Jump to content

gurpsgm

Honorary Members
  • Posts

    35
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi! If I install Malware Bytes at all, it removes Total AV from my system without my permission. If I attempt to reinstall Total AV, it removes Malware Bytes. I can remember these two programs working together without any hitches. What happened? Bruce
  2. OK - it's been three days now, and I haven't seen a hair of "Spigot". I'm still not quite 100% convinced this monster has been vanquished, but so far, the dragon appears dead. Bruce
  3. As far as "Spigot" is concerned, it probably will do its usual trick of hiding until after shutdown and restart in AM. This is one of the major reasons I think it's stuck in Registry.
  4. BTW, even "Advanced System Care" (a IO bit product) has been removed. I also got rid of the other IObit programs, including: "Driver Booster", "IO Bit Uninstall", and at least one other IObit program. For some reason or other, something deleted my "Regzooka" program, and maybe a couple others. I also did some cleanup on other programs and files I did not want anymore.... Bruce
  5. 2nd log info: # AdwCleaner v3.014 - Report created 09/12/2013 at 18:04:04 # Updated 01/12/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : gurpsgm - GURPSGM-PC # Running from : C:\Users\gurpsgm\Documents\Bruce\Computer\Problems\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\gurpsgm\AppData\Local\NativeMessaging Folder Deleted : C:\Users\gurpsgm\AppData\Local\WhiteListing Folder Deleted : C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\svdcl1jg.default-1357467556136\Extensions\1gffxtbr@InboxAce_1g.com Folder Deleted : C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\svdcl1jg.default-1357467556136\Extensions\speeddial@instair.net File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task File Deleted : C:\Windows\System32\Tasks\SpyHunter4Startup ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS Key Deleted : HKCU\Software\AppDataLow\Toolbar ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16686 -\\ Mozilla Firefox v25.0.1 (en-US) [ File : C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\8ckfqq5x.default-1384954388521\prefs.js ] [ File : C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\svdcl1jg.default-1357467556136\prefs.js ] ************************* AdwCleaner[R4].txt - [1718 octets] - [09/12/2013 18:03:08] AdwCleaner[s4].txt - [1663 octets] - [09/12/2013 18:04:04] ########## EOF - C:\AdwCleaner\AdwCleaner[s4].txt - [1723 octets] ##########
  6. Here's one log: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.09.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 gurpsgm :: GURPSGM-PC [administrator] 12/9/2013 13:56:48 mbam-log-2013-12-09 (13-56-48).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 637665 Time elapsed: 3 hour(s), 12 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SOFTWARE\Connect_DLC_2 (PUP.Optional.Conduit) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Program Files (x86)\Connect_DLC_2 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. Files Detected: 11 C:\Users\gurpsgm\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Downloads\00AE80DA52739B8A711FA497A7CB08E5B900000000007EABB0.exe (Adware.KorAd) -> Quarantined and deleted successfully. C:\Users\gurpsgm\AppData\Roaming\Auslogics\Rescue\Boost Speed\131110062556138.rsc (PUP.Optional.Installcore) -> Quarantined and deleted successfully. C:\Windows\Installer\c8a387.msi (PUP.Optional.SmartBar.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Connect_DLC_2\GottenAppsContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Connect_DLC_2\hk64tbConn.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Connect_DLC_2\hktbConn.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Connect_DLC_2\OtherAppsContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Connect_DLC_2\prxtbConn.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Connect_DLC_2\SharedAppsContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Connect_DLC_2\toolbar.cfg (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Connect_DLC_2\ToolbarContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. (end)
  7. I know you're probably not going to belive this, but, here's the total log I got from Zoek this time: ==== After Reboot ====================== ==== EOF on Mon 12/09/2013 at 8:32:38.78 ======================
  8. Hi! Just a bit of clarification: I de-installed: Raptr Trillian BingBar but which part(s) of IO Bit do I have to uninstall? I have several, including one or more I bought.... Bruce
  9. OK - here's that log file.... SystemLook 30.07.11 by jpshortstuff Log created at 06:14 on 06/12/2013 by gurpsgm Administrator - Elevation successful ========== filefind ========== Searching for "*yahoo*" C:\Program Files (x86)\IObit\Advanced SystemCare 7\Database\yahoo.xml --a---- 1096 bytes [14:46 12/11/2013] [14:46 12/11/2013] FDE8CE648EB1FCE524978664612B939A C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\apps\mail\7.3.107\images\yahoo_lg.png --a---- 1764 bytes [06:46 08/06/2013] [06:46 08/06/2013] 077CF70C44D2345DC5038F68569CABB5 C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\apps\mail\7.3.107\images\yahoo_sm.png --a---- 747 bytes [06:46 08/06/2013] [06:46 08/06/2013] 5450CF875F324850F71F242988DFD72C C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\apps\mail\7.3.107\images\notifications\mail_yahoo.png --a---- 1405 bytes [06:46 08/06/2013] [06:46 08/06/2013] F50FC4383EB60CAEF550B13C782BBEA0 C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\apps\mail\7.3.107\providers\yahoomail.json --a---- 1308 bytes [06:46 08/06/2013] [06:46 08/06/2013] D34974CBAAD4762B7B8B862953C309E7 C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml --a---- 2675 bytes [04:19 19/11/2013] [23:49 25/10/2013] 8E78527BE123043418168C6657876161 C:\Program Files (x86)\Mozilla Thunderbird\searchplugins\yahoo.xml --a---- 1251 bytes [12:39 07/04/2013] [16:39 18/11/2013] C0242349E9FFC680BF96BDE93766C585 C:\Program Files (x86)\Raptr\plugins\libyahoo.dll --a---- 506276 bytes [18:56 03/05/2013] [18:56 03/05/2013] E5CEBDFA03ED4BBF3ED850B6A1C695AF C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll --a---- 497782 bytes [18:57 03/05/2013] [18:57 03/05/2013] 945124198453A3BE23FA83DAE8A2EBEB C:\Program Files (x86)\Raptr\resources\images\yahoo_color.png --a---- 1115 bytes [07:54 27/10/2012] [07:54 27/10/2012] 93B80C5A779195C2B0B3191D519FAEBE C:\Program Files (x86)\Raptr\resources\images\yahoo_gray.png --a---- 935 bytes [07:54 27/10/2012] [07:54 27/10/2012] FBDAF7566C127BBF4D9388E475741928 C:\Program Files (x86)\Raptr\resources\images\yahoo_hover.png --a---- 1341 bytes [07:54 27/10/2012] [07:54 27/10/2012] EF9B61CAF3CE5A233D721F5624788343 C:\Program Files (x86)\Raptr\resources\images\im_icons\service_yahoo.png --a---- 1387 bytes [07:54 27/10/2012] [07:54 27/10/2012] 9F1F1F17676DB4D39349D52F8555688B C:\Program Files (x86)\Raptr\resources\images\im_icons\service_yahoo_on.png --a---- 1460 bytes [07:54 27/10/2012] [07:54 27/10/2012] E4EF853382D048B41C8C6ADC288EAC73 C:\Program Files (x86)\SeaMonkey\searchplugins\yahoo.xml --a---- 1251 bytes [03:40 31/10/2013] [01:45 14/11/2013] C0242349E9FFC680BF96BDE93766C585 C:\Program Files (x86)\Trillian\languages\en\yahoo.xml --a---- 4354 bytes [04:00 21/10/2013] [04:00 21/10/2013] 2C23E97EEFCC91E5C0BB5CC1D3C4C2C5 C:\Program Files (x86)\Trillian\plugins\yahoo.dll --a---- 611200 bytes [04:00 21/10/2013] [04:00 21/10/2013] F58AC8FC3432F9221E6556C7BA441309 C:\Program Files (x86)\Trillian\stixe\icons\Default-Services\YAHOO\Yahoo.ico --a---- 22486 bytes [04:00 19/08/2011] [04:00 19/08/2011] F73B486C3721532AEA82CE0413E7B16C C:\Program Files (x86)\Trillian\stixe\icons\Default-Services-5\YAHOO\Yahoo.ico --a---- 5430 bytes [04:00 21/10/2013] [04:00 21/10/2013] 1FACC20BDD39314CC5E1B3657C6B0FF5 C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_0\IdentitySafe\FAVICON_YAHOO.PNG --a--c- 3463 bytes [01:53 06/12/2013] [01:53 06/12/2013] 5F5FF7F525F0358F149B98276107C702 C:\Users\gurpsgm\AppData\Local\Microsoft\BingBar\Apps\Mail_15642ee020d2449d86382022aa6f2548\7.2.103\images\yahoo_lg.png --a---- 1764 bytes [23:32 30/11/2013] [23:32 30/11/2013] 077CF70C44D2345DC5038F68569CABB5 C:\Users\gurpsgm\AppData\Local\Microsoft\BingBar\Apps\Mail_15642ee020d2449d86382022aa6f2548\7.2.103\images\yahoo_sm.png --a---- 747 bytes [23:32 30/11/2013] [23:32 30/11/2013] 5450CF875F324850F71F242988DFD72C C:\Users\gurpsgm\AppData\Local\Microsoft\BingBar\Apps\Mail_15642ee020d2449d86382022aa6f2548\7.2.103\images\notifications\mail_yahoo.png --a---- 1405 bytes [23:32 30/11/2013] [23:32 30/11/2013] F50FC4383EB60CAEF550B13C782BBEA0 C:\Users\gurpsgm\AppData\Local\Microsoft\BingBar\Apps\Mail_15642ee020d2449d86382022aa6f2548\7.3.107\images\yahoo_lg.png --a---- 1764 bytes [16:22 26/09/2013] [23:32 30/11/2013] 077CF70C44D2345DC5038F68569CABB5 C:\Users\gurpsgm\AppData\Local\Microsoft\BingBar\Apps\Mail_15642ee020d2449d86382022aa6f2548\7.3.107\images\yahoo_sm.png --a---- 747 bytes [16:22 26/09/2013] [23:32 30/11/2013] 5450CF875F324850F71F242988DFD72C C:\Users\gurpsgm\AppData\Local\Microsoft\BingBar\Apps\Mail_15642ee020d2449d86382022aa6f2548\7.3.107\images\notifications\mail_yahoo.png --a---- 1405 bytes [16:22 26/09/2013] [23:32 30/11/2013] F50FC4383EB60CAEF550B13C782BBEA0 C:\Users\gurpsgm\AppData\Local\Microsoft\BingBar\Apps\Mail_15642ee020d2449d86382022aa6f2548\7.3.107\providers\yahoomail.json --a---- 1308 bytes [16:22 26/09/2013] [06:46 08/06/2013] D34974CBAAD4762B7B8B862953C309E7 C:\Users\gurpsgm\AppData\Local\Microsoft\Internet Explorer\DOMStore\4G4C0LZ9\search.yahoo[1].xml --a---- 13 bytes [15:06 01/12/2013] [15:06 01/12/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5 C:\Users\gurpsgm\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\7PDJZN75\ads.yahoo[1].xml --a---- 13 bytes [13:14 01/12/2013] [13:14 01/12/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5 C:\Users\gurpsgm\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\7PDJZN75\news.yahoo[1].xml --a---- 13 bytes [13:15 04/12/2013] [13:15 04/12/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5 C:\Users\gurpsgm\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CMEZ4IEG\search.yahoo[1].xml --a---- 13 bytes [12:51 23/11/2013] [12:51 23/11/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5 C:\Users\gurpsgm\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CMEZ4IEG\us-mg6.mail.yahoo[1].xml --a---- 13 bytes [13:13 01/12/2013] [13:13 01/12/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5 C:\Users\gurpsgm\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\PT417DNF\www.yahoo[1].xml --a---- 1923 bytes [13:13 01/12/2013] [10:51 06/12/2013] 721AA2498C2BBDB2C9168965432647AD C:\Users\gurpsgm\AppData\Roaming\ICQM\ICQ\smiles\smiles\koloboks\yahoo.gif --a---- 11103 bytes [16:59 20/03/2013] [23:30 30/11/2013] 94A2443A27934BBD57D29B93B18FD580 C:\Users\gurpsgm\AppData\Roaming\ICQM\ICQ\smiles\smiles\set03\yahoo.gif --a---- 6469 bytes [16:59 20/03/2013] [23:30 30/11/2013] 56385C4F9B151C030A0D28FE712E04B1 C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Recent\Yahoo!.lnk --a---- 11712 bytes [17:23 04/12/2013] [17:23 04/12/2013] AE68EE6405D4712F120224D610D9EE08 C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Recent\yahoo.lnk --a---- 13117 bytes [17:23 04/12/2013] [17:23 04/12/2013] F552B93368556D6B15C4BFB2E176BE68 C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\svdcl1jg.default-1357467556136\extensions\speeddial@instair.net\images\ico_yahoo.png --a---- 1861 bytes [23:30 30/11/2013] [23:30 30/11/2013] DEE7AA3B6BBC62EDA9424459B77C110F C:\Users\gurpsgm\AppData\Roaming\Trillian\plugins\image_cache\plugin-yahoo.dll.png --a---- 2686 bytes [14:55 22/03/2011] [23:30 30/11/2013] 24B85DC224BBF14249F43614D01A2DFE C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\favicons\yahoo.com.ico --a---- 318 bytes [19:13 05/12/2011] [19:13 05/12/2011] 7B10E6D43DE9352EAEFA58D9490BEAEE C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\logs\MSN\Query\jcvampire2001@yahoo.com.xml --a---- 4942 bytes [17:12 24/07/2011] [00:18 25/10/2011] 23A1A66304C390AF85B4C62E889B2621 C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\logs\_CLOUD\2012\38\yahoo-tullybyr514.xml --a---- 101 bytes [21:30 26/09/2012] [21:30 26/09/2012] F80A175EA1779C5CEA1F1EDC751BA97B C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\logs\_CLOUD\2012\39\yahoo-kippyedd580.xml --a---- 101 bytes [17:21 06/10/2012] [17:21 06/10/2012] 7F1BA67C9B43951D926151AE80C62E13 C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\logs\_CLOUD\2012\39\yahoo-shadwellujtx757449.xml --a---- 101 bytes [13:05 03/10/2012] [13:05 03/10/2012] 7F1BA67C9B43951D926151AE80C62E13 C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\logs\_CLOUD\2012\40\yahoo-stephaniemandell8917.xml --a---- 101 bytes [18:03 08/10/2012] [18:03 08/10/2012] 4450E7E8B49CFF935CE1A99E126AC618 C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\logs\_CLOUD\2012\41\yahoo-katiedorwartk288.xml --a---- 101 bytes [21:43 15/10/2012] [21:43 15/10/2012] 603F5381203E133718EFF1AEEFB39353 C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\logs\_CLOUD\2012\42\yahoo-daodoyrobison.xml --a---- 101 bytes [23:50 21/10/2012] [23:50 21/10/2012] 03238535878F19969A96425E2B0F1E88 C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\logs\_CLOUD\2012\47\yahoo-limesveronica.xml --a---- 101 bytes [17:39 27/11/2012] [17:39 27/11/2012] D304357419C070C2C4D5EEE93D3F20CA C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\userassets\hohlagh%3Atrillian%3Ayahoo%3Aavatar%3Anightandstars00 --a---- 4578 bytes [13:39 29/09/2012] [13:39 29/09/2012] AD111E82AE994AF50009505C1D03ED94 C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\userassets\hohlagh%3Atrillian%3Ayahoo%3Aavatar%3Atessa%5Fdog%5Fgirl --a---- 17267 bytes [01:38 16/09/2012] [21:30 03/12/2012] CE7FE3D1069886D5455C458DDB441341 C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\userassets\hohlagh%3Atrillian%3Ayahoo%3Ahohlagh --a---- 179 bytes [14:57 22/03/2011] [01:33 16/09/2012] 57FAB18AF3EACEFD341A3A4FC70E8180 C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\userassets\hohlagh%3Atrillian%3Ayahoo%3Ahohlagh%3Alocal --a---- 171 bytes [14:57 22/03/2011] [21:29 03/12/2012] DCD6478A157D5B95896A63BF7F998DE5 C:\Users\gurpsgm\Documents\Bruce\Old Firefox Data\svdcl1jg.default-1357467556136\searchplugins\yahoo.xml --a---- 915 bytes [13:33 20/11/2013] [16:22 16/11/2013] 468B49A9C985289D405F3ACDC13DCCFF C:\Users\gurpsgm\Documents\Sandra\mailsg04\Sandra04\28yahoo.eml --a---- 1861 bytes [20:00 30/10/2010] [20:54 30/10/2010] A66BD888F541C53924B15FB22138B65D C:\Users\gurpsgm\Documents\Sandra\mailsg06\39yahoo.txt --a---- 1829 bytes [20:00 30/10/2010] [22:39 30/11/2013] EDB468AB00729E5E64B65505BF54C11E C:\Users\gurpsgm\Documents\Sandra\mailsg06\68yahoo.txt --a---- 1556 bytes [20:00 30/10/2010] [22:39 30/11/2013] B91908EB043602575A4767500E0B256F C:\Users\gurpsgm\Documents\Sandra\mailsg06\writers\344yahoowebcon.txt --a---- 3681 bytes [20:01 30/10/2010] [22:38 30/11/2013] 3994BE766C56CBEA1BE8819646C0FF2B C:\Users\gurpsgm\Documents\Sandra\web\yahootos.txt --a---- 1901 bytes [20:02 30/10/2010] [22:36 30/11/2013] 9853B26EE29C59927FCDCC2C59BD6DD9 C:\Users\gurpsgm\Favorites\Bruce's Temp\skyrim Can I have more than 1 character - Yahoo! Answers.url --a---- 1135 bytes [22:34 30/11/2013] [22:34 30/11/2013] 3BCAB14CD237304C39F628EE3FD5DB76 C:\Users\gurpsgm\Favorites\Bruce's Temp\Yahoo Groups.url --a---- 240 bytes [09:54 17/03/2013] [22:34 30/11/2013] EFDCE3B235806C57BD4B01E41DBBE4E6 C:\Users\gurpsgm\Favorites\Links\My Yahoo.url --a---- 1104 bytes [10:16 20/03/2013] [22:32 30/11/2013] CB0320AC6AFE7A3B3F1A913BCA60DAC7 C:\Users\gurpsgm\Favorites\Links\Yahoo.URL --a---- 171 bytes [21:58 01/04/2013] [13:13 01/12/2013] FAC8C2B28C505D79ACDAF1ECD0C2E948 C:\Users\gurpsgm\Favorites\Sandra\Pulmonary Embolism Information, Symptoms and Treatments on Yahoo! Health.URL --a---- 144 bytes [19:44 02/03/2013] [22:31 30/11/2013] 0CFEC628CA753CBE0986F3FF3BA19BF5 C:\Users\gurpsgm\Favorites\Sandra\What Your TV Salesman Won’t Tell You Work + Money - Yahoo! Shine.URL --a---- 165 bytes [19:44 02/03/2013] [22:31 30/11/2013] 3BD25113F6A2C3DAFED0ABBCB7D08642 C:\Users\gurpsgm\Favorites\Sandra\Favorites\Verizon Yahoo! Internet email.URL --a---- 258 bytes [19:44 02/03/2013] [22:32 30/11/2013] 74445EA9DBCD83976CC235552164CE50 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Hobbies\Writing\Temp\Yahoo! Groups EPICJourney.URL --a---- 130 bytes [11:01 30/11/2012] [22:32 30/11/2013] 2CB05CD8AAC971427783299A71AD8370 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Interests\Fandom\Dark Shadows\Yahoo! Groups dwiodarkshad.URL --a---- 131 bytes [11:01 30/11/2012] [22:32 30/11/2013] 4348CF015A8A5A98325ED008AD02746E C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Interests\Forever Knight\Fiction\Yahoo! Groups fkfanfic.URL --a---- 127 bytes [11:01 30/11/2012] [22:32 30/11/2013] A950B103976EE3237771619B52965D7C C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Interests\Forever Knight\Fiction\Yahoo! Groups FKficDiscussionList.URL --a---- 138 bytes [11:01 30/11/2012] [22:32 30/11/2013] E0EE015C7BBDEC29A468ADB26EFF3296 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Interests\Forever Knight\Fiction\Awards\Yahoo! Groups ravenawards.URL --a---- 130 bytes [11:01 30/11/2012] [22:32 30/11/2013] C9909EC456F2E4A0919BEE98C2B21212 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Interests\Forever Knight\General\Yahoo! Clubs foreverknightrpg.URL --a---- 134 bytes [11:01 30/11/2012] [22:32 30/11/2013] 023947DA729A4B771E03C8DD8535A2A6 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Interests\Forever Knight\War\Yahoo! Groups fkwar11leaders.URL --a---- 133 bytes [11:01 30/11/2012] [22:32 30/11/2013] 56D66CD7258395E5EA06334F0C283802 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Interests\Forever Knight\War\Yahoo! Groups fkwararchive.URL --a---- 131 bytes [11:01 30/11/2012] [22:32 30/11/2013] EAE8CE6013A51AC5CAADE6FE41A490A0 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Interests\Forever Knight\War\Yahoo! Groups fkwarsum.URL --a---- 128 bytes [11:01 30/11/2012] [22:32 30/11/2013] 3A4E79A16F5626527B385F2BAEDF7CB9 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Internet\Mail lists\Yahoo! Groups.URL --a---- 113 bytes [11:01 30/11/2012] [22:31 30/11/2013] D54B8AED1F85D9864D376FC263C3D290 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Internet\Web Rings\Yahoo! Web Rings.URL --a---- 206 bytes [11:01 30/11/2012] [22:31 30/11/2013] 44B0A98AD1D56293BE44A8AC9D8364F8 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Money\Auctions\Yahoo! Auctions Auctions 031603.URL --a---- 115 bytes [11:01 30/11/2012] [22:31 30/11/2013] B362CE078B544E20F04A76FCA46516D9 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Reference\People\Myth\Faiths and Practices - Yahoo.URL --a---- 177 bytes [11:01 30/11/2012] [22:31 30/11/2013] 8FA3BAA88079C44114B580940323CED4 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Reference\Training\Yahoo! Autos - Repair Guide.URL --a---- 130 bytes [11:01 30/11/2012] [22:31 30/11/2013] 2E34F1E43013D1A3D520F0F3D86A0805 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Shopping\Auctions\Yahoo! Auctions Auctions 031603.URL --a---- 115 bytes [11:01 30/11/2012] [22:31 30/11/2013] B362CE078B544E20F04A76FCA46516D9 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Shopping\Temp\Yahoo! Stores.URL --a---- 113 bytes [11:01 30/11/2012] [22:31 30/11/2013] 72446DBB36EF9C0D929503E54D55D690 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Temp\Yahoo! Banner Exchanges.URL --a---- 196 bytes [11:01 30/11/2012] [22:31 30/11/2013] 6F37179A0D894532365C3C9A498B13D4 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Web\Design Resources\Spike's Place - Free Online Lessons with Yahoo-Geocities.URL --a---- 127 bytes [11:01 30/11/2012] [22:31 30/11/2013] 4F63660121E109CB773EE8631F4C945C C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Web\Hosting - Free\Yahoo! Photos.URL --a---- 113 bytes [11:01 30/11/2012] [22:31 30/11/2013] 2CDA9019FB24ADE7AB5E26C6BCD8C2FB C:\Users\gurpsgm\Favorites\Sandra's Temp\Opening Verizon Yahoo! Mail Classic Your Way Opening Verizon Yahoo! Mail in an Email Application.URL --a---- 150 bytes [19:44 02/03/2013] [22:32 30/11/2013] 70345501C40FE052DF980ECCACA0B26B C:\Users\gurpsgm\Favorites\TempSandra\Amanda\E-Mails\Yahoo!.URL --a---- 110 bytes [11:01 30/11/2012] [22:31 30/11/2013] 5D1DBB16F41523F91B5F6326AD426D0D Searching for "yahoo.*" C:\Program Files (x86)\IObit\Advanced SystemCare 7\Database\yahoo.xml --a---- 1096 bytes [14:46 12/11/2013] [14:46 12/11/2013] FDE8CE648EB1FCE524978664612B939A C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml --a---- 2675 bytes [04:19 19/11/2013] [23:49 25/10/2013] 8E78527BE123043418168C6657876161 C:\Program Files (x86)\Mozilla Thunderbird\searchplugins\yahoo.xml --a---- 1251 bytes [12:39 07/04/2013] [16:39 18/11/2013] C0242349E9FFC680BF96BDE93766C585 C:\Program Files (x86)\SeaMonkey\searchplugins\yahoo.xml --a---- 1251 bytes [03:40 31/10/2013] [01:45 14/11/2013] C0242349E9FFC680BF96BDE93766C585 C:\Program Files (x86)\Trillian\languages\en\yahoo.xml --a---- 4354 bytes [04:00 21/10/2013] [04:00 21/10/2013] 2C23E97EEFCC91E5C0BB5CC1D3C4C2C5 C:\Program Files (x86)\Trillian\plugins\yahoo.dll --a---- 611200 bytes [04:00 21/10/2013] [04:00 21/10/2013] F58AC8FC3432F9221E6556C7BA441309 C:\Program Files (x86)\Trillian\stixe\icons\Default-Services\YAHOO\Yahoo.ico --a---- 22486 bytes [04:00 19/08/2011] [04:00 19/08/2011] F73B486C3721532AEA82CE0413E7B16C C:\Program Files (x86)\Trillian\stixe\icons\Default-Services-5\YAHOO\Yahoo.ico --a---- 5430 bytes [04:00 21/10/2013] [04:00 21/10/2013] 1FACC20BDD39314CC5E1B3657C6B0FF5 C:\Users\gurpsgm\AppData\Roaming\ICQM\ICQ\smiles\smiles\koloboks\yahoo.gif --a---- 11103 bytes [16:59 20/03/2013] [23:30 30/11/2013] 94A2443A27934BBD57D29B93B18FD580 C:\Users\gurpsgm\AppData\Roaming\ICQM\ICQ\smiles\smiles\set03\yahoo.gif --a---- 6469 bytes [16:59 20/03/2013] [23:30 30/11/2013] 56385C4F9B151C030A0D28FE712E04B1 C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Recent\yahoo.lnk --a---- 13117 bytes [17:23 04/12/2013] [17:23 04/12/2013] F552B93368556D6B15C4BFB2E176BE68 C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\favicons\yahoo.com.ico --a---- 318 bytes [19:13 05/12/2011] [19:13 05/12/2011] 7B10E6D43DE9352EAEFA58D9490BEAEE C:\Users\gurpsgm\Documents\Bruce\Old Firefox Data\svdcl1jg.default-1357467556136\searchplugins\yahoo.xml --a---- 915 bytes [13:33 20/11/2013] [16:22 16/11/2013] 468B49A9C985289D405F3ACDC13DCCFF C:\Users\gurpsgm\Favorites\Links\Yahoo.URL --a---- 171 bytes [21:58 01/04/2013] [13:13 01/12/2013] FAC8C2B28C505D79ACDAF1ECD0C2E948 ========== folderfind ========== Searching for "*yahoo*" C:\Program Files (x86)\Trillian\stixe\icons\Default-Services\YAHOO d------ [14:52 22/03/2011] C:\Program Files (x86)\Trillian\stixe\icons\Default-Services-5\YAHOO d------ [18:59 30/08/2012] C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\logs\YAHOO d------ [15:01 22/03/2011] C:\Users\gurpsgm\Music\My Yahoo! Music d------ [19:48 30/10/2010] Searching for "yahoo" C:\Program Files (x86)\Trillian\stixe\icons\Default-Services\YAHOO d------ [14:52 22/03/2011] C:\Program Files (x86)\Trillian\stixe\icons\Default-Services-5\YAHOO d------ [18:59 30/08/2012] C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\logs\YAHOO d------ [15:01 22/03/2011] ========== regfind ========== Searching for "*yahoo*" No data found. Searching for "yahoo" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\18] "keyword"="search.yahoo.com" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\18] "url"="http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\3] "favicon_url"="http://search.yahoo.com/favicon.ico" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\3] "keyword"="yahoo.com" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\3] "short_name"="Yahoo!" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\3] "suggest_url"="http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\3] "url"="http://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\yahoo.com] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.yahoo.com/?type=293224&fr=spigot-yhp-ie" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}] "DisplayName"="Yahoo! Search" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}] "URL"="http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}] "FaviconURL"="http://www.yahoo.com/favicon.ico" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\downloadznow.net\wwwyahoo] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\downloadznow.net\yahoo] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\panet.org\yahoo] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\yahoo-analytics.net] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\wwwyahoo] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\yahoo] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\panet.org\yahoo] [HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail\PerPassportSettings\1341029439\HTTP\Http Unallowable Domain\00000001] "Exception"="yahoo.com" [HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail\PerPassportSettings\1341029439\HTTP\Http Unallowable Domain\00000005] "Exception"="yahoogroups.com" [HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail\PerPassportSettings\1341029439\HTTP\Http Unblockable Domain\00000002] "Exception"="yahoo.com" [HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail\PerPassportSettings\1341029439\HTTP\Http Unblockable Domain\00000006] "Exception"="yahoogroups.com" [HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail\PerPassportSettings\3462661360\HTTP\Http Unallowable Domain\00000001] "Exception"="yahoo.com" [HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail\PerPassportSettings\3462661360\HTTP\Http Unallowable Domain\00000005] "Exception"="yahoogroups.com" [HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail\PerPassportSettings\3462661360\HTTP\Http Unblockable Domain\00000002] "Exception"="yahoo.com" [HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail\PerPassportSettings\3462661360\HTTP\Http Unblockable Domain\00000006] "Exception"="yahoogroups.com" [HKEY_CURRENT_USER\Software\Motive\Mcci\Config\McciNet\DNSCache\www.yahoo.com] [HKEY_CURRENT_USER\Software\Piriform\CCleaner] "CookiesToSave"="*.piriform.com|accounts.google.com|aol.com|google.com|yahoo.com" [HKEY_CURRENT_USER\Software\Yahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\panet.org\yahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\wwwyahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\yahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\panet.org\yahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers] "SIGN.IE=038D00 yahoo_toolbar_install_helper.exe"="VISTARTM" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\AVP11\profiles\YHO] @="Yahoo Protocoller" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\Contains\Files] "C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\DownloadInformation] "CODEBASE"="C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89C5F840-21C1-4C4C-A416-21044E80528C}] "AppPath"="C:\Program Files (x86)\Yahoo!\Common" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\panet.org\yahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\wwwyahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\yahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\panet.org\yahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Motive\Rainier\Verizon\OfflineDispatcher] "ConnectionTargets"="www.google.com,www.yahoo.com" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\panet.org\yahoo] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yahoo-analytics.net] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\wwwyahoo] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\yahoo] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\panet.org\yahoo] [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\18] "keyword"="search.yahoo.com" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\18] "url"="http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\3] "favicon_url"="http://search.yahoo.com/favicon.ico" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\3] "keyword"="yahoo.com" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\3] "short_name"="Yahoo!" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\3] "suggest_url"="http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\3] "url"="http://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\yahoo.com] [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.yahoo.com/?type=293224&fr=spigot-yhp-ie" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}] "DisplayName"="Yahoo! Search" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}] "URL"="http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}] [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}] "FaviconURL"="http://www.yahoo.com/favicon.ico" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\downloadznow.net\wwwyahoo] [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\downloadznow.net\yahoo] [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\panet.org\yahoo] [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\yahoo-analytics.net] [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\wwwyahoo] [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\yahoo] [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\panet.org\yahoo] [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows Live Mail\PerPassportSettings\1341029439\HTTP\Http Unallowable Domain\00000001] "Exception"="yahoo.com" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows Live Mail\PerPassportSettings\1341029439\HTTP\Http Unallowable Domain\00000005] "Exception"="yahoogroups.com" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows Live Mail\PerPassportSettings\1341029439\HTTP\Http Unblockable Domain\00000002] "Exception"="yahoo.com" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows Live Mail\PerPassportSettings\1341029439\HTTP\Http Unblockable Domain\00000006] "Exception"="yahoogroups.com" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows Live Mail\PerPassportSettings\3462661360\HTTP\Http Unallowable Domain\00000001] "Exception"="yahoo.com" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows Live Mail\PerPassportSettings\3462661360\HTTP\Http Unallowable Domain\00000005] "Exception"="yahoogroups.com" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows Live Mail\PerPassportSettings\3462661360\HTTP\Http Unblockable Domain\00000002] "Exception"="yahoo.com" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows Live Mail\PerPassportSettings\3462661360\HTTP\Http Unblockable Domain\00000006] "Exception"="yahoogroups.com" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Motive\Mcci\Config\McciNet\DNSCache\www.yahoo.com] [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Piriform\CCleaner] "CookiesToSave"="*.piriform.com|accounts.google.com|aol.com|google.com|yahoo.com" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Yahoo] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\panet.org\yahoo] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yahoo-analytics.net] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\wwwyahoo] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\yahoo] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\panet.org\yahoo] -= EOF =-
  10. OK... There's no "Yahoo" folder in Program FIles (x86). There's no Yahoo folder in Windows/Downlaoded Program FIles either. BUT - there IS an entry for the CLSID... What do I do with it? Bruce
  11. Hi! Despite all my attempts to see this file, including a general seach of C: drive, I can't find it at all. BTW, the stupid "Spigot" thing is still here... and now, my daughter's computer has it, despite the fct that I never transmitted any data to or from that laptop... Bruce
  12. Nope. Just on Opera, for some strage reason or other. If I press "home" on IE, Firefox, or Chrome, I still get this stupid http://search.yahoo.com/?type=293224&fr=spigot-yhp-ie as a home page despite all of our efforts to get rid of the d@#$ thing. I even tried using a backup from a month ago, and it's still there. I still say it's a "hitchhiker" of some kind - riding in on the back of some other program. Bruce
  13. The rest of Zoek - Zoek-B.txt Incinerator\(Default) = {E8215BEA-3290-4C73-964B-75502B9B41B2} -> {HKLM...CLSID} = Incinerator Context Menu Handler \InProcServer32\(Default) = C:\Windows\system32\Incinerator64.dll [iolo technologies, LLC] -> {HKLM...Wow...CLSID} = Incinerator Context Menu Handler \InProcServer32\(Default) = C:\Windows\SysWow64\Incinerator32.dll [iolo technologies, LLC] IObit Malware Fighter\(Default) = {0BB81440-5F42-4480-A5F7-770A6F439FC8} -> {HKLM...CLSID} = BlueBirdShell Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [iObit] IZArcCM\(Default) = {3BBAC0AD-8227-3462-C8EF-A36794DD8CD2} -> {HKLM...CLSID} = IZArc Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\IZArc\IZArcCM64.dll [null data] -> {HKLM...Wow...CLSID} = IZArc Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\IZArc\IZArcCM64.dll [null data] MetroShellExtImpl\(Default) = {8C10E8D5-495E-4EEA-B134-71A36F157365} -> {HKLM...CLSID} = MetroShellExtImpl Class \InProcServer32\(Default) = C:\Program Files (x86)\Norton Zone\Engine64\1.0.15.13\NZShlExt.dll [symantec Corporation] MRAICQCMenu\(Default) = {7C9E7B90-88EC-4852-AC7A-C938268A5D04} -> {HKLM...Wow...CLSID} = MRACMenu_icq Class \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\ICQM\ICQ\dll\mramenu.dll [null data] PhotoStreamsExt\(Default) = {89D984B3-813B-406A-8298-118AFA3A22AE} -> {HKLM...CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [null data] SDECon32\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC} -> {HKLM...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [safer-Networking Ltd.] -> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [safer-Networking Ltd.] SDECon64\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC} -> {HKLM...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [safer-Networking Ltd.] -> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [safer-Networking Ltd.] SlimShellExt\(Default) = {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF} -> {HKLM...CLSID} = SlimShellExt Class \InProcServer32\(Default) = C:\Program Files (x86)\SlimCleaner\SlimShell64.dll [slimware Utilities, Inc.] Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} -> {HKLM...CLSID} = IEContextMenu Class \InProcServer32\(Default) = "C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\NavShExt.dll" [symantec Corporation] TeraCopy\(Default) = {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopyExt.dll [null data] TeraCopyS64\(Default) = {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopyExt64.dll [null data] UnLockerMenu\(Default) = {A6FF0E3A-8437-482C-8E04-4F9E15C57538} -> {HKLM...CLSID} = UnLockerMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [iObit] WinMerge\(Default) = {4E716236-AA30-4C65-B225-D68BBA81E9C2} -> {HKLM...CLSID} = WinMergeShell Class \InProcServer32\(Default) = C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [http://winmerge.org] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] {06C31FAD-436B-46EF-839F-964754F0F905}\(Default) = (no title provided) -> {HKLM...CLSID} = WinOptimizerContextHandler \InProcServer32\(Default) = C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\WinOptimizerContextHandler64.dll [TODO: <Company name>] {546F2717-67F4-43BB-A7CF-5522C404678F}\(Default) = (no title provided) -> {HKLM...CLSID} = WinOptimizerContextHandler \InProcServer32\(Default) = C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\WinOptimizerContextHandler64.dll [TODO: <Company name>] HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\ TeraCopy\(Default) = {A7005AF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopy.dll [null data] -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopy.dll [null data] TeraCopy64\(Default) = {A7645AF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopy64.dll [null data] HKLM\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\ BuPropertySheet\(Default) = {B59987EA-25FE-44B4-8802-E4DE67073D8C} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\buShell.dll [symantec Corporation] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ FAExt\(Default) = {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} -> {HKLM...Wow...CLSID} = FAExt Class \InProcServer32\(Default) = C:\PROGRA~2\FileASSASSIN\FileASSASSINExt.dll [Malwarebytes] GB3ContextMenu\(Default) = {3A488FE8-9916-4F36-BDFF-3DED559142E5} -> {HKLM...CLSID} = GBContextMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\Razer\Razer Game Booster\GBV3ContextMenu.dll [null data] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] SlimShellExt\(Default) = {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF} -> {HKLM...CLSID} = SlimShellExt Class \InProcServer32\(Default) = C:\Program Files (x86)\SlimCleaner\SlimShell64.dll [slimware Utilities, Inc.] UnlockerShellExtension\(Default) = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} -> {HKLM...Wow...CLSID} = UnlockerShellExtension \InProcServer32\(Default) = C:\Program Files (x86)\Unlocker\UnlockerCOM.dll [null data] HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.] -> {HKCU...Wow...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ Advanced SystemCare\(Default) = {2803063F-4B8D-4dc6-8874-D1802487FE2D} -> {HKLM...CLSID} = CExtMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCExtMenu_64.dll [iObit] AIMP\(Default) = {1F77B17B-F531-44DB-ACA4-76ABB5010A28} -> {HKLM...CLSID} = AIMP ShellExt Unit \InProcServer32\(Default) = C:\Program Files (x86)\AIMP3\Modules\aimp_menu64.dll [AIMP DevTeam] -> {HKLM...Wow...CLSID} = AIMP ShellExt Unit \InProcServer32\(Default) = C:\Program Files (x86)\AIMP3\Modules\aimp_menu32.dll [AIMP DevTeam] Eraser\(Default) = {BC9B776A-90D7-4476-A791-79D835F30650} -> {HKLM...CLSID} = Eraser Shell Extension \InProcServer32\(Default) = "C:\PROGRA~1\Eraser\Eraser.Shell.dll" [The Eraser Project] GDContextMenu\(Default) = {BB02B294-8425-42E5-983F-41A1FA970CD6} -> {HKLM...CLSID} = GDContextMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\contextmenu64.dll [Google] Incinerator\(Default) = {E8215BEA-3290-4C73-964B-75502B9B41B2} -> {HKLM...CLSID} = Incinerator Context Menu Handler \InProcServer32\(Default) = C:\Windows\system32\Incinerator64.dll [iolo technologies, LLC] -> {HKLM...Wow...CLSID} = Incinerator Context Menu Handler \InProcServer32\(Default) = C:\Windows\SysWow64\Incinerator32.dll [iolo technologies, LLC] IObit Malware Fighter\(Default) = {0BB81440-5F42-4480-A5F7-770A6F439FC8} -> {HKLM...CLSID} = BlueBirdShell Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [iObit] IZArcCM\(Default) = {3BBAC0AD-8227-3462-C8EF-A36794DD8CD2} -> {HKLM...CLSID} = IZArc Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\IZArc\IZArcCM64.dll [null data] -> {HKLM...Wow...CLSID} = IZArc Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\IZArc\IZArcCM64.dll [null data] SlimShellExt\(Default) = {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF} -> {HKLM...CLSID} = SlimShellExt Class \InProcServer32\(Default) = C:\Program Files (x86)\SlimCleaner\SlimShell64.dll [slimware Utilities, Inc.] TeraCopy\(Default) = {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopyExt.dll [null data] TeraCopyS64\(Default) = {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopyExt64.dll [null data] UnLockerMenu\(Default) = {A6FF0E3A-8437-482C-8E04-4F9E15C57538} -> {HKLM...CLSID} = UnLockerMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [iObit] WinMerge\(Default) = {4E716236-AA30-4C65-B225-D68BBA81E9C2} -> {HKLM...CLSID} = WinMergeShell Class \InProcServer32\(Default) = C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [http://winmerge.org] {33F85093-44BB-4587-B25B-FFD05D5B9916}\(Default) = (no title provided) -> {HKLM...CLSID} = Network Magic Folders \InProcServer32\(Default) = C:\Program Files (x86)\Pure Networks\Network Magic\amd64\nmspce2.dll [Cisco Systems, Inc.] -> {HKLM...Wow...CLSID} = Network Magic Folders \InProcServer32\(Default) = C:\Program Files (x86)\Pure Networks\Network Magic\nmspce2.dll [Cisco Systems, Inc.] HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\ FAMShExt\(Default) = {9B39E194-B6F2-49C1-93F0-115D24B73DDC} -> {HKLM...CLSID} = FAMShExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Norton Zone\Engine64\1.0.15.13\FAMShExt.dll [symantec Corporation] FileZilla3CopyHook\(Default) = {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B} -> {HKLM...CLSID} = FileZilla 3 Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll [null data] -> {HKLM...Wow...CLSID} = FileZilla 3 Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll [null data] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ Eraser\(Default) = {BC9B776A-90D7-4476-A791-79D835F30650} -> {HKLM...CLSID} = Eraser Shell Extension \InProcServer32\(Default) = "C:\PROGRA~1\Eraser\Eraser.Shell.dll" [The Eraser Project] FAMShExt\(Default) = {9B39E194-B6F2-49C1-93F0-115D24B73DDC} -> {HKLM...CLSID} = FAMShExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Norton Zone\Engine64\1.0.15.13\FAMShExt.dll [symantec Corporation] TeraCopy\(Default) = {A7005AF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopy.dll [null data] -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopy.dll [null data] TeraCopy64\(Default) = {A7645AF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopy64.dll [null data] HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.] -> {HKCU...Wow...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ TeraCopy\(Default) = {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopyExt.dll [null data] TeraCopyS64\(Default) = {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopyExt64.dll [null data] WinMerge\(Default) = {4E716236-AA30-4C65-B225-D68BBA81E9C2} -> {HKLM...CLSID} = WinMergeShell Class \InProcServer32\(Default) = C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [http://winmerge.org] {33F85093-44BB-4587-B25B-FFD05D5B9916}\(Default) = (no title provided) -> {HKLM...CLSID} = Network Magic Folders \InProcServer32\(Default) = C:\Program Files (x86)\Pure Networks\Network Magic\amd64\nmspce2.dll [Cisco Systems, Inc.] -> {HKLM...Wow...CLSID} = Network Magic Folders \InProcServer32\(Default) = C:\Program Files (x86)\Pure Networks\Network Magic\nmspce2.dll [Cisco Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {0561EC90-CE54-4f0c-9C55-E226110A740C}\(Default) = Haali Column Provider -> {HKLM...Wow...CLSID} = Haali Column Provider \InProcServer32\(Default) = C:\Windows\SysWow64\mmfinfo.dll [null data] {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = OpenOffice Column Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll [Apache Software Foundation] -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...Wow...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} -> {HKLM...CLSID} = Acrobat Elements Context Menu \InProcServer32\(Default) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [Adobe Systems Inc.] -> {HKLM...Wow...CLSID} = Acrobat Elements Context Menu \InProcServer32\(Default) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll [Adobe Systems Inc.] BitZipper32\(Default) = {D5906221-A717-479B-9B49-CD848F9CE816} -> {HKLM...CLSID} = BZShlExtImpl Class \InProcServer32\(Default) = C:\Program Files (x86)\BitZipper\BZShlExt64.dll [bitberry Software] -> {HKLM...Wow...CLSID} = BZShlExtImpl Class \InProcServer32\(Default) = C:\Program Files (x86)\BitZipper\BZShlExt.dll [bitberry Software] BitZipper64\(Default) = {9176020F-4A61-4F57-A133-258110EBC765} -> {HKLM...CLSID} = BitZipper64 \InProcServer32\(Default) = C:\Program Files (x86)\BitZipper\BZShlExt64.dll [bitberry Software] BUContextMenu\(Default) = {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\buShell.dll [symantec Corporation] Eraser\(Default) = {BC9B776A-90D7-4476-A791-79D835F30650} -> {HKLM...CLSID} = Eraser Shell Extension \InProcServer32\(Default) = "C:\PROGRA~1\Eraser\Eraser.Shell.dll" [The Eraser Project] IObit Malware Fighter\(Default) = {0BB81440-5F42-4480-A5F7-770A6F439FC8} -> {HKLM...CLSID} = BlueBirdShell Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [iObit] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] MetroShellExtImpl\(Default) = {8C10E8D5-495E-4EEA-B134-71A36F157365} -> {HKLM...CLSID} = MetroShellExtImpl Class \InProcServer32\(Default) = C:\Program Files (x86)\Norton Zone\Engine64\1.0.15.13\NZShlExt.dll [symantec Corporation] SDECon32\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC} -> {HKLM...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [safer-Networking Ltd.] -> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [safer-Networking Ltd.] SDECon64\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC} -> {HKLM...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [safer-Networking Ltd.] -> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [safer-Networking Ltd.] Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} -> {HKLM...CLSID} = IEContextMenu Class \InProcServer32\(Default) = "C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\NavShExt.dll" [symantec Corporation] TeraCopy\(Default) = {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopyExt.dll [null data] TeraCopyS64\(Default) = {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopyExt64.dll [null data] UnLockerMenu\(Default) = {A6FF0E3A-8437-482C-8E04-4F9E15C57538} -> {HKLM...CLSID} = UnLockerMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [iObit] UnlockerShellExtension\(Default) = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} -> {HKLM...Wow...CLSID} = UnlockerShellExtension \InProcServer32\(Default) = C:\Program Files (x86)\Unlocker\UnlockerCOM.dll [null data] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] {06C31FAD-436B-46EF-839F-964754F0F905}\(Default) = (no title provided) -> {HKLM...CLSID} = WinOptimizerContextHandler \InProcServer32\(Default) = C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\WinOptimizerContextHandler64.dll [TODO: <Company name>] {33F85093-44BB-4587-B25B-FFD05D5B9916}\(Default) = (no title provided) -> {HKLM...CLSID} = Network Magic Folders \InProcServer32\(Default) = C:\Program Files (x86)\Pure Networks\Network Magic\amd64\nmspce2.dll [Cisco Systems, Inc.] -> {HKLM...Wow...CLSID} = Network Magic Folders \InProcServer32\(Default) = C:\Program Files (x86)\Pure Networks\Network Magic\nmspce2.dll [Cisco Systems, Inc.] {546F2717-67F4-43BB-A7CF-5522C404678F}\(Default) = (no title provided) -> {HKLM...CLSID} = WinOptimizerContextHandler \InProcServer32\(Default) = C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\WinOptimizerContextHandler64.dll [TODO: <Company name>] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ Eraser\(Default) = {BC9B776A-90D7-4476-A791-79D835F30650} -> {HKLM...CLSID} = Eraser Shell Extension \InProcServer32\(Default) = "C:\PROGRA~1\Eraser\Eraser.Shell.dll" [The Eraser Project] FAMShExt\(Default) = {9B39E194-B6F2-49C1-93F0-115D24B73DDC} -> {HKLM...CLSID} = FAMShExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Norton Zone\Engine64\1.0.15.13\FAMShExt.dll [symantec Corporation] TeraCopy\(Default) = {A7005AF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopy.dll [null data] -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopy.dll [null data] TeraCopy64\(Default) = {A7645AF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopy64.dll [null data] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDesktopCleanupWizard = (REG_DWORD) dword:0x00000001 {unrecognized setting} NoInstrumentation = (REG_SZ) 1 {unrecognized setting} NoCDBurning = (REG_DWORD) dword:0x00000001 {User Configuration|Administrative Templates|Windows Components|Windows Explorer| Remove CD Burning features} NoRecentDocsHistory = (REG_DWORD) dword:0x00000000 {unrecognized setting} ClearRecentDocsOnExit = (REG_DWORD) dword:0x00000000 {unrecognized setting} NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoResolveTrack = (REG_DWORD) dword:0x00000000 {unrecognized setting} NoPropertiesMyComputer = (REG_DWORD) dword:0x00000000 {unrecognized setting} NoFileAssociate = (REG_DWORD) dword:0x00000000 {unrecognized setting} NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ DisableRegistryTools = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} DisableTaskMgr = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\ SecurityTab = (REG_DWORD) dword:0x00000000 {Computer Configuration|Administrative Templates|Windows Components|Internet Explorer|Internet Control Panel| Disable the Security page} ConnectionsTab = (REG_DWORD) dword:0x00000000 {Computer Configuration|Administrative Templates|Windows Components|Internet Explorer|Internet Control Panel| Disable the Connections page} SecChangeSettings = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions\ NoBrowserOptions = (REG_DWORD) dword:0x00000000 {Computer Configuration|Administrative Templates|Windows Components|Internet Explorer|Browser Menus| Tools menu: Disable Internet Options... menu option} NoBrowserSaveAs = (REG_DWORD) dword:0x00000000 {unrecognized setting} NoFavorites = (REG_DWORD) dword:0x00000000 {unrecognized setting} NoFileNew = (REG_DWORD) dword:0x00000000 {unrecognized setting} NoFileOpen = (REG_DWORD) dword:0x00000000 {unrecognized setting} NoTheaterMode = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ ConsentPromptBehaviorAdmin = (REG_DWORD) dword:0x00000002 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode} ConsentPromptBehaviorUser = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Standard Users} VerboseStatus = (REG_DWORD) dword:0x00000000 {unrecognized setting} EnableLinkedConnections = (REG_DWORD) dword:0x00000001 {unrecognized setting} DisableRegistryTools = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ SCRNSAVE.EXE = C:\Windows\SysWOW64\GPhotos.scr [Google Inc.] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ AIMP.EventCDA\ Provider = AIMP3 InvokeProgID = AIMP.EventCDA InvokeVerb = open HKCU\Software\Classes\AIMP.EventCDA\shell\open\command\(Default) = C:\Program Files (x86)\AIMP3\AIMP3.exe /CDA %1 [AIMP DevTeam] AIMP.EventMusic\ Provider = AIMP3 InvokeProgID = AIMP.EventMusic InvokeVerb = open HKCU\Software\Classes\AIMP.EventMusic\shell\open\command\(Default) = C:\Program Files (x86)\AIMP3\AIMP3.exe /DIR %1 [AIMP DevTeam] CDBurnerXP\ Provider = CDBurnerXP InvokeProgID = CDBurnerXPOpen InvokeVerb = open HKLM\SOFTWARE\Classes\CDBurnerXPOpen\shell\open\command\(Default) = "C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe" /od "%1" [null data] MSLivePhotoAcquireDropHandler\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.LivePhotoAcqDTShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSLiveShowPicturesOnArrival\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSPlayBluRayOnArrival\ Provider = Windows Media Player InvokeProgID = WMP.BD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.BD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:12 /Play "%L\BDMV\index.bdmv" [MS] MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] MXFotomakerBrowseOnArrival\ Provider = MAGIX Foto Manager MX deluxe InvokeProgID = Magix.Fotomaker.Brws InvokeVerb = Brws HKLM\SOFTWARE\Classes\Magix.Fotomaker.Brws\shell\Brws\command\(Default) = "C:\Program Files (x86)\MAGIX\Photo_Manager_MX\Fotomanager_dlx.exe" /exp "%1" [MAGIX] MXFotomakerBurningCDArrival\ Provider = MAGIX Foto Manager MX deluxe InvokeProgID = Magix.Fotomaker.Burn InvokeVerb = Burn HKLM\SOFTWARE\Classes\Magix.Fotomaker.Burn\shell\Burn\command\(Default) = "C:\Program Files (x86)\MAGIX\Photo_Manager_MX\Fotomanager_dlx.exe" [MAGIX] MXFotomakerImportPicturesOnArrival\ Provider = MAGIX Foto Manager MX deluxe InvokeProgID = Magix.Fotomaker.ImportPic InvokeVerb = ImportPic HKLM\SOFTWARE\Classes\Magix.Fotomaker.ImportPic\shell\ImportPic\command\(Default) = "C:\Program Files (x86)\MAGIX\Photo_Manager_MX\Fotomanager_dlx.exe" /k "%1" [MAGIX] MXFotomakerPlayVideoOnArrival\ Provider = MAGIX Foto Manager MX deluxe InvokeProgID = Magix.Fotomaker.PlayV InvokeVerb = PlayV HKLM\SOFTWARE\Classes\Magix.Fotomaker.PlayV\shell\PlayV\command\(Default) = "C:\Program Files (x86)\MAGIX\Photo_Manager_MX\Fotomanager_dlx.exe" /exp "%1" [MAGIX] MXFotomakerShowPicturesOnArrival\ Provider = MAGIX Foto Manager MX deluxe InvokeProgID = Magix.Fotomaker.ShwPic InvokeVerb = ShwPic HKLM\SOFTWARE\Classes\Magix.Fotomaker.ShwPic\shell\ShwPic\command\(Default) = "C:\Program Files (x86)\MAGIX\Photo_Manager_MX\Fotomanager_dlx.exe" /exp "%1" [MAGIX] NeroAutoPlay9CDAudio\ Provider = Nero Express InvokeProgID = Nero.AutoPlay8 InvokeVerb = CDAudio_HandleCDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = C:\Program Files (x86)\Nero\Nero 9\Nero Express\NeroExpress.exe -w /New:AudioCD [Nero AG] NeroAutoPlay9CopyCD\ Provider = Nero Express InvokeProgID = Nero.AutoPlay8 InvokeVerb = CopyCD_PlayMusicFilesOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = C:\Program Files (x86)\Nero\Nero 9\Nero Express\NeroExpress.exe -w /Dialog:DiscCopy [Nero AG] NeroAutoPlay9DataDisc\ Provider = Nero Express InvokeProgID = Nero.AutoPlay8 InvokeVerb = DataDisc_HandleCDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = C:\Program Files (x86)\Nero\Nero 9\Nero Express\NeroExpress.exe -w /New:ISODisc [Nero AG] NeroAutoPlay9LaunchNeroStartSmart\ Provider = Nero StartSmart InvokeProgID = Nero.AutoPlay8 InvokeVerb = LaunchNeroStartSmart_HandleCDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe /AutoPlay [Nero AG] P2GCDBurningOnArrival\ Provider = Power2Go InvokeProgID = BlankCD InvokeVerb = OpenWithPower2Go HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.] P2GDVDBurningOnArrival\ Provider = Power2Go InvokeProgID = BlankDVD InvokeVerb = OpenWithPower2Go HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.] PDVD9PlayCDAudioOnArrival\ Provider = PowerDVD 9 InvokeProgID = AudioCD InvokeVerb = PlayWithPowerDVD9 HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD9\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVDLaunchPolicy.exe" "%L" [CyberLink Corp.] PDVD9PlayDVDMovieOnArrival\ Provider = PowerDVD 9 InvokeProgID = DVD InvokeVerb = PlayWithPowerDVD9 HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD9\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVDLaunchPolicy.exe" "%L" [CyberLink Corp.] PDVD9PlaySVCDOnArrival\ Provider = PowerDVD 9 InvokeProgID = SVCD InvokeVerb = PlayWithPowerDVD9 HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPowerDVD9\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVDLaunchPolicy.exe" "%L" [CyberLink Corp.] PDVD9PlayVCDMovieOnArrival\ Provider = PowerDVD 9 InvokeProgID = VCD InvokeVerb = PlayWithPowerDVD9 HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD9\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVDLaunchPolicy.exe" "%L" [CyberLink Corp.] Picasa2ImportPicturesOnArrival\ Provider = Picasa3 InvokeProgID = picasa2.autoplay InvokeVerb = import HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = C:\Program Files (x86)\Google\Picasa3\Picasa3.exe "%1" [Google Inc.] Power2GoPlayCDAudioOnArrival\ Provider = Power2Go InvokeProgID = AudioCD InvokeVerb = PlayWithPower2Go HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" /AudioRipper "%L" [CyberLink Corp.] SpybotScanFiles\ Provider = Spybot - Search & Destroy InvokeProgID = SpybotFilesScanner InvokeVerb = scanfiles HKLM\SOFTWARE\Classes\SpybotFilesScanner\shell\scanfiles\command\(Default) = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe" [safer-Networking Ltd.] WIA_{51BD566E-A02D-4387-9A82-D929EA8C20B0}\ Provider = MAGIX Photo Manager MX CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaClsid;{51BD566E-A02D-4387-9A82-D929EA8C20B0}; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{F9C8DDE4-4324-4B0E-A8F7-994286683BBB}\ Provider = Readiris CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files (x86)\Readiris Pro 12\readiris.exe /StiDevice:%1 /StiEvent:%2; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WinampMTPHandler\ Provider = Winamp ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = C:\Users\gurpsgm\Music\Winamp\winamp.exe HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] WinampPlayMediaOnArrival\ Provider = Winamp InvokeProgID = Winamp.File InvokeVerb = Play HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = "C:\Users\gurpsgm\Music\Winamp\winamp.exe" "%1" [Nullsoft, Inc.] Startup items in "gurpsgm" & "All Users" startup folders: --------------------------------------------------------- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++} AnyTime -> shortcut to: C:\Program Files (x86)\AnyTime Organizer Premier\ISI Launcher.exe [individual Software Inc.] OneNote 2007 Screen Clipper and Launcher -> shortcut to: C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [MS] Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] ASC7_SkipUac_gurpsgm -> launches: C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe /SkipUac [iObit] CCleanerSkipUAC -> launches: "C:\Program Files (x86)\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd] Driver Booster Scan -> launches: C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe /scan [iObit] Driver Booster Update -> launches: C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe /auto [iObit] FreeFileViewerUpdateChecker -> launches: C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [bitberry Software] Game_Booster_AutoUpdate -> launches: C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe /AUTORUN [file not found] GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] GoogleUpdateTaskUserS-1-5-21-2751017530-556950238-3992346484-1000Core -> launches: C:\Users\gurpsgm\AppData\Local\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskUserS-1-5-21-2751017530-556950238-3992346484-1000UA -> launches: C:\Users\gurpsgm\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] gurpsgm DBAgent 2 0 -> launches: "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" [seagate Technology LLC] Microsoft_Hardware_Launch_devicecenter_exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Device Center\devicecenter.exe [file not found] Microsoft_Hardware_Launch_ipoint_exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [MS] Microsoft_Hardware_Launch_itype_exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [MS] Microsoft_Hardware_Launch_mousekeyboardcenter_exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [null data] Microsoft_Hardware_Launch_rundll32_exe -> (HIDDEN!) launches: rundll32.exe url.dll,OpenURL c:\4d665dcc8da2864ea4bcc4d3d810\ipoint\Setup64\Files\1033\Eng.rtf [MS] Microsoft_MKC_Logon_Task_ipoint.exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [MS] Microsoft_MKC_Logon_Task_itype.exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [MS] Norton Security Scan for gurpsgm -> (HIDDEN!) launches: C:\PROGRA~2\Norton Security Scan\Engine\4.0.3.24\Nss.exe /scan-quick /scheduled [symantec Corporation] Norton WSC Integration -> (HIDDEN!) launches: "C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\WSCStub.exe" /taskschd [symantec Corporation] PCHB_gurpsgm_PCHealthBoost_RM -> launches: "C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe" /c /s /p:rg [file not found] PCHB_gurpsgm_PCHealthBoost_RN -> launches: "C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe" /c /s /p:rn [file not found] PCHB_gurpsgm_PCHealthBoost_RS -> launches: "C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe" /c /s /a:rs [file not found] PCHB_gurpsgm_PCHealthBoost_UP -> launches: "C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe" /c /s /a:dw [file not found] PCHB_WaitAndStartAfter -> launches: "C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe" /c /a:rs [file not found] ProgramRefresh-ATFST -> launches: C:\Program Files (x86)\File Type Assistant\tsasetup.exe /refresh /verysilent /suppressmsgboxes /nocancel /norestart [file not found] ProgramUpdateCheck -> launches: C:\Program Files (x86)\File Type Assistant\TSAssist.exe /chkupd [file not found] RealPlayerRealUpgradeLogonTaskS-1-5-21-2751017530-556950238-3992346484-1000 -> launches: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck [file not found] RealPlayerRealUpgradeScheduledTaskS-1-5-21-2751017530-556950238-3992346484-1000 -> launches: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck [file not found] RealUpgradeLogonTaskS-1-5-21-2751017530-556950238-3992346484-1000 -> launches: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck [file not found] RealUpgradeScheduledTaskS-1-5-21-2751017530-556950238-3992346484-1000 -> launches: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck [file not found] Reimage Reminder -> launches: "C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe" [file not found] Seagate_Install_Launch -> launches: C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [null data] SidebarExecute -> launches: C:\Program Files\Windows Sidebar\sidebar.exe [MS] SlimCleaner Run -> launches: "C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe" $(Arg0) [slimWare Utilities, Inc.] SparkTrust PC Cleaner Plus -> launches: C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe -scan [file not found] SparkTrust Registration3 -> launches: C:\Windows\system32\rundll32.exe "C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns [MS] SparkTrust Update Version3 -> launches: C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe [sparkTrust Systems] SparkTrust Update Version3 Startup Task -> launches: C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe -StartupTask [sparkTrust Systems] User_Feed_Synchronization-{21B4E9D4-6B39-431A-BA29-EF6281D6E976} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS] WpsUpdateTask_gurpsgm -> launches: C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe -from=task [Zhuhai Kingsoft Office Software Co.,Ltd] {1E2DF568-C6F3-47A0-9E95-A8122C3D839E} -> launches: D:\autorun.exe [file not found] {484B8029-9493-40C2-87A1-E0C54EC58133} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\gurpsgm\Documents\Downloads\CA43_Hex_Overland.exe -d "C:\Program Files (x86)\Mozilla Firefox" [MS] {72217564-44FF-4AE7-82AC-B4662CA68FBA} -> launches: C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest\LaunchPad.exe [sony Online Entertainment] {7F385FFC-F136-4F35-B60E-036455BD4BEE} -> launches: C:\Users\gurpsgm\Documents\Downloads\sm_dm.exe [file not found] {89862946-A18D-4240-A06F-77ABB6566F79} -> launches: C:\Windows\system32\pcalua.exe -a D:\setup.exe -d D:\ [MS] {A9843C85-E4C4-4086-AFE7-9042C714F914} -> launches: D:\autorun.exe [file not found] {BCF86C3F-4CAD-48B7-9BB3-B34FADB48135} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\gurpsgm\Documents\Downloads\Saitek_Cyborg_Keyboard_SD6_64_Drivers_pfw.exe -d C:\Users\gurpsgm\Desktop [MS] {D436729F-20E9-464A-ABDA-10798FF50770} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\gurpsgm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LMCJBJQH\yahoo_toolbar_install_helper.exe" -d C:\Users\gurpsgm\Desktop [MS] {E1BDBAB9-97A3-40ED-8842-524200AA03C6} -> launches: C:\Windows\system32\pcalua.exe -a D:\instmsia.exe -d D:\ [MS] {E2E7D126-CF2C-43F1-BA9B-A167876E9248} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\gurpsgm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PSCU9K7R\Saitek_Cyborg_Keyboard_SD6_64_Drivers_pfw.exe" -d C:\Users\gurpsgm\Desktop [MS] C:\Windows\System32\Tasks\Apple AppleSoftwareUpdate -> launches: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task [file not found] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] -> {HKLM...Wow...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D} -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS] ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS] DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS] ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS] MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS] ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS] PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS] PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS] PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS] PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS] PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS] RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS] ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS] SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TabletPC InputPersonalization -> launches: %CommonProgramFiles%\Microsoft Shared\Ink\InputPersonalization.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] -> {HKLM...Wow...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS] ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem Calibration Loader -> launches: {B210D694-C8DF-490d-9576-9E20CDBC20BD} -> {HKLM...CLSID} = Color Calibration Loader \InProcServer32\(Default) = C:\Windows\System32\mscms.dll [MS] -> {HKLM...Wow...CLSID} = Color Calibration Loader \InProcServer32\(Default) = C:\Windows\System32\mscms.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] -> {HKLM...Wow...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1} -> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS] C:\Windows\System32\Tasks\Norton 360 Norton Error Analyzer -> launches: C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe /analyze [symantec Corporation] Norton Error Processor -> launches: C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe /submit [symantec Corporation] C:\Windows\System32\Tasks\Norton Identity Safe Norton Error Analyzer -> launches: C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe /analyze [symantec Corporation] Norton Error Processor -> launches: C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe /submit [symantec Corporation] C:\Windows\System32\Tasks\Norton Management Norton Error Analyzer -> launches: C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe /analyze [symantec Corporation] Norton Error Processor -> launches: C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe /submit [symantec Corporation] C:\Windows\System32\Tasks\Norton Zone Norton Error Analyzer -> launches: C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\SymErr.exe /analyze [symantec Corporation] Norton Error Processor -> launches: C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\SymErr.exe /submit [symantec Corporation] C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy Check for updates -> launches: "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" /autoupdate /silent /autoclose /background [safer-Networking Ltd.] Refresh immunization -> launches: "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe" /immunize /silent /autoclose [safer-Networking Ltd.] Scan the system -> launches: "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe" /scan /cleanclose [safer-Networking Ltd.] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-2751017530-556950238-3992346484-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.] 000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000009\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [file not found] 000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000009\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -> {HKLM...CLSID} = Norton Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll [symantec Corporation] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {8DCB7100-DF86-4384-8842-8FA844297B3F} = Bing -> {HKLM...CLSID} = Bing Bar \InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\amd64\BingExt.dll" [Microsoft Corporation.] {2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided) -> {HKLM...CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} = Norton Toolbar -> {HKLM...CLSID} = Norton Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll [symantec Corporation] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\ {47833539-D0C5-4125-9FA8-0819E2EAAC93} = (no title provided) -> {HKLM...Wow...CLSID} = Adobe PDF \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe Systems Incorporated] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} = Norton Toolbar -> {HKLM...Wow...CLSID} = Norton Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll [symantec Corporation] {2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided) -> {HKLM...Wow...CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] Explorer Bars HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Research Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKCU\Software\Microsoft\Internet Explorer\Extensions\ {086C8477-4F71-4550-87FB-AF0AE8DF3E98}\ ButtonText = ICQ MenuText = ICQ Exec = C:\Users\gurpsgm\AppData\Roaming\ICQM\icq.exe [iCQ] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ ButtonText = Skype Click to Call CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -> {HKLM...CLSID} = Skype add-on for Internet Explorer (toolbar button) \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [skype Technologies S.A.] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Send to OneNote MenuText = S&end to OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll [MS] {76C5FB99-DD0A-4186-9E75-65D1BF3DA283}\ ButtonText = Add to Wish List Script = C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm [file not found] {898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ ButtonText = Skype Click to Call CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -> {HKLM...Wow...CLSID} = Skype Browser Helper \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ ButtonText = Research BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -> {HKLM...Wow...CLSID} = &Research \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL [MS] {F0D6B094-D85E-4EDB-81EE-971A684343AB}\ ButtonText = Send to MyInfo (Attachment) MenuText = Send to MyInfo (Attachment) CLSIDExtension = {4DBB4D17-C65B-4868-8E9C-7779FB3DDA27} -> {HKLM...Wow...CLSID} = Send to MyInfo (Attachment) \InProcServer32\(Default) = C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfoAttachment.dll [Milenix Software Ltd.] {F192EBCD-82E5-11DA-954E-00E08161165F}\ ButtonText = Send to MyInfo MenuText = Send to MyInfo CLSIDExtension = {A1AD13F3-B8F0-4584-8088-8BCBDB42663F} -> {HKLM...Wow...CLSID} = Send to MyInfo \InProcServer32\(Default) = C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfo.dll [Milenix Software Ltd.] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated] Advanced SystemCare Service 7, AdvancedSystemCareService7, C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [iObit] AMD External Events Utility, AMD External Events Utility, C:\Windows\system32\atiesrxx.exe [AMD] BBUpdate, BBUpdate, "C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.exe" [Microsoft Corporation.] FABS - Helping agent for MAGIX media database, Fabs, C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe /DisableUI [MAGIX® AG] GREGService, GREGService, C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [Acer Incorporated] IHA_MessageCenter, IHA_MessageCenter, "C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" [null data] Intel® Matrix Storage Event Monitor, IAANTMON, C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [intel Corporation] iolo System Service, ioloSystemService, "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [iolo technologies, LLC] LiveUpdate, LiveUpdateSvc, C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [iObit] McciCMService, McciCMService, "C:\Program Files (x86)\Common Files\Motive\McciCMService.exe" [Alcatel-Lucent] McciCMService64, McciCMService64, "C:\Program Files\Common Files\Motive\McciCMService.exe" [Alcatel-Lucent] Norton 360, N360, "C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\diMaster.dll" /prefetch:1 [symantec Corporation] Norton Identity Safe, NCO, "C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe" /s "NCO" /m "C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll" /prefetch:1 [symantec Corporation] Norton Management, MCLIENT, "C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe" /s "MCLIENT" /m "C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\diMaster.dll" /prefetch:1 [symantec Corporation] Norton Zone, NZ, "C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe" /s "NZ" /m "C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\diMaster.dll" /prefetch:1 [symantec Corporation] NTI IScheduleSvc, NTI IScheduleSvc, C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [NewTech Infosystems, Inc.] Pure Networks Platform Service, nmservice, "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" [Cisco Systems, Inc.] Spybot-S&D 2 Scanner Service, SDScannerService, "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" [safer-Networking Ltd.] Spybot-S&D 2 Security Center Service, SDWSCService, "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe" [safer-Networking Ltd.] Spybot-S&D 2 Updating Service, SDUpdateService, "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" [safer-Networking Ltd.] SpyHunter 4 Service, SpyHunter 4 Service, C:\PROGRA~1\Enigma Software Group\SpyHunter\SH4Service.exe [Enigma Software Group USA, LLC.] Steam Client Service, Steam Client Service, "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService [Valve Corporation] TabletServicePen, TabletServicePen, C:\Program Files\Tablet\Pen\Pen_Tablet.exe [Wacom Technology, Corp.] True Sword 5 Scheduler, TrueSwordSchedulerService, C:\Program Files (x86)\True Sword 5\TrueSwordSchedule.exe [null data] Updater Service, Updater Service, C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [Acer Group] USBS3S4Detection, USBS3S4Detection, C:\OEM\USBDECTION\USBS3S4Detection.exe [null data] Wacom Consumer Touch Service, TouchServicePen, C:\Program Files\Tablet\Pen\Pen_TouchService.exe [Wacom Technology, Corp.] Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS] WinTab Service, WinTabService, "C:\Windows\System32\Drivers\WTSRV.EXE" [uC-Logic Technology Corp.] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <<!>> IMFservice, Service <<!>> ioloSystemService, Service <<!>> PEVSystemStart, Service <<!>> procexp90.Sys, Driver HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <<!>> ioloSystemService, Service <<!>> PEVSystemStart, Service <<!>> procexp90.Sys, Driver Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Adobe PDF Port Monitor\Driver = AdobePDF.dll [Adobe Systems Inc] Nitro PDF Port Monitor\Driver = nitrolocalmon2.dll [Nitro PDF Software] PCL hpz3llhn\Driver = hpz3llhn.dll [Hewlett-Packard Company] ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\gurpsgm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\gurpsgm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\njkkjobcechefaoknodniidfjapgfoco\def\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\gurpsgm\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Mon 12/02/2013 at 9:15:50.16 ======================
  14. Sorry this had to be broken down ... Zoek-A.txt Zoek.exe Version 4.0.0.5 Updated 30-November-2013 Tool run by gurpsgm on Mon 12/02/2013 at 8:45:04.72. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\gurpsgm\Documents\Bruce\Computer\Problems\zoek\zoek.exe [script inserted] ==== System Restore Info ====================== 12/2/2013 08:48:36 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe C:\Program Files (x86)\Common Files\Motive\McciCMService.exe C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe C:\Program Files (x86)\True Sword 5\TrueSwordSchedule.exe C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe C:\OEM\USBDECTION\USBS3S4Detection.exe C:\Windows\System32\Drivers\WTSRV.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\My Lockbox\mylbx.exe C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\RegZooka\RegZookaScheduler.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.exe C:\Users\gurpsgm\Documents\Bruce\Computer\Problems\zoek\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\8ckfqq5x.default-1384954388521\prefs.js: user_pref("browser.startup.homepage", "http://search.yahoo.com/?type=293224&fr=spigot-yhp-ff"); user_pref("browser.search.selectedEngine", "Google"); user_pref("keyword.url", "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p="); Added to C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\8ckfqq5x.default-1384954388521\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\svdcl1jg.default-1357467556136\prefs.js: Added to C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\svdcl1jg.default-1357467556136\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ProfilePath: C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\8ckfqq5x.default-1384954388521 user.js not found ---- Lines spigot removed from prefs.js ---- user_pref("browser.startup.homepage", "http://search.yahoo.com/?type=293224&fr=spigot-yhp-ff"); ---- FireFox user.js and prefs.js backups ---- prefs_20131202_0857_.backup ProfilePath: C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\svdcl1jg.default-1357467556136 user.js not found ---- FireFox user.js and prefs.js backups ---- ==== Deleting Files \ Folders ====================== C:\Windows\syswow64\appdata deleted C:\PROGRA~2\File Type Assistant deleted C:\PROGRA~2\Amazon deleted C:\ProgramData\GBox deleted C:\ProgramData\InstallMate deleted C:\ProgramData\Package Cache deleted C:\Users\gurpsgm\AppData\Local\FileTypeAssistant deleted C:\Users\gurpsgm\AppData\Local\NativeMessaging deleted C:\Windows\sysWoW64\config\systemprofile\AppData\Local\FileTypeAssistant deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted "C:\Users\gurpsgm\AppData\Roaming\IDM" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 8184 MB CPU Info: Intel® Core i7 CPU 870 @ 2.93GHz CPU Speed: 2995.3 MHz Sound Card: Speakers (Realtek High Definiti | Realtek Digital Output (Realtek | Display Adapters: AMD Radeon HD 5700 Series | AMD Radeon HD 5700 Series | AMD Radeon HD 5700 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; SyncMaster T220/T220G,SyncMaster Magic T220/T220G(Digital) | Screen Resolution: 1680 X 1050 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GH60N Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 911.4GB Hard Disks - Free: C: 326.3GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 08/16/32 | ACRSYS - 20100517 Time Zone: Eastern Standard Time Motherboard *: Gateway FX6840 Country: United States Language: ENU ==== System Specs (Software) ====================== Anti-Virus: Norton 360 On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Spybot - Search and Destroy disabled (Outdated) Anti-Spyware: IObit Malware Fighter disabled (Outdated) Anti-Spyware: Norton 360 disabled (Outdated) Firewall: Norton 360 disabled Default Browser: Firefox 25.0.1 Internet Explorer Version: 10.0.9200.16686 Mozilla Firefox version: 25.0.1 (x86 en-US) Opera Browser version: 18.0.1284.49 Google Chrome version: 31.0.1650.57 Adobe Reader version: 11.0.04.63 Sun Java version: 1.7.0_45 (32-bit) Flash Player version: 11.9.900.152 Shockwave Player version: 12.0.5r146 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2013-11-21 19:00:24 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe 2013-11-21 19:00:24 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe 2013-11-21 19:00:24 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe 2013-11-21 19:00:24 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe 2013-11-21 19:00:24 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe 2013-11-20 13:37:07 A9D56A34095AB80E85AD630B8405182A 81920 ----a-w- C:\Windows\eSellerateControl350.dll 2013-11-20 13:37:07 02127FDD91FDA05FA8B201A4171CC0E2 356352 ----a-w- C:\Windows\eSellerateEngine.dll ====== C:\Users\gurpsgm\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2013-11-20 13:37:08 D5405DD640E870B1DD4F5B4BD08865BB 1122304 ----a-w- C:\Windows\SysWOW64\libeay32.dll 2013-11-20 13:37:08 8EAE03A0F0BF13AF27702E29460D7B47 274432 ----a-w- C:\Windows\SysWOW64\ssleay32.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2013-11-25 15:36:23 30855FC9634E2BC088DA663C9289A17B 57648 ----a-w- C:\Windows\Sysnative\drivers\FSPFltd2.sys 2013-11-20 13:45:21 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\Windows\Sysnative\drivers\EsgScanner.sys 2013-11-19 12:43:47 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys ====== C:\Windows\Tasks ====== 2013-11-26 21:16:41 678EA7D112E82D95BF26AC0F8885C84C 288 ----a-w- C:\Windows\Tasks\Driver Booster Update.job 2013-11-26 21:16:41 617D64DEC796AD91ABE804C73820E55C 3218 ----a-w- C:\Windows\Sysnative\Tasks\Driver Booster Scan 2013-11-26 21:16:41 4D7A0EF130A5D3E809E499FD980C9353 2566 ----a-w- C:\Windows\Sysnative\Tasks\Driver Booster Update 2013-11-20 14:52:01 FF57D8F6FBFCCE4066D9F81703A3F06A 3136 ----a-w- C:\Windows\Sysnative\Tasks\SparkTrust Registration3 2013-11-20 14:52:01 CA3CF6D3785B3DBD2A2991243F010CF5 468 ----a-w- C:\Windows\Tasks\SparkTrust Registration3.job 2013-11-20 14:51:42 4208EDC3B84FA0397433650401C0341C 478 ----a-w- C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job 2013-11-20 14:51:42 1EB8CBDEB2D1A91CDF7CF232EE0FE282 2908 ----a-w- C:\Windows\Sysnative\Tasks\SparkTrust Update Version3 Startup Task 2013-11-20 14:51:41 5AE0EE75E838763A02FCD580C6951F51 426 ----a-w- C:\Windows\Tasks\SparkTrust Update Version3.job 2013-11-20 14:51:41 0450D4866B5ADD3128FA3E48EB5BF542 3244 ----a-w- C:\Windows\Sysnative\Tasks\SparkTrust Update Version3 2013-11-20 14:51:40 EAE72F3D823C328BA0D228434FDF4303 3448 ----a-w- C:\Windows\Sysnative\Tasks\SparkTrust PC Cleaner Plus 2013-11-20 14:51:40 2A3DD257EDE4E9F9D4ED47A9EFB32540 526 ----a-w- C:\Windows\Tasks\SparkTrust PC Cleaner Plus.job 2013-11-19 11:38:56 BB8058EC5E4EF3BC0EC31417B52D2CDB 3684 ----a-w- C:\Windows\Sysnative\Tasks\PCHB_gurpsgm_PCHealthBoost_RM 2013-11-19 11:38:55 DAFC340B34FA925E2CFA81C91889F51E 3684 ----a-w- C:\Windows\Sysnative\Tasks\PCHB_gurpsgm_PCHealthBoost_RN 2013-11-19 11:38:55 80C4F48BE37D53644F9B4443E4642EAE 3684 ----a-w- C:\Windows\Sysnative\Tasks\PCHB_gurpsgm_PCHealthBoost_UP 2013-11-19 11:38:52 088033A865A6530018ACECF0E10C6157 3874 ----a-w- C:\Windows\Sysnative\Tasks\PCHB_gurpsgm_PCHealthBoost_RS 2013-11-19 11:38:36 2559AC1F969219EC72ADE3FDA93A805B 3878 ----a-w- C:\Windows\Sysnative\Tasks\PCHB_WaitAndStartAfter 2013-11-12 14:46:11 912362859EE4A3AD78747489DC4D7785 2854 ----a-w- C:\Windows\Sysnative\Tasks\ASC7_SkipUac_gurpsgm ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-11-22 21:49:06 -------- dc----w- C:\Program Files\Wireshark 2013-11-20 13:45:13 -------- dc----w- C:\Program Files\Enigma Software Group ======= C:\PROGRA~2 ===== 2013-11-24 21:40:52 -------- d-----w- C:\PROGRA~2\True Sword 5 2013-11-24 21:39:59 -------- d-----w- C:\PROGRA~2\Active Shield 5 2013-11-22 22:00:59 -------- d-----w- C:\PROGRA~2\mIRC 2013-11-22 11:52:02 -------- d-----w- C:\PROGRA~2\ERUNT 2013-11-20 14:51:39 -------- d-----w- C:\PROGRA~2\COMMON~1\SparkTrust 2013-11-20 13:37:07 -------- d-----w- C:\PROGRA~2\Spigot Removal Tool 2013-11-19 16:10:06 -------- d-----w- C:\PROGRA~2\Virtual Mechanics 2013-11-12 17:37:27 -------- d-----w- C:\PROGRA~2\Kyodai Mahjongg 2006 2013-11-11 03:58:38 -------- d-----w- C:\PROGRA~2\Alchemy Mindworks 2013-11-08 00:51:16 -------- d-----w- C:\PROGRA~2\Metacreator Demo 2013-11-02 20:52:37 -------- d-----w- C:\PROGRA~2\The Witcher 2 ======= C: ===== ====== C:\Users\gurpsgm\AppData\Roaming ====== 2013-11-30 23:30:48 -------- d-----w- C:\Users\gurpsgm\AppData\Local\Opera 2013-11-30 23:30:46 -------- d-----w- C:\Users\gurpsgm\AppData\Locallow\SecurePlugin 2013-11-30 23:30:14 -------- d-----w- C:\Users\gurpsgm\AppData\Roaming\OpenOffice.org 2013-11-30 23:30:11 -------- d-----w- C:\Users\gurpsgm\AppData\Roaming\Product_PT 2013-11-30 23:30:08 -------- d-----w- C:\Users\gurpsgm\AppData\Roaming\Real 2013-11-25 15:36:23 -------- d-----w- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Lockbox 2013-11-25 11:57:51 -------- d-----w- C:\Users\gurpsgm\AppData\Roaming\Thunderbird 2013-11-25 11:57:51 -------- d-----w- C:\Users\gurpsgm\AppData\Local\Thunderbird 2013-11-24 17:08:21 -------- d-----w- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2013-11-24 17:04:31 -------- d-----w- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2013-11-23 12:02:52 -------- d-----w- C:\Users\gurpsgm\AppData\Local\NPE 2013-11-22 22:01:00 -------- d-----w- C:\Users\gurpsgm\AppData\Roaming\mIRC 2013-11-21 19:31:14 -------- d-----w- C:\Users\Default\AppData\Local\temp 2013-11-21 19:31:14 -------- d-----w- C:\Users\Default User\AppData\Local\temp 2013-11-20 13:45:14 -------- d-----w- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2013-11-19 16:11:15 -------- d-----w- C:\Users\gurpsgm\AppData\Roaming\Virtual Mechanics 2013-11-12 18:30:08 -------- d-----w- C:\Users\gurpsgm\AppData\Local\WhiteListing 2013-11-12 12:58:19 -------- d-----w- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Metacreator 2013-11-11 03:58:40 -------- d-----w- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alchemy Mindworks 2013-11-06 11:00:57 -------- d-----w- C:\Users\gurpsgm\AppData\Locallow\AdbPlugin ====== C:\Users\gurpsgm ====== 2013-11-26 21:16:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2013-11-24 21:40:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Sword 5 2013-11-24 21:40:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active Shield 5 2013-11-24 17:10:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon 2013-11-22 22:06:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3 2013-11-22 22:03:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2013-11-22 22:01:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC 2013-11-22 11:52:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2013-11-20 13:37:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spigot Removal Tool 2013-11-19 16:11:15 -------- d-----w- C:\ProgramData\Virtual Mechanics 2013-11-13 12:24:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vocation 2013-11-13 12:23:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transits 2013-11-13 12:23:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TNA_db 2013-11-13 12:22:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SE_Triple_Aspects 2013-11-13 12:22:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SE_Quadruple_Aspects 2013-11-13 12:22:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SE_Aspectarian 2013-11-13 12:21:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AstroWin 2013-11-13 12:19:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astro123 2013-11-12 17:37:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kyodai Mahjongg 2006 2013-11-12 14:46:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller 2013-11-12 14:46:31 -------- d-----w- C:\ProgramData\ProductData 2013-11-12 14:46:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7 2013-11-12 13:11:30 -------- d-----w- C:\Users\gurpsgm\Metacreator 2013-11-11 03:58:37 -------- d-----w- C:\ProgramData\Alchemy Mindworks 2013-11-08 00:51:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metacreator Demo 2013-11-05 18:35:25 -------- d-sh--w- C:\ProgramData\DSS 2013-11-05 13:36:30 -------- d-----w- C:\ProgramData\LightScribe 2013-11-02 21:24:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2 ====== C: exe-files == 2013-11-25 15:39:46 17081E293449814BB8CF7A9EBBA52CC6 1176864 -c--a-w- C:\Program Files\My Lockbox\unins000.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Norton Download Manager{NF2809-PROD-FSD3202}"="C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe /m" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\iolo\System Mechanic\startup manager\configuration\Disabled\registry\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "BingDesktop"="C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey" "LogitechQuickCamRibbon"="C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe /hide" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Screenshot Captor"="C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe /autorun" "Steam"="C:\Program Files (x86)\Steam\steam.exe -silent" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Norton Download Manager{NF2809-PROD-FSD3202}"="C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe /m" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nmapp"="C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe -autorun -nosplash" "EMET Notifier"="C:\Program Files (x86)\EMET (Tech Preview)\EMET_notifier.exe" "Google Desktop Search"="C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe /startup" "SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" "RegZooka Scheduler"="C:\Program Files (x86)\RegZooka\RegZookaScheduler.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Screenshot Captor"="C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe /autorun" "Steam"="C:\Program Files (x86)\Steam\steam.exe -silent" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" "ProfilerU"="C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" "IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" "SaiVolume"="C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "mylbx"="C:\Program Files\My Lockbox\mylbx.exe /a" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "item"="Adobe Reader Speed Launcher" "hkey"="HKLM" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackupManagerTray] "command"="\"C:\\Program Files (x86)\\NewTech Infosystems\\Gateway MyBackup\\BackupManagerTray.exe\" -h -k" "item"="BackupManagerTray" "hkey"="HKLM" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cltmng.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Hotkey Utility] "command"="C:\\Program Files (x86)\\Gateway\\Hotkey Utility\\HotkeyUtility.exe" "item"="Hotkey Utility" "hkey"="HKLM" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC] "item"="StartCCC" "hkey"="HKLM" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\THX Audio Control Panel] "command"="\"C:\\Program Files (x86)\\Creative\\THX TruStudio PC\\THXAudioCP\\THXAudio.exe\" /r" "item"="THX Audio Control Panel" "hkey"="HKLM" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdReg] "command"="C:\\Windows\\UpdReg.EXE" "item"="UpdReg" "hkey"="HKLM" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acrobat Assistant 8.0] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ActiveShield5.exe] "command"="C:\\Program Files (x86)\\Active Shield 5\\ActiveShield5.exe" "item"="ActiveShield5.exe" "hkey"="HKCU" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "command"="c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\adobearm.exe" "hkey"="HKLM" "item"="Adobe ARM" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AmazonGSDownloaderTray] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer] "command"="c:\\program files (x86)\\cyberlink\\power2go\\clmlsvc.exe" "hkey"="HKLM" "item"="CLMLServer" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cltmng.exe] "item"="cltmng.exe" "hkey"="HKCU" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DBAgent] "command"="\"c:\\program files (x86)\\seagate\\seagate dashboard 2.0\\dbagent.exe\" /winstart" "hkey"="HKLM" "item"="DBAgent" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXMediaServer] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Eraser] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "command"="\"C:\\Users\\gurpsgm\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" "hkey"="HKCU" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\icq] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelTBRunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM] "command"="c:\\programdata\\flexnet\\connect\\11\\isuspm.exe -scheduler" "hkey"="HKCU" "item"="ISUSPM" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MobileDocuments] "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MobileDocuments" "hkey"="HKCU" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nmctxth] "command"="c:\\program files (x86)\\common files\\pure networks shared\\platform\\nmctxth.exe" "hkey"="HKLM" "item"="nmctxth" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Pando Media Booster] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Pando Media Booster" "command"="c:\\program files (x86)\\pando networks\\media booster\\pmb.exe" "hkey"="HKCU" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Seagate.Dashboard.Uploader.exe] "command"="C:\\Program Files (x86)\\Seagate\\Seagate Dashboard 2.0\\Seagate.Dashboard.Uploader.exe" "item"="Seagate.Dashboard.Uploader.exe" "hkey"="HKCU" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "command"="c:\\program files (x86)\\common files\\java\\java update\\jusched.exe" "hkey"="HKLM" "item"="SunJavaUpdateSched" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe] "hkey"="HKLM" "item"="TkBellExe" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UnlockerAssistant] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uploader] "command"="c:\\program files (x86)\\seagate\\seagate dashboard 2.0\\seagate.dashboard.uploader.exe" "hkey"="HKCU" "item"="Uploader" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent.exe] "command"="\"C:\\Users\\gurpsgm\\AppData\\Roaming\\uTorrent\\uTorrent.exe\"" "item"="uTorrent.exe" "hkey"="HKCU" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Xvid] "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Xvid" "command"="C:\\Program Files (x86)\\Xvid\\CheckUpdate.exe" "hkey"="HKCU" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AML Device Install.lnk] "item"="AML Device Install" "backupExtension"=".CommonStartup" "command"="C:\\Program Files (x86)\\AMD AVT\\bin\\kdbsync.exe aml" "backup"="C:\\Windows\\pss\\AML Device Install.lnk.CommonStartup" ==== Startup Folders ====================== 2013-02-04 00:40:23 2022 ----a-w- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnyTime.lnk 2013-11-21 17:38:06 1310 ----a-w- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11/16/2013 11:52] C:\Windows\tasks\Driver Booster Update.job --a------ C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [11/04/2013 11:01] C:\Windows\tasks\FreeFileViewerUpdateChecker.job --a------ C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [03/25/2013 17:24] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/05/2010 15:27] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/05/2010 15:27] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2751017530-556950238-3992346484-1000Core.job --a------ C:\Users\gurpsgm\AppData\Local\Google\Update\GoogleUpdate.exe [08/02/2011 10:46] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2751017530-556950238-3992346484-1000UA.job --a------ C:\Users\gurpsgm\AppData\Local\Google\Update\GoogleUpdate.exe [08/02/2011 10:46] C:\Windows\tasks\Norton Security Scan for gurpsgm.job --ah----- C:\PROGRA2\Norton Security Scan\Engine\4.0.3.24\Nss.exe [] C:\Windows\tasks\SparkTrust PC Cleaner Plus.job --a------ C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe [] C:\Windows\tasks\SparkTrust Registration3.job --a------ C:\Windows\system32\rundll32FC:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll [] C:\Windows\tasks\SparkTrust Update Version3 Startup Task.job --a------ C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe [09/11/2013 18:41] C:\Windows\tasks\SparkTrust Update Version3.job --a------ C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe [09/11/2013 18:41] C:\Windows\tasks\WpsUpdateTask_gurpsgm.job --a------ C:FC:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\ASC7_SkipUac_gurpsgm" [C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe /SkipUac] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files (x86)\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\Driver Booster Scan" [C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe] "C:\Windows\SysNative\tasks\Driver Booster Update" [C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe] "C:\Windows\SysNative\tasks\FreeFileViewerUpdateChecker" [C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe] "C:\Windows\SysNative\tasks\Game_Booster_AutoUpdate" [C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2751017530-556950238-3992346484-1000Core" [C:\Users\gurpsgm\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2751017530-556950238-3992346484-1000UA" [C:\Users\gurpsgm\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\gurpsgm DBAgent 2 0" ["C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe"] "C:\Windows\SysNative\tasks\Norton Security Scan for gurpsgm" [C:\PROGRA~2\Norton Security Scan\Engine\4.0.3.24\Nss.exe] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\WSCStub.exe"] "C:\Windows\SysNative\tasks\PCHB_gurpsgm_PCHealthBoost_RM" ["C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe"] "C:\Windows\SysNative\tasks\PCHB_gurpsgm_PCHealthBoost_RN" ["C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe"] "C:\Windows\SysNative\tasks\PCHB_gurpsgm_PCHealthBoost_RS" ["C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe"] "C:\Windows\SysNative\tasks\PCHB_gurpsgm_PCHealthBoost_UP" ["C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe"] "C:\Windows\SysNative\tasks\PCHB_WaitAndStartAfter" ["C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe"] "C:\Windows\SysNative\tasks\ProgramRefresh-ATFST" [C:\Program Files (x86)\File Type Assistant\tsasetup.exe] "C:\Windows\SysNative\tasks\ProgramUpdateCheck" [C:\Program Files (x86)\File Type Assistant\TSAssist.exe] "C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2751017530-556950238-3992346484-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2751017530-556950238-3992346484-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-2751017530-556950238-3992346484-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-2751017530-556950238-3992346484-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\Reimage Reminder" ["C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe"] "C:\Windows\SysNative\tasks\Seagate_Install_Launch" [C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\SlimCleaner Run" ["C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe"] "C:\Windows\SysNative\tasks\SparkTrust PC Cleaner Plus" [C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe] "C:\Windows\SysNative\tasks\SparkTrust Registration3" [C:\Windows\system32\rundll32.exe "C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns] "C:\Windows\SysNative\tasks\SparkTrust Update Version3" [C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe] "C:\Windows\SysNative\tasks\SparkTrust Update Version3 Startup Task" [C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{21B4E9D4-6B39-431A-BA29-EF6281D6E976}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\WpsUpdateTask_gurpsgm" [C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe] "C:\Windows\SysNative\tasks\{1E2DF568-C6F3-47A0-9E95-A8122C3D839E}" [D:\autorun.exe] "C:\Windows\SysNative\tasks\{72217564-44FF-4AE7-82AC-B4662CA68FBA}" [C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest\LaunchPad.exe] "C:\Windows\SysNative\tasks\{7F385FFC-F136-4F35-B60E-036455BD4BEE}" [C:\Users\gurpsgm\Documents\Downloads\sm_dm.exe] "C:\Windows\SysNative\tasks\{A9843C85-E4C4-4086-AFE7-9042C714F914}" [D:\autorun.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\Norton 360\Norton Error Analyzer" [C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe] "C:\Windows\SysNative\tasks\Norton 360\Norton Error Processor" [C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Identity Safe\Norton Error Analyzer" [C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Identity Safe\Norton Error Processor" [C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Management\Norton Error Analyzer" [C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Management\Norton Error Processor" [C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Zone\Norton Error Analyzer" [C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Zone\Norton Error Processor" [C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\SymErr.exe] "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"] "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe"] "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe"] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\IPSFF" [10/09/2013 12:10] ==== Firefox Extensions ====================== ProfilePath: C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\8ckfqq5x.default-1384954388521 - Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\coFFPlgn ProfilePath: C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\svdcl1jg.default-1357467556136 - Undetermined - %ProfilePath%\extensions\ascsurfingprotection@iobit.com - Undetermined - %ProfilePath%\extensions\ffxtlbr@zonealarm.com - Undetermined - %ProfilePath%\extensions\speeddial@instair.net - Undetermined - %ProfilePath%\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3} AppDir: C:\Program Files (x86)\Mozilla Firefox - Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\8ckfqq5x.default-1384954388521 EE8D96E7899D12FC3AA5DB2034C0853C - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll - Shockwave Flash 68BCBB241EF254BC5100D9E6C06ECC71 - C:\Users\gurpsgm\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator 99FE6AFE80EB7FE3EEB75DC504A326A3 - C:\Users\gurpsgm\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer AF42019A3B0EDBFA6878F75B9377A792 - C:\Users\gurpsgm\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin C2321043FA2CA4C32FF449DE6116B5D9 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll - Shockwave for Director / Shockwave for Director CFAF7B67C78D09D79688AEDCA3D090E2 - C:\Users\gurpsgm\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll - Google Update C5322029C67AD8D38311FABEEAB4E595 - C:\Users\gurpsgm\Music\Winamp Detect\npwachk.dll - Winamp Application Detector 4C07B5286D129DFD25C24B4A31B9B888 - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll - Happy Cloud Plugin 71B61A08992B0F895288CAAB2B43E3F7 - C:\Users\gurpsgm\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player B70509F8ABCBE6B75AE0976A969CDE8F - C:\Users\gurpsgm\AppData\LocalLow\Square Enix\nprun3d.dll - Square Enix Secure Launcher 87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bejbohlohkkgompgecdcbbglkpjfjgdj - No path found[] jcjcincggeadfpomfcpgpfnedgakccji - No path found[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[10/09/2013 09:59] lipgolpfajiadodbcbljdpmbmbdmfcil - C:\Users\gurpsgm\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx[] mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\Exts\Chrome.crx[10/05/2013 22:26] nfengeggddojhakldhlpjdlddgkkjkdd - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx[10/12/2013 13:04] nppllibpnmahfaklnpggkibhkapjkeob - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions lipgolpfajiadodbcbljdpmbmbdmfcil - C:\Users\gurpsgm\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx[] Google Docs - gurpsgm - Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - gurpsgm - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Shortcuts for Google\u2122 - gurpsgm - Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd YouTube - gurpsgm - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Spotify - Music for every moment - gurpsgm - Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh Google Search - gurpsgm - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Facebook for Chrome - gurpsgm - Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp StumbleUpon - gurpsgm - Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg eBay Extension for Google Chrome\u2122 - gurpsgm - Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck Wikipedia - gurpsgm - Default\Extensions\lpofdaeejlpkojmbchffjakgmkfigjba WeatherBug - gurpsgm - Default\Extensions\njkkjobcechefaoknodniidfjapgfoco Google Wallet - gurpsgm - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Lyrics for Google Chrome\u2122 - gurpsgm - Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek Gmail - gurpsgm - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek deleted successfully C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oglbipcbkmlknhfhabolnniekmlhfoek_0.localstorage deleted successfully C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oglbipcbkmlknhfhabolnniekmlhfoek_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.yahoo.com/?type=293224&fr=spigot-yhp-ie" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {8293C2B2-E7B8-44BE-82D1-DCEF01778D8C} Yahoo//search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}" ==== Reset Google Chrome ====================== C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jcjcincggeadfpomfcpgpfnedgakccji deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeob deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonGSDownloaderTray deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cltmng.exe deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelTBRunOnce deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent.exe deleted successfully ==== HijackThis Entries ====================== O2 - BHO: Send to MyInfo (Attachment) - {4DBB4D17-C65B-4868-8E9C-7779FB3DDA27} - C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfoAttachment.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Send to MyInfo - {A1AD13F3-B8F0-4584-8088-8BCBDB42663F} - C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfo.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [EMET Notifier] C:\Program Files (x86)\EMET (Tech Preview)\EMET_notifier.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" O4 - HKLM\..\Run: [RegZooka Scheduler] C:\Program Files (x86)\RegZooka\RegZookaScheduler.exe O4 - HKCU\..\Run: [screenshot Captor] "C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe" /autorun O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKUS\S-1-5-18\..\Run: [Norton Download Manager{NF2809-PROD-FSD3202}] C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe /m (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Norton Download Manager{NF2809-PROD-FSD3202}] C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe /m (User 'Default user') O4 - Startup: AnyTime.lnk = C:\Program Files (x86)\AnyTime Organizer Premier\ISI Launcher.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: MRI_DISABLED O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm (file missing) O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Send to MyInfo (Attachment) - {F0D6B094-D85E-4EDB-81EE-971A684343AB} - C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfoAttachment.dll O9 - Extra 'Tools' menuitem: Send to MyInfo (Attachment) - {F0D6B094-D85E-4EDB-81EE-971A684343AB} - C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfoAttachment.dll O9 - Extra button: Send to MyInfo - {f192ebcd-82e5-11da-954e-00e08161165f} - C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfo.dll O9 - Extra 'Tools' menuitem: Send to MyInfo - {f192ebcd-82e5-11da-954e-00e08161165f} - C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfo.dll O9 - Extra button: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\gurpsgm\AppData\Roaming\ICQM\icq.exe (HKCU) O9 - Extra 'Tools' menuitem: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\gurpsgm\AppData\Roaming\ICQM\icq.exe (HKCU) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.clonewarsadventures.com O15 - Trusted Zone: *.freerealms.com O15 - Trusted Zone: *.soe.com O15 - Trusted Zone: *.sony.com O16 - DPF: vzTCPConfig - http://my.verizon.com/services/SpeedOptimizer/HSI/vzTCPConfig.CAB O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Unknown owner - (no file) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Norton Management (MCLIENT) - Symantec Corporation - C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe O23 - Service: Norton Zone (NZ) - Symantec Corporation - C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: Seagate Dashboard Services - Seagate Technology LLC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe O23 - Service: Active Shield Service (ServiceAS) - Security Stronghold - C:\Program Files (x86)\Active Shield 5\ActiveShieldService.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\Enigma Software Group\SpyHunter\SH4Service.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe O23 - Service: True Sword 5 Scheduler (TrueSwordSchedulerService) - Unknown owner - C:\Program Files (x86)\True Sword 5\TrueSwordSchedule.exe O23 - Service: Intel® Turbo Boost Technology Monitor 2.6 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer Group - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe O23 - Service: USBS3S4Detection - Unknown owner - C:\OEM\USBDECTION\USBS3S4Detection.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\Windows\System32\Drivers\WTSRV.EXE (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} Screenshot Captor = "C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe" /autorun [DonationCoder] Steam = "C:\Program Files (x86)\Steam\steam.exe" -silent [Valve Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} Verizon_McciTrayApp = "C:\Program Files\Verizon\McciTrayApp.exe" [Alcatel-Lucent] ProfilerU = C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [saitek] IAAnotif = C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [intel Corporation] SaiVolume = C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe [saitek] RTHDVCPL = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor] mylbx = C:\Program Files\My Lockbox\mylbx.exe /a [FSPro Labs] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++} nmapp = "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash [Cisco Systems, Inc.] EMET Notifier = C:\Program Files (x86)\EMET (Tech Preview)\EMET_notifier.exe [null data] Google Desktop Search = "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup [Google] SDTray = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [safer-Networking Ltd.] RegZooka Scheduler = C:\Program Files (x86)\RegZooka\RegZookaScheduler.exe [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {10921475-03CE-4E04-90CE-E2E7EF20C814}\(Default) = ExplorerWnd Helper -> {HKLM...CLSID} = ExplorerWnd Helper \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [iObit] {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = Norton Identity Protection -> {HKLM...CLSID} = Norton Identity Protection \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll [symantec Corporation] -> {HKLM...Wow...CLSID} = Norton Identity Protection \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll [symantec Corporation] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] -> {HKLM...Wow...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.] -> {HKLM...Wow...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] {d2ce3e00-f94a-4740-988e-03dc2f38c34f}\(Default) = (no title provided) -> {HKLM...CLSID} = Bing Bar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\amd64\BingExt.dll [Microsoft Corporation.] -> {HKLM...Wow...CLSID} = Bing Bar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll [Microsoft Corporation.] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {4DBB4D17-C65B-4868-8E9C-7779FB3DDA27}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Send to MyInfo (Attachment) \InProcServer32\(Default) = C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfoAttachment.dll [Milenix Software Ltd.] {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = Norton Identity Protection -> {HKLM...CLSID} = Norton Identity Protection \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll [symantec Corporation] -> {HKLM...Wow...CLSID} = Norton Identity Protection \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll [symantec Corporation] {6D53EC84-6AAE-4787-AEEE-F4628F01010C}\(Default) = Norton Vulnerability Protection -> {HKLM...Wow...CLSID} = Norton Vulnerability Protection \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.DLL [symantec Corporation] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Java Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] -> {HKLM...Wow...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {A1AD13F3-B8F0-4584-8088-8BCBDB42663F}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Send to MyInfo \InProcServer32\(Default) = C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfo.dll [Milenix Software Ltd.] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.] -> {HKLM...Wow...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] {AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Adobe PDF Conversion Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe Systems Incorporated] {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Advanced SystemCare Browser Protection \InProcServer32\(Default) = C:\PROGRA~2\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [iObit] {d2ce3e00-f94a-4740-988e-03dc2f38c34f}\(Default) = (no title provided) -> {HKLM...CLSID} = Bing Bar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\amd64\BingExt.dll [Microsoft Corporation.] -> {HKLM...Wow...CLSID} = Bing Bar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll [Microsoft Corporation.] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Java Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation] {F4971EE7-DAA0-4053-9964-665D8EE6A077}\(Default) = SmartSelect -> {HKLM...Wow...CLSID} = SmartSelect Class \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe Systems Incorporated] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -> {HKCU...CLSID} = UpToDateOverlayHandler Class \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll [MS] SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -> {HKCU...CLSID} = SyncingOverlayHandler Class \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll [MS] SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524} -> {HKCU...CLSID} = ErrorOverlayHandler Class \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll [MS] 1NZOverlayExcluded\(Default) = {32427327-aea5-4bef-811a-b1bd00daf4b4} -> {HKLM...CLSID} = NZOverlayExcluded Class \InProcServer32\(Default) = C:\Program Files (x86)\Norton Zone\Engine64\1.0.15.13\NZOvrlay.dll [symantec Corporation] 1NZOverlayPending\(Default) = {2cfec48b-08ec-4361-8575-7c0da17ab7a5} -> {HKLM...CLSID} = NZOverlayPending Class \InProcServer32\(Default) = C:\Program Files (x86)\Norton Zone\Engine64\1.0.15.13\NZOvrlay.dll [symantec Corporation] 1NZOverlaySynced\(Default) = {a9e700bc-92b0-403e-96b3-b87b06ff9d3a} -> {HKLM...CLSID} = NZOverlaySynced Class \InProcServer32\(Default) = C:\Program Files (x86)\Norton Zone\Engine64\1.0.15.13\NZOvrlay.dll [symantec Corporation] DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.] DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.] DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.] DropboxExt4\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.] GDriveBlacklistedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google] GDriveSharedEditOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google] GDriveSharedViewOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google] GDriveSyncedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google] GDriveSyncingOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google] OverlayExcluded\(Default) = {4433A54A-1AC8-432F-90FC-85F045CF383C} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\buShell.dll [symantec Corporation] OverlayPending\(Default) = {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\buShell.dll [symantec Corporation] OverlayProtected\(Default) = {476D0EA3-80F9-48B5-B70B-05E677C9C148} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\buShell.dll [symantec Corporation] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -> {HKCU...Wow...CLSID} = UpToDateOverlayHandler Class \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [MS] SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -> {HKCU...Wow...CLSID} = SyncingOverlayHandler Class \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [MS] SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524} -> {HKCU...Wow...CLSID} = ErrorOverlayHandler Class \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [MS] DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...Wow...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.] DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...Wow...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.] DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...Wow...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.] HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.] {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.] {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.] {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {44176360-2BBF-4EC1-93CE-384B8681A0BC} = SDECon64 -> {HKLM...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [safer-Networking Ltd.] {A6FF0E3A-8437-482C-8E04-4F9E15C57538} = UnLockerMenu -> {HKLM...CLSID} = UnLockerMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [iObit] {1F77B17B-F531-44DB-ACA4-76ABB5010A28} = AIMP ShellExt Unit -> {HKLM...CLSID} = AIMP ShellExt Unit \InProcServer32\(Default) = C:\Program Files (x86)\AIMP3\Modules\aimp_menu64.dll [AIMP DevTeam] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {44176360-2BBF-4EC1-93CE-384B8681A0BC} = SDECon32 -> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [safer-Networking Ltd.] {1F77B17B-F531-44DB-ACA4-76ABB5010A28} = AIMP ShellExt Unit -> {HKLM...Wow...CLSID} = AIMP ShellExt Unit \InProcServer32\(Default) = C:\Program Files (x86)\AIMP3\Modules\aimp_menu32.dll [AIMP DevTeam] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <<!>> pure-go\CLSID = {4746C79A-2042-4332-8650-48966E44ABA8} -> {HKLM...CLSID} = CPureGoProtoInfo Object \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll [Cisco Systems, Inc.] <<!>> skype-ie-addon-data\CLSID = {91774881-D725-4E58-B298-07617B9B86A8} -> {HKLM...CLSID} = Skype IE add-on Pluggable Protocol \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [skype Technologies S.A.] HKCU\Software\Classes\*\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.] -> {HKCU...Wow...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} -> {HKLM...CLSID} = Acrobat Elements Context Menu \InProcServer32\(Default) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [Adobe Systems Inc.] -> {HKLM...Wow...CLSID} = Acrobat Elements Context Menu \InProcServer32\(Default) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll [Adobe Systems Inc.] Advanced SystemCare\(Default) = {2803063F-4B8D-4dc6-8874-D1802487FE2D} -> {HKLM...CLSID} = CExtMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCExtMenu_64.dll [iObit] AIMP\(Default) = {1F77B17B-F531-44DB-ACA4-76ABB5010A28} -> {HKLM...CLSID} = AIMP ShellExt Unit \InProcServer32\(Default) = C:\Program Files (x86)\AIMP3\Modules\aimp_menu64.dll [AIMP DevTeam] -> {HKLM...Wow...CLSID} = AIMP ShellExt Unit \InProcServer32\(Default) = C:\Program Files (x86)\AIMP3\Modules\aimp_menu32.dll [AIMP DevTeam] ANotepad++64\(Default) = {B298D29A-A6ED-11DE-BA8C-A68E55D89593} -> {HKLM...CLSID} = ANotepad++64 \InProcServer32\(Default) = C:\Program Files (x86)\Notepad++\NppShell_05.dll [null data] BitZipper32\(Default) = {D5906221-A717-479B-9B49-CD848F9CE816} -> {HKLM...CLSID} = BZShlExtImpl Class \InProcServer32\(Default) = C:\Program Files (x86)\BitZipper\BZShlExt64.dll [bitberry Software] -> {HKLM...Wow...CLSID} = BZShlExtImpl Class \InProcServer32\(Default) = C:\Program Files (x86)\BitZipper\BZShlExt.dll [bitberry Software] BitZipper64\(Default) = {9176020F-4A61-4F57-A133-258110EBC765} -> {HKLM...CLSID} = BitZipper64 \InProcServer32\(Default) = C:\Program Files (x86)\BitZipper\BZShlExt64.dll [bitberry Software] BUContextMenu\(Default) = {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\buShell.dll [symantec Corporation] Eraser\(Default) = {BC9B776A-90D7-4476-A791-79D835F30650} -> {HKLM...CLSID} = Eraser Shell Extension \InProcServer32\(Default) = "C:\PROGRA~1\Eraser\Eraser.Shell.dll" [The Eraser Project] Foxit_ConvertToPDF_Reader\(Default) = {A94757A0-0226-426F-B4F1-4DF381C630D3} -> {HKLM...CLSID} = ConvertToPDF Class \InProcServer32\(Default) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [Foxit Corporation] GDContextMenu\(Default) = {BB02B294-8425-42E5-983F-41A1FA970CD6} -> {HKLM...CLSID} = GDContextMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\contextmenu64.dll [Google]
  15. OTL Log for 12-02-2013: All processes killed ========== OTL ========== HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}\ not found. Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to remove the default_search_provider items. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: gurpsgm ->Temp folder emptied: 17110 bytes ->Temporary Internet Files folder emptied: 250898 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 4366273 bytes ->Google Chrome cache emptied: 6586036 bytes ->Flash cache emptied: 21009 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 262144 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 11.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12022013_080618 Files\Folders moved on Reboot... C:\Users\gurpsgm\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Windows\temp\fb_3796.lck not found! PendingFileRenameOperations files... Registry entries deleted on Reboot...
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.