: Google Reader = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\ CHR - Extension: Gmail = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: Spider Solitaire = C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnblklfehkgbanpodhcncinlgcfifica\1.0.0.6_0\ O1 HOSTS File: ([2013/06/13 01:09:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IEToolbarBHO Class) - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - C:\Program Files\LinkedIn\IE Toolbar\3.2.5.1001\LinkedInIEToolbar.dll (LinkedIn) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - No CLSID value found. O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (LinkedIn Toolbar) - {BB670D0B-5C46-40C7-B38B-40DD26987723} - C:\Program Files\LinkedIn\IE Toolbar\3.2.5.1001\LinkedInIEToolbar.dll (LinkedIn) O3 - HKU\S-1-5-21-3768385454-1112087948-439529202-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-3768385454-1112087948-439529202-1001\..\Toolbar\WebBrowser: (LinkedIn Toolbar) - {BB670D0B-5C46-40C7-B38B-40DD26987723} - C:\Program Files\LinkedIn\IE Toolbar\3.2.5.1001\LinkedInIEToolbar.dll (LinkedIn) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [ArcSoft MediaImpression Monitor] C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe (ArcSoft, Inc.) O4 - HKLM..\Run: [CameraFixer] C:\Windows\CameraFixer.exe () O4 - HKLM..\Run: [CCEnhancer] E:\Archive\Mozilla Downloads\CCEnhancer.exe (SingularLabs) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PCTVOICE] C:\Windows\System32\pctspk.exe () O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [PV92TRAY] C:\Windows\System32\PV92Tray.exe (PCtel Inc.) O4 - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [tsnp2std] C:\Windows\tsnp2std.exe (sonix) O4 - HKU\.DEFAULT..\Run: [MP3 Skype Recorder] C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe (Alexander Nikiforov) O4 - HKU\S-1-5-18..\Run: [MP3 Skype Recorder] C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe (Alexander Nikiforov) O4 - HKU\S-1-5-21-3768385454-1112087948-439529202-1001..\Run: [5CFC264D1C97FB0AC657A58A0D014754D6FBBBED._service_run] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - HKU\S-1-5-21-3768385454-1112087948-439529202-1001..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKU\S-1-5-21-3768385454-1112087948-439529202-1001..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries) O4 - HKU\S-1-5-21-3768385454-1112087948-439529202-1001..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google) O4 - HKU\S-1-5-21-3768385454-1112087948-439529202-1001..\Run: [MP3 Skype Recorder] C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe (Alexander Nikiforov) O4 - Startup: C:\Users\Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FAXRX.lnk = C:\Program Files\Brother\Brmfl06a\FAXRX.exe (Brother Industries Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3768385454-1112087948-439529202-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3768385454-1112087948-439529202-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3768385454-1112087948-439529202-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Linked&In Search - C:\Program Files\LinkedIn\IE Toolbar\3.2.5.1001\LinkedInIEToolbar.dll (LinkedIn) O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html () O8 - Extra context menu item: Save Page As PDF ... - C:\Program Files\Nitro PDF\PDF Download\nitroweb.htm () O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Enable/Disable PDF Download for this site - {96538116-AB8C-4879-9F21-BD2BFE22A414} - Reg Error: Key error. File not found O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html () O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html () O9 - Extra 'Tools' menuitem : PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - Reg Error: Key error. File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O15 - HKU\S-1-5-21-3768385454-1112087948-439529202-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80948583-0E60-4A5A-B94B-82F11A5E0836}: NameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2013/06/12 16:08:06 | 000,000,000 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008/10/01 02:41:43 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/06/13 01:41:04 | 000,000,000 | R--D | C] -- C:\Users\Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD8 [2013/06/13 01:36:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Harold\Desktop\OTL.exe [2013/06/13 01:09:09 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013/06/13 01:06:50 | 000,000,000 | ---D | C] -- C:\Users\Harold\AppData\Local\temp [2013/06/13 00:51:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/06/13 00:51:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/06/13 00:51:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/06/13 00:51:14 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/06/13 00:50:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/06/12 23:52:48 | 000,000,000 | ---D | C] -- C:\FRST [2013/06/12 23:34:01 | 005,079,773 | R--- | C] (Swearware) -- C:\Users\Harold\Desktop\ComboFix.exe [2013/06/12 23:09:03 | 000,000,000 | ---D | C] -- C:\Users\Harold\Desktop\mbar [2013/06/12 23:00:33 | 002,240,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Harold\Desktop\tdsskiller.exe [2013/06/12 22:08:12 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/06/12 22:08:10 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/06/12 22:02:08 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/06/12 22:02:07 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013/06/12 22:02:07 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/06/12 22:02:05 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/06/12 22:02:05 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013/06/12 22:02:05 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013/06/12 22:02:05 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013/06/12 22:02:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013/06/12 04:07:09 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe [2013/06/12 04:07:08 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll [2013/06/12 04:07:01 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/06/12 04:07:00 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/06/06 22:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2013/05/24 01:38:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/05/15 19:22:09 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/05/15 19:22:09 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll [2013/05/15 19:22:03 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2013/05/15 19:21:52 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2013/05/15 19:21:52 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2013/05/15 08:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2012/04/12 17:20:50 | 013,923,704 | ---- | C] (Schneider Electric) -- C:\Users\Harold\PCPE Setup.exe [2012/04/12 17:20:50 | 001,079,808 | ---- | C] (Microsoft Corporation) -- C:\Users\Harold\mfc80u.dll [2012/04/12 17:20:50 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Users\Harold\msvcr80.dll [2012/04/12 17:20:50 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\Harold\grm_res.dll [2012/04/12 17:20:50 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\Harold\fr_res.dll [2012/04/12 17:20:50 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Harold\pt_res.dll [2012/04/12 17:20:50 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Harold\it_res.dll [2012/04/12 17:20:50 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Harold\es_res.dll [2012/04/12 17:20:50 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\Harold\en_res.dll [2012/04/12 17:20:50 | 000,020,856 | ---- | C] (Schneider Electric) -- C:\Users\Harold\ru_res.dll [2012/04/12 17:20:50 | 000,020,344 | ---- | C] (Schneider Electric) -- C:\Users\Harold\jp_res.dll [2012/04/12 17:20:50 | 000,019,832 | ---- | C] (Schneider Electric) -- C:\Users\Harold\zh_res.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/06/13 01:49:30 | 000,006,416 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/06/13 01:49:30 | 000,006,416 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/06/13 01:40:54 | 000,001,536 | ---- | M] () -- C:\Windows\System32\TrueSoft.dat [2013/06/13 01:40:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/06/13 01:39:35 | 2616,647,680 | -HS- | M] () -- C:\hiberfil.sys [2013/06/13 01:36:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Harold\Desktop\OTL.exe [2013/06/13 01:19:21 | 000,890,839 | ---- | M] () -- C:\Users\Harold\Desktop\SecurityCheck.exe [2013/06/13 01:09:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013/06/12 23:34:27 | 005,079,773 | R--- | M] (Swearware) -- C:\Users\Harold\Desktop\ComboFix.exe [2013/06/12 23:08:49 | 013,169,742 | ---- | M] () -- C:\Users\Harold\Desktop\mbar-1.06.0.1003.zip [2013/06/12 23:00:43 | 002,240,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Harold\Desktop\tdsskiller.exe [2013/06/12 22:08:30 | 000,626,846 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/06/12 22:08:30 | 000,107,748 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/06/12 17:13:54 | 000,648,201 | ---- | M] () -- C:\Users\Harold\Desktop\adwcleaner.exe [2013/06/12 03:25:46 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/06/12 03:25:46 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/06/08 19:00:59 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk [2013/06/08 07:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/06/08 07:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/06/06 22:04:49 | 000,002,032 | ---- | M] () -- C:\Users\Harold\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk [2013/06/06 22:04:48 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013/05/16 21:26:04 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013/05/16 21:25:33 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/05/16 21:25:27 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/05/16 21:25:27 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/05/16 21:25:26 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013/05/16 21:25:26 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013/05/16 21:25:26 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013/05/16 06:58:06 | 000,002,056 | ---- | M] () -- C:\Users\Harold\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2013/05/16 03:36:29 | 000,443,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/05/14 04:40:13 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/06/13 01:34:05 | 000,648,201 | ---- | C] () -- C:\Users\Harold\Desktop\adwcleaner.exe [2013/06/13 01:19:18 | 000,890,839 | ---- | C] () -- C:\Users\Harold\Desktop\SecurityCheck.exe [2013/06/13 00:51:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/06/13 00:51:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/06/13 00:51:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/06/13 00:51:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/06/13 00:51:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/06/12 23:07:57 | 013,169,742 | ---- | C] () -- C:\Users\Harold\Desktop\mbar-1.06.0.1003.zip [2013/06/12 22:43:19 | 000,001,536 | ---- | C] () -- C:\Windows\System32\TrueSoft.dat [2013/06/12 20:39:38 | 000,006,416 | ---- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/06/12 20:39:38 | 000,006,416 | ---- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/06/06 22:04:49 | 000,002,032 | ---- | C] () -- C:\Users\Harold\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk [2013/06/06 22:04:48 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013/05/12 13:52:36 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2013/05/12 13:52:36 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2013/03/27 15:29:11 | 000,000,016 | -H-- | C] () -- C:\Users\Harold\AppData\Roaming\SyncToy_d397547c-4c61-4391-89bb-4d502923c970.dat [2012/07/29 14:12:25 | 000,000,241 | ---- | C] () -- C:\Users\Harold\AppData\Roaming\GPU Meter_Settings.ini [2012/04/12 17:20:53 | 013,338,112 | ---- | C] () -- C:\Users\Harold\PCPE_3.0.1.msi [2012/01/08 22:21:57 | 000,000,451 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2011/12/14 16:39:37 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini [2011/12/14 16:39:33 | 008,816,384 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys [2011/12/14 16:39:33 | 000,049,152 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll [2011/12/14 16:39:32 | 000,045,056 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll [2011/12/14 16:39:31 | 000,020,480 | ---- | C] () -- C:\Windows\usnp2std.exe [2011/12/14 16:39:08 | 000,020,480 | ---- | C] () -- C:\Windows\CameraFixer.exe [2011/11/24 23:37:38 | 000,000,218 | ---- | C] () -- C:\Users\Harold\.recently-used.xbel [2011/06/30 22:52:21 | 000,000,343 | ---- | C] () -- C:\Users\Harold\AppData\Roaming\Drives Meter_Settings.ini [2011/06/30 22:50:33 | 000,000,412 | ---- | C] () -- C:\Users\Harold\AppData\Roaming\All CPU Meter_Settings.ini [2011/06/03 17:08:57 | 000,000,297 | ---- | C] () -- C:\Users\Harold\AppData\Roaming\Network Meter_Settings.ini [2010/07/18 19:51:08 | 000,007,599 | ---- | C] () -- C:\Users\Harold\AppData\Local\Resmon.ResmonCfg [2010/04/27 21:23:01 | 000,225,456 | ---- | C] () -- C:\Users\Harold\AppData\Local\rx_image.Cache [2010/04/25 13:48:35 | 000,000,800 | ---- | C] () -- C:\Users\Harold\more [2010/04/03 21:32:34 | 000,017,920 | ---- | C] () -- C:\Users\Harold\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report >
  15. I'm about out of it for the night. OTL is running, and I'll pick this up later in the morning. Thanks for your help.
  16. Running OTL: Scan All Users is set, Extra Registry already had "Use SafeList" selected.
  17. Adwcleaner waited for me to press the "delete" selection. After it deleted whatever it found, it rebooted the PC and presented the following: # AdwCleaner v2.303 - Logfile created 06/13/2013 at 01:37:25 # Updated 08/06/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits) # User : Harold - INTEL-5200-W7 # Boot Mode : Normal # Running from : C:\Users\Harold\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files\1ClickDownload Folder Deleted : C:\Program Files\ConduitEngine Folder Deleted : C:\Program Files\NirSoft Folder Deleted : C:\Program Files\uTorrentBar Folder Deleted : C:\ProgramData\~0 Folder Deleted : C:\ProgramData\APN Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\Harold\AppData\Local\APN Folder Deleted : C:\Users\Harold\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Harold\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\Harold\AppData\LocalLow\NirSoft Folder Deleted : C:\Users\Harold\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Harold\AppData\LocalLow\uTorrentBar Folder Deleted : C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\jetpack ***** [Registry] ***** Key Deleted : HKCU\Software\1ClickDownload Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine Key Deleted : HKCU\Software\AppDataLow\Software\NirSoft Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{915793B2-0A75-4C84-8ED7-479086C6D84E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{915793B2-0A75-4C84-8ED7-479086C6D84E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Key Deleted : HKCU\Software\NirSoft Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0DF6299F-5AF2-497F-969E-C6A708BDC88E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{915793B2-0A75-4C84-8ED7-479086C6D84E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F451D381-71D7-4616-BE65-BFB40CC70B43} Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2267887 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2418376 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\conduitEngine Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\Software\InstallIQ Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{005DF53E-AE20-4184-BA81-7864C5ECBA56} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13D21B6E-A5EB-47CB-83DA-54BD75251D17} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AE0962F8-D86B-4572-A201-10DAC1F6FCCE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{915793B2-0A75-4C84-8ED7-479086C6D84E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0DF6299F-5AF2-497F-969E-C6A708BDC88E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F451D381-71D7-4616-BE65-BFB40CC70B43} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NirSoft Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar Key Deleted : HKLM\Software\NirSoft Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\Software\uTorrentBar Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{915793B2-0A75-4C84-8ED7-479086C6D84E}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{915793B2-0A75-4C84-8ED7-479086C6D84E}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{915793B2-0A75-4C84-8ED7-479086C6D84E}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{915793B2-0A75-4C84-8ED7-479086C6D84E}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16611 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) File : C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\prefs.js Deleted : user_pref("extensions.greasemonkey.scriptvals.hxxp://userscripts.org/users/86416/Social Fixer.159274[...] Deleted : user_pref("wc_prefs.WC_Carriers", "Caribbean|Digicel Caribbean||Caribbean|GT&T Guyana||Caribbean|LIM[...] -\\ Google Chrome v27.0.1453.110 File : C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [7698 octets] - [13/06/2013 01:34:29] AdwCleaner[R2].txt - [7758 octets] - [13/06/2013 01:36:55] AdwCleaner[s1].txt - [7084 octets] - [13/06/2013 01:37:25] ########## EOF - C:\AdwCleaner[s1].txt - [7144 octets] ##########
  18. Results of AdwCleaner: # AdwCleaner v2.303 - Logfile created 06/13/2013 at 01:34:29 # Updated 08/06/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits) # User : Harold - INTEL-5200-W7 # Boot Mode : Normal # Running from : C:\Users\Harold\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files\1ClickDownload Folder Found : C:\Program Files\ConduitEngine Folder Found : C:\Program Files\NirSoft Folder Found : C:\Program Files\uTorrentBar Folder Found : C:\ProgramData\~0 Folder Found : C:\ProgramData\APN Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\Users\Harold\AppData\Local\APN Folder Found : C:\Users\Harold\AppData\LocalLow\Conduit Folder Found : C:\Users\Harold\AppData\LocalLow\ConduitEngine Folder Found : C:\Users\Harold\AppData\LocalLow\NirSoft Folder Found : C:\Users\Harold\AppData\LocalLow\PriceGong Folder Found : C:\Users\Harold\AppData\LocalLow\uTorrentBar Folder Found : C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\jetpack ***** [Registry] ***** Key Found : HKCU\Software\1ClickDownload Key Found : HKCU\Software\APN PIP Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\conduitEngine Key Found : HKCU\Software\AppDataLow\Software\conduitEngine Key Found : HKCU\Software\AppDataLow\Software\NirSoft Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\uTorrentBar Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{915793B2-0A75-4C84-8ED7-479086C6D84E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{915793B2-0A75-4C84-8ED7-479086C6D84E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Key Found : HKCU\Software\NirSoft Key Found : HKCU\Software\YahooPartnerToolbar Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Found : HKLM\SOFTWARE\Classes\CLSID\{0DF6299F-5AF2-497F-969E-C6A708BDC88E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Found : HKLM\SOFTWARE\Classes\CLSID\{915793B2-0A75-4C84-8ED7-479086C6D84E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F451D381-71D7-4616-BE65-BFB40CC70B43} Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2267887 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2418376 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678 Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\conduitEngine Key Found : HKLM\Software\conduitEngine Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh Key Found : HKLM\Software\Iminent Key Found : HKLM\Software\InstallIQ Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{005DF53E-AE20-4184-BA81-7864C5ECBA56} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13D21B6E-A5EB-47CB-83DA-54BD75251D17} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AE0962F8-D86B-4572-A201-10DAC1F6FCCE} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{915793B2-0A75-4C84-8ED7-479086C6D84E} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0DF6299F-5AF2-497F-969E-C6A708BDC88E} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F451D381-71D7-4616-BE65-BFB40CC70B43} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NirSoft Toolbar Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar Key Found : HKLM\Software\NirSoft Key Found : HKLM\Software\PIP Key Found : HKLM\Software\uTorrentBar Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{915793B2-0A75-4C84-8ED7-479086C6D84E}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{915793B2-0A75-4C84-8ED7-479086C6D84E}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{915793B2-0A75-4C84-8ED7-479086C6D84E}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{915793B2-0A75-4C84-8ED7-479086C6D84E}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16611 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) File : C:\Users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\prefs.js Found : user_pref("extensions.greasemonkey.scriptvals.hxxp://userscripts.org/users/86416/Social Fixer.159274[...] Found : user_pref("wc_prefs.WC_Carriers", "Caribbean|Digicel Caribbean||Caribbean|GT&T Guyana||Caribbean|LIM[...] -\\ Google Chrome v27.0.1453.110 File : C:\Users\Harold\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [7569 octets] - [13/06/2013 01:34:29] ########## EOF - C:\AdwCleaner[R1].txt - [7629 octets] ##########
  19. What do you recommend to keep this problem from reoccurring? Did the Malware have a keylogger? Did the Malware capture any personal data (ie...Security or Financial data)?
  20. Step 4 is complete: Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (2.0.0.3003) Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java 7 Update 17 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader XI Mozilla Firefox (21.0) Mozilla Thunderbird (17.0.6) Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.94 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3% ````````````````````End of Log``````````````````````
  21. Step 3 complete: ComboFix 13-06-12.02 - Harold 06/13/2013 0:54.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3327.2005 [GMT -4:00] Running from: c:\users\Harold\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\ism_0_llatsni.pad c:\users\Harold\AppData\Local\Temp\_MEI42282\_ctypes.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\_elementtree.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\_hashlib.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\_multiprocessing.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\_socket.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\_ssl.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\pyexpat.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\pysqlite2._sqlite.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\python27.dll c:\users\Harold\AppData\Local\Temp\_MEI42282\pythoncom27.dll c:\users\Harold\AppData\Local\Temp\_MEI42282\PyWinTypes27.dll c:\users\Harold\AppData\Local\Temp\_MEI42282\select.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\unicodedata.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\win32api.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\win32com.shell.shell.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\win32crypt.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\win32event.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\win32file.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\win32inet.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\win32pdh.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\win32process.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\win32profile.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\win32security.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\win32ts.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\windows._cacheinvalidation.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\wx._controls_.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\wx._core_.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\wx._gdi_.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\wx._html2.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\wx._misc_.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\wx._windows_.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\wx._wizard.pyd c:\users\Harold\AppData\Local\Temp\_MEI42282\wxbase294u_net_vc90.dll c:\users\Harold\AppData\Local\Temp\_MEI42282\wxbase294u_vc90.dll c:\users\Harold\AppData\Local\Temp\_MEI42282\wxmsw294u_adv_vc90.dll c:\users\Harold\AppData\Local\Temp\_MEI42282\wxmsw294u_core_vc90.dll c:\users\Harold\AppData\Local\Temp\_MEI42282\wxmsw294u_html_vc90.dll c:\users\Harold\AppData\Local\Temp\_MEI42282\wxmsw294u_webview_vc90.dll c:\users\Harold\g2mdlhlpx.exe c:\users\Harold\ResourceReader.dll c:\windows\system32\spsys.log F:\install.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_mv2 . . ((((((((((((((((((((((((( Files Created from 2013-05-13 to 2013-06-13 ))))))))))))))))))))))))))))))) . . 2013-06-13 03:52 . 2013-06-13 03:52 -------- d-----w- C:\FRST 2013-06-13 03:34 . 2013-06-13 03:34 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F464F034-45FC-40CC-9FE6-5710F4FBFF88}\MpKsldd8bfe35.sys 2013-06-13 02:27 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F464F034-45FC-40CC-9FE6-5710F4FBFF88}\mpengine.dll 2013-06-13 02:08 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-06-13 02:08 . 2013-06-08 11:41 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2013-06-12 08:07 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll 2013-06-12 08:07 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe 2013-06-12 08:07 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-12 08:07 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-06-12 08:07 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-06-12 08:07 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll 2013-06-12 08:07 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-06-12 08:07 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-06-12 08:06 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-11 22:52 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-05-21 10:47 . 2013-05-21 10:47 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72480C32-B1A2-446E-9BE4-6F46BF89178B}\gapaengine.dll 2013-05-15 23:22 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-05-15 23:22 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll 2013-05-15 23:22 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-05-15 23:22 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-15 23:22 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-15 23:21 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe 2013-05-15 23:21 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll 2013-05-15 23:21 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll 2013-05-15 12:53 . 2013-05-16 10:58 -------- d-----w- c:\program files\Mozilla Thunderbird . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-12 07:25 . 2012-04-12 12:02 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-12 07:25 . 2011-05-20 11:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-05-16 10:55 . 2010-06-24 15:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-02 15:28 . 2010-01-09 14:12 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-04-25 07:30 . 2011-03-25 16:09 706640 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-04-13 04:45 . 2013-05-15 23:22 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-15 23:22 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 13:45 . 2013-04-24 03:46 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-06 13:10 . 2013-04-06 13:10 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-04-06 13:10 . 2012-10-17 21:30 861088 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-04-06 13:10 . 2010-07-16 20:17 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-04-04 18:50 . 2010-02-14 21:05 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\system32\GPhotos.scr 2013-03-19 04:48 . 2013-04-10 20:38 38912 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 02:49 . 2013-04-10 20:38 69632 ----a-w- c:\windows\system32\smss.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{915793b2-0a75-4c84-8ed7-479086c6d84e}"= "c:\program files\NirSoft\tbNir2.dll" [2010-10-18 3908192] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-10-18 3908192] . [HKEY_CLASSES_ROOT\clsid\{915793b2-0a75-4c84-8ed7-479086c6d84e}] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{915793b2-0a75-4c84-8ed7-479086c6d84e}] 2010-10-18 10:26 3908192 ----a-w- c:\program files\NirSoft\tbNir2.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2010-10-18 17:26 3908192 ----a-w- c:\program files\uTorrentBar\tbuTor.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{915793b2-0a75-4c84-8ed7-479086c6d84e}"= "c:\program files\NirSoft\tbNir2.dll" [2010-10-18 3908192] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-10-18 3908192] . [HKEY_CLASSES_ROOT\clsid\{915793b2-0a75-4c84-8ed7-479086c6d84e}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{915793B2-0A75-4C84-8ED7-479086C6D84E}"= "c:\program files\NirSoft\tbNir2.dll" [2010-10-18 3908192] "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-10-18 3908192] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192] . [HKEY_CLASSES_ROOT\clsid\{915793b2-0a75-4c84-8ed7-479086c6d84e}] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-04-16 20:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-04-16 20:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-04-16 20:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-04-16 20:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2013-03-25 3497240] "MP3 Skype Recorder"="c:\program files\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-18 1975296] "GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-04-16 19662744] "5CFC264D1C97FB0AC657A58A0D014754D6FBBBED._service_run"="c:\program files\Google\Chrome\Application\chrome.exe" [2013-05-29 825808] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-12 39408] "GarminExpressTrayApp"="c:\program files\Garmin\Express Tray\ExpressTray.exe" [2013-03-20 1100120] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "PCTVOICE"="pctspk.exe" [2003-10-30 180224] "PV92TRAY"="PV92Tray.exe" [2003-10-30 323584] "ArcSoft MediaImpression Monitor"="c:\program files\Kodak\MediaImpression\ArcMonitor.exe" [2010-11-12 73728] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-22 7514656] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-22 1833504] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 336384] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688] "CameraFixer"="c:\windows\CameraFixer.exe" [2005-10-03 20480] "tsnp2std"="c:\windows\tsnp2std.exe" [2005-09-09 102400] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152] "CCEnhancer"="e:\archive\Mozilla Downloads\CCEnhancer.exe" [2012-05-01 267264] "Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MP3 Skype Recorder"="c:\program files\MP3 Skype Recorder\MP3 Skype Recorder.exe" [2011-11-18 1975296] . c:\users\Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ FAXRX.lnk - c:\program files\Brother\Brmfl06a\FAXRX.exe -Net "MFC-845CW LAN" [2011-5-4 524288] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ APC UPS Status.lnk - c:\program files\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736] HP Button Manager.lnk - c:\program files\HP\Button Manager\BM.exe [2010-4-24 323584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips SA304X Device Manager.lnk] backup=c:\windows\pss\Philips SA304X Device Manager.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Harold^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk] path=c:\users\Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk backup=c:\windows\pss\EvernoteClipper.lnk.Startup backupExtension=.Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-10-12 02:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] 2007-11-15 03:10 91432 ----a-w- c:\program files\CyberLink\Shared files\brs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-04-25 18:06 136176 ----atw- c:\users\Harold\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMeter] 2012-07-29 18:25 129024 ----a-w- e:\archive\Mozilla Downloads\PCMeter\PCMeter\PCMeter.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-10-25 08:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8] 2008-02-18 22:33 77824 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2010-01-12 01:04 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2010-11-27 11:13 395128 ----a-w- c:\program files\uTorrent\uTorrent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray] 2009-10-22 08:59 129584 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe . R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-04-22 157160] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384] R3 BrlAPI;BrlAPI;c:\util\Cygwin\bin\cygrunsrv.exe [2008-03-18 68096] R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x] R3 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672] R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544] R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 25856] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x] R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x] R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x] R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-04-19 993848] R3 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-04-19 399416] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-03 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2010-09-30 20088] S1 MpKsldd8bfe35;MpKsldd8bfe35;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F464F034-45FC-40CC-9FE6-5710F4FBFF88}\MpKsldd8bfe35.sys [2013-06-13 29904] S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [2010-04-22 59240] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 41456] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128] S2 APC Data Service;APC Data Service;c:\program files\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880] S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-03-20 186200] S2 M4-Service;M4-Service;c:\users\Harold\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe [2013-02-25 1008032] S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-03-25 121144] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088] S2 PST Service;PST Service;c:\program files\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657] S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-04-22 824552] S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-06-07 4150112] S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960] S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2009-10-22 70704] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 17408] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856] . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-05 21:53 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3768385454-1112087948-439529202-1001Core.job - c:\users\Harold\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-25 18:06] . 2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3768385454-1112087948-439529202-1001UA.job - c:\users\Harold\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-25 18:06] . . ------- Supplementary Scan ------- . uStart Page = hxxp://igoogle.com/ uInternet Settings,ProxyOverride = 192.168.*.* IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Clip selection - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 IE: Clip this page - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 IE: Clip URL - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Linked&In Search - c:\program files\LinkedIn\IE Toolbar\3.2.5.1001\LinkedInIEToolbar.dll/ContextMenu.htm IE: New Note - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html IE: Save Page As PDF ... - file://c:\program files\Nitro PDF\PDF Download\nitroweb.htm IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105 LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll Trusted Zone: intuit.com\ttlc TCP: Interfaces\{80948583-0E60-4A5A-B94B-82F11A5E0836}: NameServer = 192.168.1.1 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB FF - ProfilePath - c:\users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://antwrp.gsfc.nasa.gov/apod/|http://www.userfriendly.org/static/|chrome://newsfox/content/newsfox.xul FF - prefs.js: keyword.URL - hxxps://duckduckgo.com/?q= FF - ExtSQL: 2013-04-13 06:00; jid1-ZAdIEUB7XOzOJw@jetpack; c:\users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi FF - ExtSQL: 2013-04-13 06:00; searchy@searchy; c:\users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\extensions\searchy@searchy.xpi FF - ExtSQL: 2013-04-13 21:39; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Harold\AppData\Roaming\Mozilla\Firefox\Profiles\z55pcu7l.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file) WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file) MSConfigStartUp-Garmin Lifetime Updater - c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe AddRemove-Microsoft .NET Framework 4 Client Profile - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2604121 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2633870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656368 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656368v2 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656405 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2686827 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2729449 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2737019 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2742595 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2789642 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2804576 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(3440) c:\program files\Trusteer\Rapport\bin\rooksbas.dll c:\windows\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\system32\atieclxx.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\APC\PowerChute Personal Edition\mainserv.exe c:\windows\system32\msiexec.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\users\Harold\AppData\Local\Mikogo4\Viewer\Service\M4-Capture.exe c:\windows\system32\vmnat.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\taskhost.exe c:\windows\system32\fxssvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\VMware\VMware Workstation\vmware-authd.exe c:\windows\system32\vmnetdhcp.exe c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe c:\program files\Google\Update\GoogleUpdate.exe c:\program files\Google\Update\1.3.21.145\GoogleCrashHandler.exe c:\program files\TeamViewer\Version8\TeamViewer.exe c:\program files\TeamViewer\Version8\tv_w32.exe c:\windows\system32\conhost.exe c:\program files\Trusteer\Rapport\bin\RapportService.exe c:\windows\system32\sppsvc.exe c:\windows\system32\DllHost.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2013-06-13 01:16:35 - machine was rebooted ComboFix-quarantined-files.txt 2013-06-13 05:16 . Pre-Run: 153,774,432,256 bytes free Post-Run: 153,507,368,960 bytes free . - - End Of File - - F79B7373FE2A2C6B47EAB585A325494E A36C5E4F47E84449FF07ED3517B43A31
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.