gurpsgm
Honorary Members-
Posts
35 -
Joined
-
Last visited
Reputation
0 Neutral-
Hi! If I install Malware Bytes at all, it removes Total AV from my system without my permission. If I attempt to reinstall Total AV, it removes Malware Bytes. I can remember these two programs working together without any hitches. What happened? Bruce
-
OK - it's been three days now, and I haven't seen a hair of "Spigot". I'm still not quite 100% convinced this monster has been vanquished, but so far, the dragon appears dead. Bruce
-
As far as "Spigot" is concerned, it probably will do its usual trick of hiding until after shutdown and restart in AM. This is one of the major reasons I think it's stuck in Registry.
-
BTW, even "Advanced System Care" (a IO bit product) has been removed. I also got rid of the other IObit programs, including: "Driver Booster", "IO Bit Uninstall", and at least one other IObit program. For some reason or other, something deleted my "Regzooka" program, and maybe a couple others. I also did some cleanup on other programs and files I did not want anymore.... Bruce
-
2nd log info: # AdwCleaner v3.014 - Report created 09/12/2013 at 18:04:04 # Updated 01/12/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : gurpsgm - GURPSGM-PC # Running from : C:\Users\gurpsgm\Documents\Bruce\Computer\Problems\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\gurpsgm\AppData\Local\NativeMessaging Folder Deleted : C:\Users\gurpsgm\AppData\Local\WhiteListing Folder Deleted : C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\svdcl1jg.default-1357467556136\Extensions\1gffxtbr@InboxAce_1g.com Folder Deleted : C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\svdcl1jg.default-1357467556136\Extensions\speeddial@instair.net File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task File Deleted : C:\Windows\System32\Tasks\SpyHunter4Startup ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS Key Deleted : HKCU\Software\AppDataLow\Toolbar ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16686 -\\ Mozilla Firefox v25.0.1 (en-US) [ File : C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\8ckfqq5x.default-1384954388521\prefs.js ] [ File : C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\svdcl1jg.default-1357467556136\prefs.js ] ************************* AdwCleaner[R4].txt - [1718 octets] - [09/12/2013 18:03:08] AdwCleaner[s4].txt - [1663 octets] - [09/12/2013 18:04:04] ########## EOF - C:\AdwCleaner\AdwCleaner[s4].txt - [1723 octets] ##########
-
Here's one log: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.09.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 gurpsgm :: GURPSGM-PC [administrator] 12/9/2013 13:56:48 mbam-log-2013-12-09 (13-56-48).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 637665 Time elapsed: 3 hour(s), 12 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SOFTWARE\Connect_DLC_2 (PUP.Optional.Conduit) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Program Files (x86)\Connect_DLC_2 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. Files Detected: 11 C:\Users\gurpsgm\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Downloads\00AE80DA52739B8A711FA497A7CB08E5B900000000007EABB0.exe (Adware.KorAd) -> Quarantined and deleted successfully. C:\Users\gurpsgm\AppData\Roaming\Auslogics\Rescue\Boost Speed\131110062556138.rsc (PUP.Optional.Installcore) -> Quarantined and deleted successfully. C:\Windows\Installer\c8a387.msi (PUP.Optional.SmartBar.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Connect_DLC_2\GottenAppsContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Connect_DLC_2\hk64tbConn.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Connect_DLC_2\hktbConn.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Connect_DLC_2\OtherAppsContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Connect_DLC_2\prxtbConn.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Connect_DLC_2\SharedAppsContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Connect_DLC_2\toolbar.cfg (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Program Files (x86)\Connect_DLC_2\ToolbarContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. (end)
-
I know you're probably not going to belive this, but, here's the total log I got from Zoek this time: ==== After Reboot ====================== ==== EOF on Mon 12/09/2013 at 8:32:38.78 ======================
-
Hi! Just a bit of clarification: I de-installed: Raptr Trillian BingBar but which part(s) of IO Bit do I have to uninstall? I have several, including one or more I bought.... Bruce
-
OK - here's that log file.... SystemLook 30.07.11 by jpshortstuff Log created at 06:14 on 06/12/2013 by gurpsgm Administrator - Elevation successful ========== filefind ========== Searching for "*yahoo*" C:\Program Files (x86)\IObit\Advanced SystemCare 7\Database\yahoo.xml --a---- 1096 bytes [14:46 12/11/2013] [14:46 12/11/2013] FDE8CE648EB1FCE524978664612B939A C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\apps\mail\7.3.107\images\yahoo_lg.png --a---- 1764 bytes [06:46 08/06/2013] [06:46 08/06/2013] 077CF70C44D2345DC5038F68569CABB5 C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\apps\mail\7.3.107\images\yahoo_sm.png --a---- 747 bytes [06:46 08/06/2013] [06:46 08/06/2013] 5450CF875F324850F71F242988DFD72C C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\apps\mail\7.3.107\images\notifications\mail_yahoo.png --a---- 1405 bytes [06:46 08/06/2013] [06:46 08/06/2013] F50FC4383EB60CAEF550B13C782BBEA0 C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\apps\mail\7.3.107\providers\yahoomail.json --a---- 1308 bytes [06:46 08/06/2013] [06:46 08/06/2013] D34974CBAAD4762B7B8B862953C309E7 C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml --a---- 2675 bytes [04:19 19/11/2013] [23:49 25/10/2013] 8E78527BE123043418168C6657876161 C:\Program Files (x86)\Mozilla Thunderbird\searchplugins\yahoo.xml --a---- 1251 bytes [12:39 07/04/2013] [16:39 18/11/2013] C0242349E9FFC680BF96BDE93766C585 C:\Program Files (x86)\Raptr\plugins\libyahoo.dll --a---- 506276 bytes [18:56 03/05/2013] [18:56 03/05/2013] E5CEBDFA03ED4BBF3ED850B6A1C695AF C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll --a---- 497782 bytes [18:57 03/05/2013] [18:57 03/05/2013] 945124198453A3BE23FA83DAE8A2EBEB C:\Program Files (x86)\Raptr\resources\images\yahoo_color.png --a---- 1115 bytes [07:54 27/10/2012] [07:54 27/10/2012] 93B80C5A779195C2B0B3191D519FAEBE C:\Program Files (x86)\Raptr\resources\images\yahoo_gray.png --a---- 935 bytes [07:54 27/10/2012] [07:54 27/10/2012] FBDAF7566C127BBF4D9388E475741928 C:\Program Files (x86)\Raptr\resources\images\yahoo_hover.png --a---- 1341 bytes [07:54 27/10/2012] [07:54 27/10/2012] EF9B61CAF3CE5A233D721F5624788343 C:\Program Files (x86)\Raptr\resources\images\im_icons\service_yahoo.png --a---- 1387 bytes [07:54 27/10/2012] [07:54 27/10/2012] 9F1F1F17676DB4D39349D52F8555688B C:\Program Files (x86)\Raptr\resources\images\im_icons\service_yahoo_on.png --a---- 1460 bytes [07:54 27/10/2012] [07:54 27/10/2012] E4EF853382D048B41C8C6ADC288EAC73 C:\Program Files (x86)\SeaMonkey\searchplugins\yahoo.xml --a---- 1251 bytes [03:40 31/10/2013] [01:45 14/11/2013] C0242349E9FFC680BF96BDE93766C585 C:\Program Files (x86)\Trillian\languages\en\yahoo.xml --a---- 4354 bytes [04:00 21/10/2013] [04:00 21/10/2013] 2C23E97EEFCC91E5C0BB5CC1D3C4C2C5 C:\Program Files (x86)\Trillian\plugins\yahoo.dll --a---- 611200 bytes [04:00 21/10/2013] [04:00 21/10/2013] F58AC8FC3432F9221E6556C7BA441309 C:\Program Files (x86)\Trillian\stixe\icons\Default-Services\YAHOO\Yahoo.ico --a---- 22486 bytes [04:00 19/08/2011] [04:00 19/08/2011] F73B486C3721532AEA82CE0413E7B16C C:\Program Files (x86)\Trillian\stixe\icons\Default-Services-5\YAHOO\Yahoo.ico --a---- 5430 bytes [04:00 21/10/2013] [04:00 21/10/2013] 1FACC20BDD39314CC5E1B3657C6B0FF5 C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_0\IdentitySafe\FAVICON_YAHOO.PNG --a--c- 3463 bytes [01:53 06/12/2013] [01:53 06/12/2013] 5F5FF7F525F0358F149B98276107C702 C:\Users\gurpsgm\AppData\Local\Microsoft\BingBar\Apps\Mail_15642ee020d2449d86382022aa6f2548\7.2.103\images\yahoo_lg.png --a---- 1764 bytes [23:32 30/11/2013] [23:32 30/11/2013] 077CF70C44D2345DC5038F68569CABB5 C:\Users\gurpsgm\AppData\Local\Microsoft\BingBar\Apps\Mail_15642ee020d2449d86382022aa6f2548\7.2.103\images\yahoo_sm.png --a---- 747 bytes [23:32 30/11/2013] [23:32 30/11/2013] 5450CF875F324850F71F242988DFD72C C:\Users\gurpsgm\AppData\Local\Microsoft\BingBar\Apps\Mail_15642ee020d2449d86382022aa6f2548\7.2.103\images\notifications\mail_yahoo.png --a---- 1405 bytes [23:32 30/11/2013] [23:32 30/11/2013] F50FC4383EB60CAEF550B13C782BBEA0 C:\Users\gurpsgm\AppData\Local\Microsoft\BingBar\Apps\Mail_15642ee020d2449d86382022aa6f2548\7.3.107\images\yahoo_lg.png --a---- 1764 bytes [16:22 26/09/2013] [23:32 30/11/2013] 077CF70C44D2345DC5038F68569CABB5 C:\Users\gurpsgm\AppData\Local\Microsoft\BingBar\Apps\Mail_15642ee020d2449d86382022aa6f2548\7.3.107\images\yahoo_sm.png --a---- 747 bytes [16:22 26/09/2013] [23:32 30/11/2013] 5450CF875F324850F71F242988DFD72C C:\Users\gurpsgm\AppData\Local\Microsoft\BingBar\Apps\Mail_15642ee020d2449d86382022aa6f2548\7.3.107\images\notifications\mail_yahoo.png --a---- 1405 bytes [16:22 26/09/2013] [23:32 30/11/2013] F50FC4383EB60CAEF550B13C782BBEA0 C:\Users\gurpsgm\AppData\Local\Microsoft\BingBar\Apps\Mail_15642ee020d2449d86382022aa6f2548\7.3.107\providers\yahoomail.json --a---- 1308 bytes [16:22 26/09/2013] [06:46 08/06/2013] D34974CBAAD4762B7B8B862953C309E7 C:\Users\gurpsgm\AppData\Local\Microsoft\Internet Explorer\DOMStore\4G4C0LZ9\search.yahoo[1].xml --a---- 13 bytes [15:06 01/12/2013] [15:06 01/12/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5 C:\Users\gurpsgm\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\7PDJZN75\ads.yahoo[1].xml --a---- 13 bytes [13:14 01/12/2013] [13:14 01/12/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5 C:\Users\gurpsgm\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\7PDJZN75\news.yahoo[1].xml --a---- 13 bytes [13:15 04/12/2013] [13:15 04/12/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5 C:\Users\gurpsgm\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CMEZ4IEG\search.yahoo[1].xml --a---- 13 bytes [12:51 23/11/2013] [12:51 23/11/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5 C:\Users\gurpsgm\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CMEZ4IEG\us-mg6.mail.yahoo[1].xml --a---- 13 bytes [13:13 01/12/2013] [13:13 01/12/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5 C:\Users\gurpsgm\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\PT417DNF\www.yahoo[1].xml --a---- 1923 bytes [13:13 01/12/2013] [10:51 06/12/2013] 721AA2498C2BBDB2C9168965432647AD C:\Users\gurpsgm\AppData\Roaming\ICQM\ICQ\smiles\smiles\koloboks\yahoo.gif --a---- 11103 bytes [16:59 20/03/2013] [23:30 30/11/2013] 94A2443A27934BBD57D29B93B18FD580 C:\Users\gurpsgm\AppData\Roaming\ICQM\ICQ\smiles\smiles\set03\yahoo.gif --a---- 6469 bytes [16:59 20/03/2013] [23:30 30/11/2013] 56385C4F9B151C030A0D28FE712E04B1 C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Recent\Yahoo!.lnk --a---- 11712 bytes [17:23 04/12/2013] [17:23 04/12/2013] AE68EE6405D4712F120224D610D9EE08 C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Recent\yahoo.lnk --a---- 13117 bytes [17:23 04/12/2013] [17:23 04/12/2013] F552B93368556D6B15C4BFB2E176BE68 C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\svdcl1jg.default-1357467556136\extensions\speeddial@instair.net\images\ico_yahoo.png --a---- 1861 bytes [23:30 30/11/2013] [23:30 30/11/2013] DEE7AA3B6BBC62EDA9424459B77C110F C:\Users\gurpsgm\AppData\Roaming\Trillian\plugins\image_cache\plugin-yahoo.dll.png --a---- 2686 bytes [14:55 22/03/2011] [23:30 30/11/2013] 24B85DC224BBF14249F43614D01A2DFE C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\favicons\yahoo.com.ico --a---- 318 bytes [19:13 05/12/2011] [19:13 05/12/2011] 7B10E6D43DE9352EAEFA58D9490BEAEE C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\logs\MSN\Query\jcvampire2001@yahoo.com.xml --a---- 4942 bytes [17:12 24/07/2011] [00:18 25/10/2011] 23A1A66304C390AF85B4C62E889B2621 C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\logs\_CLOUD\2012\38\yahoo-tullybyr514.xml --a---- 101 bytes [21:30 26/09/2012] [21:30 26/09/2012] F80A175EA1779C5CEA1F1EDC751BA97B C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\logs\_CLOUD\2012\39\yahoo-kippyedd580.xml --a---- 101 bytes [17:21 06/10/2012] [17:21 06/10/2012] 7F1BA67C9B43951D926151AE80C62E13 C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\logs\_CLOUD\2012\39\yahoo-shadwellujtx757449.xml --a---- 101 bytes [13:05 03/10/2012] [13:05 03/10/2012] 7F1BA67C9B43951D926151AE80C62E13 C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\logs\_CLOUD\2012\40\yahoo-stephaniemandell8917.xml --a---- 101 bytes [18:03 08/10/2012] [18:03 08/10/2012] 4450E7E8B49CFF935CE1A99E126AC618 C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\logs\_CLOUD\2012\41\yahoo-katiedorwartk288.xml --a---- 101 bytes [21:43 15/10/2012] [21:43 15/10/2012] 603F5381203E133718EFF1AEEFB39353 C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\logs\_CLOUD\2012\42\yahoo-daodoyrobison.xml --a---- 101 bytes [23:50 21/10/2012] [23:50 21/10/2012] 03238535878F19969A96425E2B0F1E88 C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\logs\_CLOUD\2012\47\yahoo-limesveronica.xml --a---- 101 bytes [17:39 27/11/2012] [17:39 27/11/2012] D304357419C070C2C4D5EEE93D3F20CA C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\userassets\hohlagh%3Atrillian%3Ayahoo%3Aavatar%3Anightandstars00 --a---- 4578 bytes [13:39 29/09/2012] [13:39 29/09/2012] AD111E82AE994AF50009505C1D03ED94 C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\userassets\hohlagh%3Atrillian%3Ayahoo%3Aavatar%3Atessa%5Fdog%5Fgirl --a---- 17267 bytes [01:38 16/09/2012] [21:30 03/12/2012] CE7FE3D1069886D5455C458DDB441341 C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\userassets\hohlagh%3Atrillian%3Ayahoo%3Ahohlagh --a---- 179 bytes [14:57 22/03/2011] [01:33 16/09/2012] 57FAB18AF3EACEFD341A3A4FC70E8180 C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\userassets\hohlagh%3Atrillian%3Ayahoo%3Ahohlagh%3Alocal --a---- 171 bytes [14:57 22/03/2011] [21:29 03/12/2012] DCD6478A157D5B95896A63BF7F998DE5 C:\Users\gurpsgm\Documents\Bruce\Old Firefox Data\svdcl1jg.default-1357467556136\searchplugins\yahoo.xml --a---- 915 bytes [13:33 20/11/2013] [16:22 16/11/2013] 468B49A9C985289D405F3ACDC13DCCFF C:\Users\gurpsgm\Documents\Sandra\mailsg04\Sandra04\28yahoo.eml --a---- 1861 bytes [20:00 30/10/2010] [20:54 30/10/2010] A66BD888F541C53924B15FB22138B65D C:\Users\gurpsgm\Documents\Sandra\mailsg06\39yahoo.txt --a---- 1829 bytes [20:00 30/10/2010] [22:39 30/11/2013] EDB468AB00729E5E64B65505BF54C11E C:\Users\gurpsgm\Documents\Sandra\mailsg06\68yahoo.txt --a---- 1556 bytes [20:00 30/10/2010] [22:39 30/11/2013] B91908EB043602575A4767500E0B256F C:\Users\gurpsgm\Documents\Sandra\mailsg06\writers\344yahoowebcon.txt --a---- 3681 bytes [20:01 30/10/2010] [22:38 30/11/2013] 3994BE766C56CBEA1BE8819646C0FF2B C:\Users\gurpsgm\Documents\Sandra\web\yahootos.txt --a---- 1901 bytes [20:02 30/10/2010] [22:36 30/11/2013] 9853B26EE29C59927FCDCC2C59BD6DD9 C:\Users\gurpsgm\Favorites\Bruce's Temp\skyrim Can I have more than 1 character - Yahoo! Answers.url --a---- 1135 bytes [22:34 30/11/2013] [22:34 30/11/2013] 3BCAB14CD237304C39F628EE3FD5DB76 C:\Users\gurpsgm\Favorites\Bruce's Temp\Yahoo Groups.url --a---- 240 bytes [09:54 17/03/2013] [22:34 30/11/2013] EFDCE3B235806C57BD4B01E41DBBE4E6 C:\Users\gurpsgm\Favorites\Links\My Yahoo.url --a---- 1104 bytes [10:16 20/03/2013] [22:32 30/11/2013] CB0320AC6AFE7A3B3F1A913BCA60DAC7 C:\Users\gurpsgm\Favorites\Links\Yahoo.URL --a---- 171 bytes [21:58 01/04/2013] [13:13 01/12/2013] FAC8C2B28C505D79ACDAF1ECD0C2E948 C:\Users\gurpsgm\Favorites\Sandra\Pulmonary Embolism Information, Symptoms and Treatments on Yahoo! Health.URL --a---- 144 bytes [19:44 02/03/2013] [22:31 30/11/2013] 0CFEC628CA753CBE0986F3FF3BA19BF5 C:\Users\gurpsgm\Favorites\Sandra\What Your TV Salesman Won’t Tell You Work + Money - Yahoo! Shine.URL --a---- 165 bytes [19:44 02/03/2013] [22:31 30/11/2013] 3BD25113F6A2C3DAFED0ABBCB7D08642 C:\Users\gurpsgm\Favorites\Sandra\Favorites\Verizon Yahoo! Internet email.URL --a---- 258 bytes [19:44 02/03/2013] [22:32 30/11/2013] 74445EA9DBCD83976CC235552164CE50 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Hobbies\Writing\Temp\Yahoo! Groups EPICJourney.URL --a---- 130 bytes [11:01 30/11/2012] [22:32 30/11/2013] 2CB05CD8AAC971427783299A71AD8370 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Interests\Fandom\Dark Shadows\Yahoo! Groups dwiodarkshad.URL --a---- 131 bytes [11:01 30/11/2012] [22:32 30/11/2013] 4348CF015A8A5A98325ED008AD02746E C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Interests\Forever Knight\Fiction\Yahoo! Groups fkfanfic.URL --a---- 127 bytes [11:01 30/11/2012] [22:32 30/11/2013] A950B103976EE3237771619B52965D7C C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Interests\Forever Knight\Fiction\Yahoo! Groups FKficDiscussionList.URL --a---- 138 bytes [11:01 30/11/2012] [22:32 30/11/2013] E0EE015C7BBDEC29A468ADB26EFF3296 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Interests\Forever Knight\Fiction\Awards\Yahoo! Groups ravenawards.URL --a---- 130 bytes [11:01 30/11/2012] [22:32 30/11/2013] C9909EC456F2E4A0919BEE98C2B21212 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Interests\Forever Knight\General\Yahoo! Clubs foreverknightrpg.URL --a---- 134 bytes [11:01 30/11/2012] [22:32 30/11/2013] 023947DA729A4B771E03C8DD8535A2A6 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Interests\Forever Knight\War\Yahoo! Groups fkwar11leaders.URL --a---- 133 bytes [11:01 30/11/2012] [22:32 30/11/2013] 56D66CD7258395E5EA06334F0C283802 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Interests\Forever Knight\War\Yahoo! Groups fkwararchive.URL --a---- 131 bytes [11:01 30/11/2012] [22:32 30/11/2013] EAE8CE6013A51AC5CAADE6FE41A490A0 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Interests\Forever Knight\War\Yahoo! Groups fkwarsum.URL --a---- 128 bytes [11:01 30/11/2012] [22:32 30/11/2013] 3A4E79A16F5626527B385F2BAEDF7CB9 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Internet\Mail lists\Yahoo! Groups.URL --a---- 113 bytes [11:01 30/11/2012] [22:31 30/11/2013] D54B8AED1F85D9864D376FC263C3D290 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Internet\Web Rings\Yahoo! Web Rings.URL --a---- 206 bytes [11:01 30/11/2012] [22:31 30/11/2013] 44B0A98AD1D56293BE44A8AC9D8364F8 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Money\Auctions\Yahoo! Auctions Auctions 031603.URL --a---- 115 bytes [11:01 30/11/2012] [22:31 30/11/2013] B362CE078B544E20F04A76FCA46516D9 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Reference\People\Myth\Faiths and Practices - Yahoo.URL --a---- 177 bytes [11:01 30/11/2012] [22:31 30/11/2013] 8FA3BAA88079C44114B580940323CED4 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Reference\Training\Yahoo! Autos - Repair Guide.URL --a---- 130 bytes [11:01 30/11/2012] [22:31 30/11/2013] 2E34F1E43013D1A3D520F0F3D86A0805 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Shopping\Auctions\Yahoo! Auctions Auctions 031603.URL --a---- 115 bytes [11:01 30/11/2012] [22:31 30/11/2013] B362CE078B544E20F04A76FCA46516D9 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Shopping\Temp\Yahoo! Stores.URL --a---- 113 bytes [11:01 30/11/2012] [22:31 30/11/2013] 72446DBB36EF9C0D929503E54D55D690 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Temp\Yahoo! Banner Exchanges.URL --a---- 196 bytes [11:01 30/11/2012] [22:31 30/11/2013] 6F37179A0D894532365C3C9A498B13D4 C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Web\Design Resources\Spike's Place - Free Online Lessons with Yahoo-Geocities.URL --a---- 127 bytes [11:01 30/11/2012] [22:31 30/11/2013] 4F63660121E109CB773EE8631F4C945C C:\Users\gurpsgm\Favorites\Sandra\Personal Bookmarks\Web\Hosting - Free\Yahoo! Photos.URL --a---- 113 bytes [11:01 30/11/2012] [22:31 30/11/2013] 2CDA9019FB24ADE7AB5E26C6BCD8C2FB C:\Users\gurpsgm\Favorites\Sandra's Temp\Opening Verizon Yahoo! Mail Classic Your Way Opening Verizon Yahoo! Mail in an Email Application.URL --a---- 150 bytes [19:44 02/03/2013] [22:32 30/11/2013] 70345501C40FE052DF980ECCACA0B26B C:\Users\gurpsgm\Favorites\TempSandra\Amanda\E-Mails\Yahoo!.URL --a---- 110 bytes [11:01 30/11/2012] [22:31 30/11/2013] 5D1DBB16F41523F91B5F6326AD426D0D Searching for "yahoo.*" C:\Program Files (x86)\IObit\Advanced SystemCare 7\Database\yahoo.xml --a---- 1096 bytes [14:46 12/11/2013] [14:46 12/11/2013] FDE8CE648EB1FCE524978664612B939A C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml --a---- 2675 bytes [04:19 19/11/2013] [23:49 25/10/2013] 8E78527BE123043418168C6657876161 C:\Program Files (x86)\Mozilla Thunderbird\searchplugins\yahoo.xml --a---- 1251 bytes [12:39 07/04/2013] [16:39 18/11/2013] C0242349E9FFC680BF96BDE93766C585 C:\Program Files (x86)\SeaMonkey\searchplugins\yahoo.xml --a---- 1251 bytes [03:40 31/10/2013] [01:45 14/11/2013] C0242349E9FFC680BF96BDE93766C585 C:\Program Files (x86)\Trillian\languages\en\yahoo.xml --a---- 4354 bytes [04:00 21/10/2013] [04:00 21/10/2013] 2C23E97EEFCC91E5C0BB5CC1D3C4C2C5 C:\Program Files (x86)\Trillian\plugins\yahoo.dll --a---- 611200 bytes [04:00 21/10/2013] [04:00 21/10/2013] F58AC8FC3432F9221E6556C7BA441309 C:\Program Files (x86)\Trillian\stixe\icons\Default-Services\YAHOO\Yahoo.ico --a---- 22486 bytes [04:00 19/08/2011] [04:00 19/08/2011] F73B486C3721532AEA82CE0413E7B16C C:\Program Files (x86)\Trillian\stixe\icons\Default-Services-5\YAHOO\Yahoo.ico --a---- 5430 bytes [04:00 21/10/2013] [04:00 21/10/2013] 1FACC20BDD39314CC5E1B3657C6B0FF5 C:\Users\gurpsgm\AppData\Roaming\ICQM\ICQ\smiles\smiles\koloboks\yahoo.gif --a---- 11103 bytes [16:59 20/03/2013] [23:30 30/11/2013] 94A2443A27934BBD57D29B93B18FD580 C:\Users\gurpsgm\AppData\Roaming\ICQM\ICQ\smiles\smiles\set03\yahoo.gif --a---- 6469 bytes [16:59 20/03/2013] [23:30 30/11/2013] 56385C4F9B151C030A0D28FE712E04B1 C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Recent\yahoo.lnk --a---- 13117 bytes [17:23 04/12/2013] [17:23 04/12/2013] F552B93368556D6B15C4BFB2E176BE68 C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\favicons\yahoo.com.ico --a---- 318 bytes [19:13 05/12/2011] [19:13 05/12/2011] 7B10E6D43DE9352EAEFA58D9490BEAEE C:\Users\gurpsgm\Documents\Bruce\Old Firefox Data\svdcl1jg.default-1357467556136\searchplugins\yahoo.xml --a---- 915 bytes [13:33 20/11/2013] [16:22 16/11/2013] 468B49A9C985289D405F3ACDC13DCCFF C:\Users\gurpsgm\Favorites\Links\Yahoo.URL --a---- 171 bytes [21:58 01/04/2013] [13:13 01/12/2013] FAC8C2B28C505D79ACDAF1ECD0C2E948 ========== folderfind ========== Searching for "*yahoo*" C:\Program Files (x86)\Trillian\stixe\icons\Default-Services\YAHOO d------ [14:52 22/03/2011] C:\Program Files (x86)\Trillian\stixe\icons\Default-Services-5\YAHOO d------ [18:59 30/08/2012] C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\logs\YAHOO d------ [15:01 22/03/2011] C:\Users\gurpsgm\Music\My Yahoo! Music d------ [19:48 30/10/2010] Searching for "yahoo" C:\Program Files (x86)\Trillian\stixe\icons\Default-Services\YAHOO d------ [14:52 22/03/2011] C:\Program Files (x86)\Trillian\stixe\icons\Default-Services-5\YAHOO d------ [18:59 30/08/2012] C:\Users\gurpsgm\AppData\Roaming\Trillian\users\hohlagh\logs\YAHOO d------ [15:01 22/03/2011] ========== regfind ========== Searching for "*yahoo*" No data found. Searching for "yahoo" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\18] "keyword"="search.yahoo.com" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\18] "url"="http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\3] "favicon_url"="http://search.yahoo.com/favicon.ico" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\3] "keyword"="yahoo.com" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\3] "short_name"="Yahoo!" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\3] "suggest_url"="http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\3] "url"="http://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\yahoo.com] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.yahoo.com/?type=293224&fr=spigot-yhp-ie" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}] "DisplayName"="Yahoo! Search" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}] "URL"="http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}] "FaviconURL"="http://www.yahoo.com/favicon.ico" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\downloadznow.net\wwwyahoo] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\downloadznow.net\yahoo] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\panet.org\yahoo] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\yahoo-analytics.net] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\wwwyahoo] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\yahoo] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\panet.org\yahoo] [HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail\PerPassportSettings\1341029439\HTTP\Http Unallowable Domain\00000001] "Exception"="yahoo.com" [HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail\PerPassportSettings\1341029439\HTTP\Http Unallowable Domain\00000005] "Exception"="yahoogroups.com" [HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail\PerPassportSettings\1341029439\HTTP\Http Unblockable Domain\00000002] "Exception"="yahoo.com" [HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail\PerPassportSettings\1341029439\HTTP\Http Unblockable Domain\00000006] "Exception"="yahoogroups.com" [HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail\PerPassportSettings\3462661360\HTTP\Http Unallowable Domain\00000001] "Exception"="yahoo.com" [HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail\PerPassportSettings\3462661360\HTTP\Http Unallowable Domain\00000005] "Exception"="yahoogroups.com" [HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail\PerPassportSettings\3462661360\HTTP\Http Unblockable Domain\00000002] "Exception"="yahoo.com" [HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail\PerPassportSettings\3462661360\HTTP\Http Unblockable Domain\00000006] "Exception"="yahoogroups.com" [HKEY_CURRENT_USER\Software\Motive\Mcci\Config\McciNet\DNSCache\www.yahoo.com] [HKEY_CURRENT_USER\Software\Piriform\CCleaner] "CookiesToSave"="*.piriform.com|accounts.google.com|aol.com|google.com|yahoo.com" [HKEY_CURRENT_USER\Software\Yahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\panet.org\yahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\wwwyahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\yahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\panet.org\yahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers] "SIGN.IE=038D00 yahoo_toolbar_install_helper.exe"="VISTARTM" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\protected\AVP11\profiles\YHO] @="Yahoo Protocoller" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\Contains\Files] "C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}\DownloadInformation] "CODEBASE"="C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89C5F840-21C1-4C4C-A416-21044E80528C}] "AppPath"="C:\Program Files (x86)\Yahoo!\Common" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\panet.org\yahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\wwwyahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\yahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\panet.org\yahoo] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Motive\Rainier\Verizon\OfflineDispatcher] "ConnectionTargets"="www.google.com,www.yahoo.com" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\panet.org\yahoo] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yahoo-analytics.net] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\wwwyahoo] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\yahoo] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\panet.org\yahoo] [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\18] "keyword"="search.yahoo.com" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\18] "url"="http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\3] "favicon_url"="http://search.yahoo.com/favicon.ico" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\3] "keyword"="yahoo.com" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\3] "short_name"="Yahoo!" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\3] "suggest_url"="http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\AppDataLow\Software\Mail.Ru\IE_Bar\Recovery\ch\3] "url"="http://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\yahoo.com] [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.yahoo.com/?type=293224&fr=spigot-yhp-ie" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}] "DisplayName"="Yahoo! Search" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}] "URL"="http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}] [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}] "FaviconURL"="http://www.yahoo.com/favicon.ico" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\downloadznow.net\wwwyahoo] [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\downloadznow.net\yahoo] [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\panet.org\yahoo] [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\yahoo-analytics.net] [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\wwwyahoo] [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\yahoo] [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\panet.org\yahoo] [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows Live Mail\PerPassportSettings\1341029439\HTTP\Http Unallowable Domain\00000001] "Exception"="yahoo.com" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows Live Mail\PerPassportSettings\1341029439\HTTP\Http Unallowable Domain\00000005] "Exception"="yahoogroups.com" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows Live Mail\PerPassportSettings\1341029439\HTTP\Http Unblockable Domain\00000002] "Exception"="yahoo.com" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows Live Mail\PerPassportSettings\1341029439\HTTP\Http Unblockable Domain\00000006] "Exception"="yahoogroups.com" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows Live Mail\PerPassportSettings\3462661360\HTTP\Http Unallowable Domain\00000001] "Exception"="yahoo.com" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows Live Mail\PerPassportSettings\3462661360\HTTP\Http Unallowable Domain\00000005] "Exception"="yahoogroups.com" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows Live Mail\PerPassportSettings\3462661360\HTTP\Http Unblockable Domain\00000002] "Exception"="yahoo.com" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows Live Mail\PerPassportSettings\3462661360\HTTP\Http Unblockable Domain\00000006] "Exception"="yahoogroups.com" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Motive\Mcci\Config\McciNet\DNSCache\www.yahoo.com] [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Piriform\CCleaner] "CookiesToSave"="*.piriform.com|accounts.google.com|aol.com|google.com|yahoo.com" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Yahoo] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\panet.org\yahoo] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yahoo-analytics.net] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\wwwyahoo] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\yahoo] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\panet.org\yahoo] -= EOF =-
-
OK... There's no "Yahoo" folder in Program FIles (x86). There's no Yahoo folder in Windows/Downlaoded Program FIles either. BUT - there IS an entry for the CLSID... What do I do with it? Bruce
-
Hi! Despite all my attempts to see this file, including a general seach of C: drive, I can't find it at all. BTW, the stupid "Spigot" thing is still here... and now, my daughter's computer has it, despite the fct that I never transmitted any data to or from that laptop... Bruce
-
Nope. Just on Opera, for some strage reason or other. If I press "home" on IE, Firefox, or Chrome, I still get this stupid http://search.yahoo.com/?type=293224&fr=spigot-yhp-ie as a home page despite all of our efforts to get rid of the d@#$ thing. I even tried using a backup from a month ago, and it's still there. I still say it's a "hitchhiker" of some kind - riding in on the back of some other program. Bruce
-
The rest of Zoek - Zoek-B.txt Incinerator\(Default) = {E8215BEA-3290-4C73-964B-75502B9B41B2} -> {HKLM...CLSID} = Incinerator Context Menu Handler \InProcServer32\(Default) = C:\Windows\system32\Incinerator64.dll [iolo technologies, LLC] -> {HKLM...Wow...CLSID} = Incinerator Context Menu Handler \InProcServer32\(Default) = C:\Windows\SysWow64\Incinerator32.dll [iolo technologies, LLC] IObit Malware Fighter\(Default) = {0BB81440-5F42-4480-A5F7-770A6F439FC8} -> {HKLM...CLSID} = BlueBirdShell Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [iObit] IZArcCM\(Default) = {3BBAC0AD-8227-3462-C8EF-A36794DD8CD2} -> {HKLM...CLSID} = IZArc Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\IZArc\IZArcCM64.dll [null data] -> {HKLM...Wow...CLSID} = IZArc Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\IZArc\IZArcCM64.dll [null data] MetroShellExtImpl\(Default) = {8C10E8D5-495E-4EEA-B134-71A36F157365} -> {HKLM...CLSID} = MetroShellExtImpl Class \InProcServer32\(Default) = C:\Program Files (x86)\Norton Zone\Engine64\1.0.15.13\NZShlExt.dll [symantec Corporation] MRAICQCMenu\(Default) = {7C9E7B90-88EC-4852-AC7A-C938268A5D04} -> {HKLM...Wow...CLSID} = MRACMenu_icq Class \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\ICQM\ICQ\dll\mramenu.dll [null data] PhotoStreamsExt\(Default) = {89D984B3-813B-406A-8298-118AFA3A22AE} -> {HKLM...CLSID} = ContextMenuHandler Class \InProcServer32\(Default) = C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [null data] SDECon32\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC} -> {HKLM...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [safer-Networking Ltd.] -> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [safer-Networking Ltd.] SDECon64\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC} -> {HKLM...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [safer-Networking Ltd.] -> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [safer-Networking Ltd.] SlimShellExt\(Default) = {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF} -> {HKLM...CLSID} = SlimShellExt Class \InProcServer32\(Default) = C:\Program Files (x86)\SlimCleaner\SlimShell64.dll [slimware Utilities, Inc.] Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} -> {HKLM...CLSID} = IEContextMenu Class \InProcServer32\(Default) = "C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\NavShExt.dll" [symantec Corporation] TeraCopy\(Default) = {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopyExt.dll [null data] TeraCopyS64\(Default) = {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopyExt64.dll [null data] UnLockerMenu\(Default) = {A6FF0E3A-8437-482C-8E04-4F9E15C57538} -> {HKLM...CLSID} = UnLockerMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [iObit] WinMerge\(Default) = {4E716236-AA30-4C65-B225-D68BBA81E9C2} -> {HKLM...CLSID} = WinMergeShell Class \InProcServer32\(Default) = C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [http://winmerge.org] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] {06C31FAD-436B-46EF-839F-964754F0F905}\(Default) = (no title provided) -> {HKLM...CLSID} = WinOptimizerContextHandler \InProcServer32\(Default) = C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\WinOptimizerContextHandler64.dll [TODO: <Company name>] {546F2717-67F4-43BB-A7CF-5522C404678F}\(Default) = (no title provided) -> {HKLM...CLSID} = WinOptimizerContextHandler \InProcServer32\(Default) = C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\WinOptimizerContextHandler64.dll [TODO: <Company name>] HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\ TeraCopy\(Default) = {A7005AF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopy.dll [null data] -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopy.dll [null data] TeraCopy64\(Default) = {A7645AF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopy64.dll [null data] HKLM\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\ BuPropertySheet\(Default) = {B59987EA-25FE-44B4-8802-E4DE67073D8C} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\buShell.dll [symantec Corporation] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ FAExt\(Default) = {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} -> {HKLM...Wow...CLSID} = FAExt Class \InProcServer32\(Default) = C:\PROGRA~2\FileASSASSIN\FileASSASSINExt.dll [Malwarebytes] GB3ContextMenu\(Default) = {3A488FE8-9916-4F36-BDFF-3DED559142E5} -> {HKLM...CLSID} = GBContextMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\Razer\Razer Game Booster\GBV3ContextMenu.dll [null data] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] SlimShellExt\(Default) = {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF} -> {HKLM...CLSID} = SlimShellExt Class \InProcServer32\(Default) = C:\Program Files (x86)\SlimCleaner\SlimShell64.dll [slimware Utilities, Inc.] UnlockerShellExtension\(Default) = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} -> {HKLM...Wow...CLSID} = UnlockerShellExtension \InProcServer32\(Default) = C:\Program Files (x86)\Unlocker\UnlockerCOM.dll [null data] HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.] -> {HKCU...Wow...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ Advanced SystemCare\(Default) = {2803063F-4B8D-4dc6-8874-D1802487FE2D} -> {HKLM...CLSID} = CExtMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCExtMenu_64.dll [iObit] AIMP\(Default) = {1F77B17B-F531-44DB-ACA4-76ABB5010A28} -> {HKLM...CLSID} = AIMP ShellExt Unit \InProcServer32\(Default) = C:\Program Files (x86)\AIMP3\Modules\aimp_menu64.dll [AIMP DevTeam] -> {HKLM...Wow...CLSID} = AIMP ShellExt Unit \InProcServer32\(Default) = C:\Program Files (x86)\AIMP3\Modules\aimp_menu32.dll [AIMP DevTeam] Eraser\(Default) = {BC9B776A-90D7-4476-A791-79D835F30650} -> {HKLM...CLSID} = Eraser Shell Extension \InProcServer32\(Default) = "C:\PROGRA~1\Eraser\Eraser.Shell.dll" [The Eraser Project] GDContextMenu\(Default) = {BB02B294-8425-42E5-983F-41A1FA970CD6} -> {HKLM...CLSID} = GDContextMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\contextmenu64.dll [Google] Incinerator\(Default) = {E8215BEA-3290-4C73-964B-75502B9B41B2} -> {HKLM...CLSID} = Incinerator Context Menu Handler \InProcServer32\(Default) = C:\Windows\system32\Incinerator64.dll [iolo technologies, LLC] -> {HKLM...Wow...CLSID} = Incinerator Context Menu Handler \InProcServer32\(Default) = C:\Windows\SysWow64\Incinerator32.dll [iolo technologies, LLC] IObit Malware Fighter\(Default) = {0BB81440-5F42-4480-A5F7-770A6F439FC8} -> {HKLM...CLSID} = BlueBirdShell Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [iObit] IZArcCM\(Default) = {3BBAC0AD-8227-3462-C8EF-A36794DD8CD2} -> {HKLM...CLSID} = IZArc Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\IZArc\IZArcCM64.dll [null data] -> {HKLM...Wow...CLSID} = IZArc Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\IZArc\IZArcCM64.dll [null data] SlimShellExt\(Default) = {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF} -> {HKLM...CLSID} = SlimShellExt Class \InProcServer32\(Default) = C:\Program Files (x86)\SlimCleaner\SlimShell64.dll [slimware Utilities, Inc.] TeraCopy\(Default) = {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopyExt.dll [null data] TeraCopyS64\(Default) = {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopyExt64.dll [null data] UnLockerMenu\(Default) = {A6FF0E3A-8437-482C-8E04-4F9E15C57538} -> {HKLM...CLSID} = UnLockerMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [iObit] WinMerge\(Default) = {4E716236-AA30-4C65-B225-D68BBA81E9C2} -> {HKLM...CLSID} = WinMergeShell Class \InProcServer32\(Default) = C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [http://winmerge.org] {33F85093-44BB-4587-B25B-FFD05D5B9916}\(Default) = (no title provided) -> {HKLM...CLSID} = Network Magic Folders \InProcServer32\(Default) = C:\Program Files (x86)\Pure Networks\Network Magic\amd64\nmspce2.dll [Cisco Systems, Inc.] -> {HKLM...Wow...CLSID} = Network Magic Folders \InProcServer32\(Default) = C:\Program Files (x86)\Pure Networks\Network Magic\nmspce2.dll [Cisco Systems, Inc.] HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\ FAMShExt\(Default) = {9B39E194-B6F2-49C1-93F0-115D24B73DDC} -> {HKLM...CLSID} = FAMShExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Norton Zone\Engine64\1.0.15.13\FAMShExt.dll [symantec Corporation] FileZilla3CopyHook\(Default) = {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B} -> {HKLM...CLSID} = FileZilla 3 Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll [null data] -> {HKLM...Wow...CLSID} = FileZilla 3 Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll [null data] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ Eraser\(Default) = {BC9B776A-90D7-4476-A791-79D835F30650} -> {HKLM...CLSID} = Eraser Shell Extension \InProcServer32\(Default) = "C:\PROGRA~1\Eraser\Eraser.Shell.dll" [The Eraser Project] FAMShExt\(Default) = {9B39E194-B6F2-49C1-93F0-115D24B73DDC} -> {HKLM...CLSID} = FAMShExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Norton Zone\Engine64\1.0.15.13\FAMShExt.dll [symantec Corporation] TeraCopy\(Default) = {A7005AF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopy.dll [null data] -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopy.dll [null data] TeraCopy64\(Default) = {A7645AF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopy64.dll [null data] HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.] -> {HKCU...Wow...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ TeraCopy\(Default) = {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopyExt.dll [null data] TeraCopyS64\(Default) = {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopyExt64.dll [null data] WinMerge\(Default) = {4E716236-AA30-4C65-B225-D68BBA81E9C2} -> {HKLM...CLSID} = WinMergeShell Class \InProcServer32\(Default) = C:\Program Files (x86)\WinMerge\ShellExtensionX64.dll [http://winmerge.org] {33F85093-44BB-4587-B25B-FFD05D5B9916}\(Default) = (no title provided) -> {HKLM...CLSID} = Network Magic Folders \InProcServer32\(Default) = C:\Program Files (x86)\Pure Networks\Network Magic\amd64\nmspce2.dll [Cisco Systems, Inc.] -> {HKLM...Wow...CLSID} = Network Magic Folders \InProcServer32\(Default) = C:\Program Files (x86)\Pure Networks\Network Magic\nmspce2.dll [Cisco Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {0561EC90-CE54-4f0c-9C55-E226110A740C}\(Default) = Haali Column Provider -> {HKLM...Wow...CLSID} = Haali Column Provider \InProcServer32\(Default) = C:\Windows\SysWow64\mmfinfo.dll [null data] {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = OpenOffice Column Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll [Apache Software Foundation] -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info -> {HKLM...Wow...CLSID} = PDF Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} -> {HKLM...CLSID} = Acrobat Elements Context Menu \InProcServer32\(Default) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [Adobe Systems Inc.] -> {HKLM...Wow...CLSID} = Acrobat Elements Context Menu \InProcServer32\(Default) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll [Adobe Systems Inc.] BitZipper32\(Default) = {D5906221-A717-479B-9B49-CD848F9CE816} -> {HKLM...CLSID} = BZShlExtImpl Class \InProcServer32\(Default) = C:\Program Files (x86)\BitZipper\BZShlExt64.dll [bitberry Software] -> {HKLM...Wow...CLSID} = BZShlExtImpl Class \InProcServer32\(Default) = C:\Program Files (x86)\BitZipper\BZShlExt.dll [bitberry Software] BitZipper64\(Default) = {9176020F-4A61-4F57-A133-258110EBC765} -> {HKLM...CLSID} = BitZipper64 \InProcServer32\(Default) = C:\Program Files (x86)\BitZipper\BZShlExt64.dll [bitberry Software] BUContextMenu\(Default) = {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\buShell.dll [symantec Corporation] Eraser\(Default) = {BC9B776A-90D7-4476-A791-79D835F30650} -> {HKLM...CLSID} = Eraser Shell Extension \InProcServer32\(Default) = "C:\PROGRA~1\Eraser\Eraser.Shell.dll" [The Eraser Project] IObit Malware Fighter\(Default) = {0BB81440-5F42-4480-A5F7-770A6F439FC8} -> {HKLM...CLSID} = BlueBirdShell Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [iObit] MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3} -> {HKLM...CLSID} = MBAMShlExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation] MetroShellExtImpl\(Default) = {8C10E8D5-495E-4EEA-B134-71A36F157365} -> {HKLM...CLSID} = MetroShellExtImpl Class \InProcServer32\(Default) = C:\Program Files (x86)\Norton Zone\Engine64\1.0.15.13\NZShlExt.dll [symantec Corporation] SDECon32\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC} -> {HKLM...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [safer-Networking Ltd.] -> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [safer-Networking Ltd.] SDECon64\(Default) = {44176360-2BBF-4EC1-93CE-384B8681A0BC} -> {HKLM...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [safer-Networking Ltd.] -> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [safer-Networking Ltd.] Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} -> {HKLM...CLSID} = IEContextMenu Class \InProcServer32\(Default) = "C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\NavShExt.dll" [symantec Corporation] TeraCopy\(Default) = {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopyExt.dll [null data] TeraCopyS64\(Default) = {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopyExt64.dll [null data] UnLockerMenu\(Default) = {A6FF0E3A-8437-482C-8E04-4F9E15C57538} -> {HKLM...CLSID} = UnLockerMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [iObit] UnlockerShellExtension\(Default) = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} -> {HKLM...Wow...CLSID} = UnlockerShellExtension \InProcServer32\(Default) = C:\Program Files (x86)\Unlocker\UnlockerCOM.dll [null data] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] {06C31FAD-436B-46EF-839F-964754F0F905}\(Default) = (no title provided) -> {HKLM...CLSID} = WinOptimizerContextHandler \InProcServer32\(Default) = C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 9\WinOptimizerContextHandler64.dll [TODO: <Company name>] {33F85093-44BB-4587-B25B-FFD05D5B9916}\(Default) = (no title provided) -> {HKLM...CLSID} = Network Magic Folders \InProcServer32\(Default) = C:\Program Files (x86)\Pure Networks\Network Magic\amd64\nmspce2.dll [Cisco Systems, Inc.] -> {HKLM...Wow...CLSID} = Network Magic Folders \InProcServer32\(Default) = C:\Program Files (x86)\Pure Networks\Network Magic\nmspce2.dll [Cisco Systems, Inc.] {546F2717-67F4-43BB-A7CF-5522C404678F}\(Default) = (no title provided) -> {HKLM...CLSID} = WinOptimizerContextHandler \InProcServer32\(Default) = C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\WinOptimizerContextHandler64.dll [TODO: <Company name>] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ Eraser\(Default) = {BC9B776A-90D7-4476-A791-79D835F30650} -> {HKLM...CLSID} = Eraser Shell Extension \InProcServer32\(Default) = "C:\PROGRA~1\Eraser\Eraser.Shell.dll" [The Eraser Project] FAMShExt\(Default) = {9B39E194-B6F2-49C1-93F0-115D24B73DDC} -> {HKLM...CLSID} = FAMShExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Norton Zone\Engine64\1.0.15.13\FAMShExt.dll [symantec Corporation] TeraCopy\(Default) = {A7005AF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopy.dll [null data] -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopy.dll [null data] TeraCopy64\(Default) = {A7645AF0-D6E8-48AF-8DFA-023B1CF660A7} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\TeraCopy\TeraCopy64.dll [null data] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDesktopCleanupWizard = (REG_DWORD) dword:0x00000001 {unrecognized setting} NoInstrumentation = (REG_SZ) 1 {unrecognized setting} NoCDBurning = (REG_DWORD) dword:0x00000001 {User Configuration|Administrative Templates|Windows Components|Windows Explorer| Remove CD Burning features} NoRecentDocsHistory = (REG_DWORD) dword:0x00000000 {unrecognized setting} ClearRecentDocsOnExit = (REG_DWORD) dword:0x00000000 {unrecognized setting} NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoResolveTrack = (REG_DWORD) dword:0x00000000 {unrecognized setting} NoPropertiesMyComputer = (REG_DWORD) dword:0x00000000 {unrecognized setting} NoFileAssociate = (REG_DWORD) dword:0x00000000 {unrecognized setting} NoDrives = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ DisableRegistryTools = (REG_DWORD) dword:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} DisableTaskMgr = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\ SecurityTab = (REG_DWORD) dword:0x00000000 {Computer Configuration|Administrative Templates|Windows Components|Internet Explorer|Internet Control Panel| Disable the Security page} ConnectionsTab = (REG_DWORD) dword:0x00000000 {Computer Configuration|Administrative Templates|Windows Components|Internet Explorer|Internet Control Panel| Disable the Connections page} SecChangeSettings = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions\ NoBrowserOptions = (REG_DWORD) dword:0x00000000 {Computer Configuration|Administrative Templates|Windows Components|Internet Explorer|Browser Menus| Tools menu: Disable Internet Options... menu option} NoBrowserSaveAs = (REG_DWORD) dword:0x00000000 {unrecognized setting} NoFavorites = (REG_DWORD) dword:0x00000000 {unrecognized setting} NoFileNew = (REG_DWORD) dword:0x00000000 {unrecognized setting} NoFileOpen = (REG_DWORD) dword:0x00000000 {unrecognized setting} NoTheaterMode = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ ConsentPromptBehaviorAdmin = (REG_DWORD) dword:0x00000002 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode} ConsentPromptBehaviorUser = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Standard Users} VerboseStatus = (REG_DWORD) dword:0x00000000 {unrecognized setting} EnableLinkedConnections = (REG_DWORD) dword:0x00000001 {unrecognized setting} DisableRegistryTools = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ SCRNSAVE.EXE = C:\Windows\SysWOW64\GPhotos.scr [Google Inc.] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ AIMP.EventCDA\ Provider = AIMP3 InvokeProgID = AIMP.EventCDA InvokeVerb = open HKCU\Software\Classes\AIMP.EventCDA\shell\open\command\(Default) = C:\Program Files (x86)\AIMP3\AIMP3.exe /CDA %1 [AIMP DevTeam] AIMP.EventMusic\ Provider = AIMP3 InvokeProgID = AIMP.EventMusic InvokeVerb = open HKCU\Software\Classes\AIMP.EventMusic\shell\open\command\(Default) = C:\Program Files (x86)\AIMP3\AIMP3.exe /DIR %1 [AIMP DevTeam] CDBurnerXP\ Provider = CDBurnerXP InvokeProgID = CDBurnerXPOpen InvokeVerb = open HKLM\SOFTWARE\Classes\CDBurnerXPOpen\shell\open\command\(Default) = "C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe" /od "%1" [null data] MSLivePhotoAcquireDropHandler\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.LivePhotoAcqDTShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSLiveShowPicturesOnArrival\ Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10 InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1 InvokeVerb = open HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS] MSPlayBluRayOnArrival\ Provider = Windows Media Player InvokeProgID = WMP.BD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.BD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:12 /Play "%L\BDMV\index.bdmv" [MS] MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] MXFotomakerBrowseOnArrival\ Provider = MAGIX Foto Manager MX deluxe InvokeProgID = Magix.Fotomaker.Brws InvokeVerb = Brws HKLM\SOFTWARE\Classes\Magix.Fotomaker.Brws\shell\Brws\command\(Default) = "C:\Program Files (x86)\MAGIX\Photo_Manager_MX\Fotomanager_dlx.exe" /exp "%1" [MAGIX] MXFotomakerBurningCDArrival\ Provider = MAGIX Foto Manager MX deluxe InvokeProgID = Magix.Fotomaker.Burn InvokeVerb = Burn HKLM\SOFTWARE\Classes\Magix.Fotomaker.Burn\shell\Burn\command\(Default) = "C:\Program Files (x86)\MAGIX\Photo_Manager_MX\Fotomanager_dlx.exe" [MAGIX] MXFotomakerImportPicturesOnArrival\ Provider = MAGIX Foto Manager MX deluxe InvokeProgID = Magix.Fotomaker.ImportPic InvokeVerb = ImportPic HKLM\SOFTWARE\Classes\Magix.Fotomaker.ImportPic\shell\ImportPic\command\(Default) = "C:\Program Files (x86)\MAGIX\Photo_Manager_MX\Fotomanager_dlx.exe" /k "%1" [MAGIX] MXFotomakerPlayVideoOnArrival\ Provider = MAGIX Foto Manager MX deluxe InvokeProgID = Magix.Fotomaker.PlayV InvokeVerb = PlayV HKLM\SOFTWARE\Classes\Magix.Fotomaker.PlayV\shell\PlayV\command\(Default) = "C:\Program Files (x86)\MAGIX\Photo_Manager_MX\Fotomanager_dlx.exe" /exp "%1" [MAGIX] MXFotomakerShowPicturesOnArrival\ Provider = MAGIX Foto Manager MX deluxe InvokeProgID = Magix.Fotomaker.ShwPic InvokeVerb = ShwPic HKLM\SOFTWARE\Classes\Magix.Fotomaker.ShwPic\shell\ShwPic\command\(Default) = "C:\Program Files (x86)\MAGIX\Photo_Manager_MX\Fotomanager_dlx.exe" /exp "%1" [MAGIX] NeroAutoPlay9CDAudio\ Provider = Nero Express InvokeProgID = Nero.AutoPlay8 InvokeVerb = CDAudio_HandleCDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = C:\Program Files (x86)\Nero\Nero 9\Nero Express\NeroExpress.exe -w /New:AudioCD [Nero AG] NeroAutoPlay9CopyCD\ Provider = Nero Express InvokeProgID = Nero.AutoPlay8 InvokeVerb = CopyCD_PlayMusicFilesOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = C:\Program Files (x86)\Nero\Nero 9\Nero Express\NeroExpress.exe -w /Dialog:DiscCopy [Nero AG] NeroAutoPlay9DataDisc\ Provider = Nero Express InvokeProgID = Nero.AutoPlay8 InvokeVerb = DataDisc_HandleCDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = C:\Program Files (x86)\Nero\Nero 9\Nero Express\NeroExpress.exe -w /New:ISODisc [Nero AG] NeroAutoPlay9LaunchNeroStartSmart\ Provider = Nero StartSmart InvokeProgID = Nero.AutoPlay8 InvokeVerb = LaunchNeroStartSmart_HandleCDBurningOnArrival HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe /AutoPlay [Nero AG] P2GCDBurningOnArrival\ Provider = Power2Go InvokeProgID = BlankCD InvokeVerb = OpenWithPower2Go HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.] P2GDVDBurningOnArrival\ Provider = Power2Go InvokeProgID = BlankDVD InvokeVerb = OpenWithPower2Go HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.] PDVD9PlayCDAudioOnArrival\ Provider = PowerDVD 9 InvokeProgID = AudioCD InvokeVerb = PlayWithPowerDVD9 HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD9\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVDLaunchPolicy.exe" "%L" [CyberLink Corp.] PDVD9PlayDVDMovieOnArrival\ Provider = PowerDVD 9 InvokeProgID = DVD InvokeVerb = PlayWithPowerDVD9 HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD9\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVDLaunchPolicy.exe" "%L" [CyberLink Corp.] PDVD9PlaySVCDOnArrival\ Provider = PowerDVD 9 InvokeProgID = SVCD InvokeVerb = PlayWithPowerDVD9 HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPowerDVD9\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVDLaunchPolicy.exe" "%L" [CyberLink Corp.] PDVD9PlayVCDMovieOnArrival\ Provider = PowerDVD 9 InvokeProgID = VCD InvokeVerb = PlayWithPowerDVD9 HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD9\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVDLaunchPolicy.exe" "%L" [CyberLink Corp.] Picasa2ImportPicturesOnArrival\ Provider = Picasa3 InvokeProgID = picasa2.autoplay InvokeVerb = import HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = C:\Program Files (x86)\Google\Picasa3\Picasa3.exe "%1" [Google Inc.] Power2GoPlayCDAudioOnArrival\ Provider = Power2Go InvokeProgID = AudioCD InvokeVerb = PlayWithPower2Go HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" /AudioRipper "%L" [CyberLink Corp.] SpybotScanFiles\ Provider = Spybot - Search & Destroy InvokeProgID = SpybotFilesScanner InvokeVerb = scanfiles HKLM\SOFTWARE\Classes\SpybotFilesScanner\shell\scanfiles\command\(Default) = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe" [safer-Networking Ltd.] WIA_{51BD566E-A02D-4387-9A82-D929EA8C20B0}\ Provider = MAGIX Photo Manager MX CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaClsid;{51BD566E-A02D-4387-9A82-D929EA8C20B0}; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WIA_{F9C8DDE4-4324-4B0E-A8F7-994286683BBB}\ Provider = Readiris CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24} InitCmdLine = /WiaCmd;C:\Program Files (x86)\Readiris Pro 12\readiris.exe /StiDevice:%1 /StiEvent:%2; -> {HKLM...CLSID} = WPDShextAutoplay \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS] WinampMTPHandler\ Provider = Winamp ProgID = Shell.HWEventHandlerShellExecute InitCmdLine = C:\Users\gurpsgm\Music\Winamp\winamp.exe HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} -> {HKLM...CLSID} = Shell Execute Hardware Event Handler \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS] WinampPlayMediaOnArrival\ Provider = Winamp InvokeProgID = Winamp.File InvokeVerb = Play HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = "C:\Users\gurpsgm\Music\Winamp\winamp.exe" "%1" [Nullsoft, Inc.] Startup items in "gurpsgm" & "All Users" startup folders: --------------------------------------------------------- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup {++} AnyTime -> shortcut to: C:\Program Files (x86)\AnyTime Organizer Premier\ISI Launcher.exe [individual Software Inc.] OneNote 2007 Screen Clipper and Launcher -> shortcut to: C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [MS] Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] ASC7_SkipUac_gurpsgm -> launches: C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe /SkipUac [iObit] CCleanerSkipUAC -> launches: "C:\Program Files (x86)\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd] Driver Booster Scan -> launches: C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe /scan [iObit] Driver Booster Update -> launches: C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe /auto [iObit] FreeFileViewerUpdateChecker -> launches: C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [bitberry Software] Game_Booster_AutoUpdate -> launches: C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe /AUTORUN [file not found] GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] GoogleUpdateTaskUserS-1-5-21-2751017530-556950238-3992346484-1000Core -> launches: C:\Users\gurpsgm\AppData\Local\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskUserS-1-5-21-2751017530-556950238-3992346484-1000UA -> launches: C:\Users\gurpsgm\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] gurpsgm DBAgent 2 0 -> launches: "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" [seagate Technology LLC] Microsoft_Hardware_Launch_devicecenter_exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Device Center\devicecenter.exe [file not found] Microsoft_Hardware_Launch_ipoint_exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [MS] Microsoft_Hardware_Launch_itype_exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [MS] Microsoft_Hardware_Launch_mousekeyboardcenter_exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [null data] Microsoft_Hardware_Launch_rundll32_exe -> (HIDDEN!) launches: rundll32.exe url.dll,OpenURL c:\4d665dcc8da2864ea4bcc4d3d810\ipoint\Setup64\Files\1033\Eng.rtf [MS] Microsoft_MKC_Logon_Task_ipoint.exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [MS] Microsoft_MKC_Logon_Task_itype.exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [MS] Norton Security Scan for gurpsgm -> (HIDDEN!) launches: C:\PROGRA~2\Norton Security Scan\Engine\4.0.3.24\Nss.exe /scan-quick /scheduled [symantec Corporation] Norton WSC Integration -> (HIDDEN!) launches: "C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\WSCStub.exe" /taskschd [symantec Corporation] PCHB_gurpsgm_PCHealthBoost_RM -> launches: "C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe" /c /s /p:rg [file not found] PCHB_gurpsgm_PCHealthBoost_RN -> launches: "C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe" /c /s /p:rn [file not found] PCHB_gurpsgm_PCHealthBoost_RS -> launches: "C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe" /c /s /a:rs [file not found] PCHB_gurpsgm_PCHealthBoost_UP -> launches: "C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe" /c /s /a:dw [file not found] PCHB_WaitAndStartAfter -> launches: "C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe" /c /a:rs [file not found] ProgramRefresh-ATFST -> launches: C:\Program Files (x86)\File Type Assistant\tsasetup.exe /refresh /verysilent /suppressmsgboxes /nocancel /norestart [file not found] ProgramUpdateCheck -> launches: C:\Program Files (x86)\File Type Assistant\TSAssist.exe /chkupd [file not found] RealPlayerRealUpgradeLogonTaskS-1-5-21-2751017530-556950238-3992346484-1000 -> launches: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck [file not found] RealPlayerRealUpgradeScheduledTaskS-1-5-21-2751017530-556950238-3992346484-1000 -> launches: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck [file not found] RealUpgradeLogonTaskS-1-5-21-2751017530-556950238-3992346484-1000 -> launches: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /logoncheck [file not found] RealUpgradeScheduledTaskS-1-5-21-2751017530-556950238-3992346484-1000 -> launches: C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe /scheduledcheck [file not found] Reimage Reminder -> launches: "C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe" [file not found] Seagate_Install_Launch -> launches: C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [null data] SidebarExecute -> launches: C:\Program Files\Windows Sidebar\sidebar.exe [MS] SlimCleaner Run -> launches: "C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe" $(Arg0) [slimWare Utilities, Inc.] SparkTrust PC Cleaner Plus -> launches: C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe -scan [file not found] SparkTrust Registration3 -> launches: C:\Windows\system32\rundll32.exe "C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns [MS] SparkTrust Update Version3 -> launches: C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe [sparkTrust Systems] SparkTrust Update Version3 Startup Task -> launches: C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe -StartupTask [sparkTrust Systems] User_Feed_Synchronization-{21B4E9D4-6B39-431A-BA29-EF6281D6E976} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS] WpsUpdateTask_gurpsgm -> launches: C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe -from=task [Zhuhai Kingsoft Office Software Co.,Ltd] {1E2DF568-C6F3-47A0-9E95-A8122C3D839E} -> launches: D:\autorun.exe [file not found] {484B8029-9493-40C2-87A1-E0C54EC58133} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\gurpsgm\Documents\Downloads\CA43_Hex_Overland.exe -d "C:\Program Files (x86)\Mozilla Firefox" [MS] {72217564-44FF-4AE7-82AC-B4662CA68FBA} -> launches: C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest\LaunchPad.exe [sony Online Entertainment] {7F385FFC-F136-4F35-B60E-036455BD4BEE} -> launches: C:\Users\gurpsgm\Documents\Downloads\sm_dm.exe [file not found] {89862946-A18D-4240-A06F-77ABB6566F79} -> launches: C:\Windows\system32\pcalua.exe -a D:\setup.exe -d D:\ [MS] {A9843C85-E4C4-4086-AFE7-9042C714F914} -> launches: D:\autorun.exe [file not found] {BCF86C3F-4CAD-48B7-9BB3-B34FADB48135} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\gurpsgm\Documents\Downloads\Saitek_Cyborg_Keyboard_SD6_64_Drivers_pfw.exe -d C:\Users\gurpsgm\Desktop [MS] {D436729F-20E9-464A-ABDA-10798FF50770} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\gurpsgm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LMCJBJQH\yahoo_toolbar_install_helper.exe" -d C:\Users\gurpsgm\Desktop [MS] {E1BDBAB9-97A3-40ED-8842-524200AA03C6} -> launches: C:\Windows\system32\pcalua.exe -a D:\instmsia.exe -d D:\ [MS] {E2E7D126-CF2C-43F1-BA9B-A167876E9248} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\gurpsgm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PSCU9K7R\Saitek_Cyborg_Keyboard_SD6_64_Drivers_pfw.exe" -d C:\Users\gurpsgm\Desktop [MS] C:\Windows\System32\Tasks\Apple AppleSoftwareUpdate -> launches: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task [file not found] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] -> {HKLM...Wow...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D} -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS] ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS] DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS] ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS] MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS] ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS] PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS] PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS] PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS] PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS] PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS] RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS] ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS] SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TabletPC InputPersonalization -> launches: %CommonProgramFiles%\Microsoft Shared\Ink\InputPersonalization.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] -> {HKLM...Wow...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS] ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem Calibration Loader -> launches: {B210D694-C8DF-490d-9576-9E20CDBC20BD} -> {HKLM...CLSID} = Color Calibration Loader \InProcServer32\(Default) = C:\Windows\System32\mscms.dll [MS] -> {HKLM...Wow...CLSID} = Color Calibration Loader \InProcServer32\(Default) = C:\Windows\System32\mscms.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] -> {HKLM...Wow...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1} -> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS] C:\Windows\System32\Tasks\Norton 360 Norton Error Analyzer -> launches: C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe /analyze [symantec Corporation] Norton Error Processor -> launches: C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe /submit [symantec Corporation] C:\Windows\System32\Tasks\Norton Identity Safe Norton Error Analyzer -> launches: C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe /analyze [symantec Corporation] Norton Error Processor -> launches: C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe /submit [symantec Corporation] C:\Windows\System32\Tasks\Norton Management Norton Error Analyzer -> launches: C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe /analyze [symantec Corporation] Norton Error Processor -> launches: C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe /submit [symantec Corporation] C:\Windows\System32\Tasks\Norton Zone Norton Error Analyzer -> launches: C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\SymErr.exe /analyze [symantec Corporation] Norton Error Processor -> launches: C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\SymErr.exe /submit [symantec Corporation] C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy Check for updates -> launches: "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" /autoupdate /silent /autoclose /background [safer-Networking Ltd.] Refresh immunization -> launches: "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe" /immunize /silent /autoclose [safer-Networking Ltd.] Scan the system -> launches: "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe" /scan /cleanclose [safer-Networking Ltd.] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-2751017530-556950238-3992346484-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.] 000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000009\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] 000000000007\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [file not found] 000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] 000000000009\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -> {HKLM...CLSID} = Norton Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll [symantec Corporation] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {8DCB7100-DF86-4384-8842-8FA844297B3F} = Bing -> {HKLM...CLSID} = Bing Bar \InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\amd64\BingExt.dll" [Microsoft Corporation.] {2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided) -> {HKLM...CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} = Norton Toolbar -> {HKLM...CLSID} = Norton Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll [symantec Corporation] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\ {47833539-D0C5-4125-9FA8-0819E2EAAC93} = (no title provided) -> {HKLM...Wow...CLSID} = Adobe PDF \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe Systems Incorporated] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} = Norton Toolbar -> {HKLM...Wow...CLSID} = Norton Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll [symantec Corporation] {2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided) -> {HKLM...Wow...CLSID} = Google Toolbar \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] Explorer Bars HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Research Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKCU\Software\Microsoft\Internet Explorer\Extensions\ {086C8477-4F71-4550-87FB-AF0AE8DF3E98}\ ButtonText = ICQ MenuText = ICQ Exec = C:\Users\gurpsgm\AppData\Roaming\ICQM\icq.exe [iCQ] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ ButtonText = Skype Click to Call CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -> {HKLM...CLSID} = Skype add-on for Internet Explorer (toolbar button) \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [skype Technologies S.A.] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Send to OneNote MenuText = S&end to OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll [MS] {76C5FB99-DD0A-4186-9E75-65D1BF3DA283}\ ButtonText = Add to Wish List Script = C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm [file not found] {898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ ButtonText = Skype Click to Call CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -> {HKLM...Wow...CLSID} = Skype Browser Helper \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ ButtonText = Research BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -> {HKLM...Wow...CLSID} = &Research \InProcServer32\(Default) = C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL [MS] {F0D6B094-D85E-4EDB-81EE-971A684343AB}\ ButtonText = Send to MyInfo (Attachment) MenuText = Send to MyInfo (Attachment) CLSIDExtension = {4DBB4D17-C65B-4868-8E9C-7779FB3DDA27} -> {HKLM...Wow...CLSID} = Send to MyInfo (Attachment) \InProcServer32\(Default) = C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfoAttachment.dll [Milenix Software Ltd.] {F192EBCD-82E5-11DA-954E-00E08161165F}\ ButtonText = Send to MyInfo MenuText = Send to MyInfo CLSIDExtension = {A1AD13F3-B8F0-4584-8088-8BCBDB42663F} -> {HKLM...Wow...CLSID} = Send to MyInfo \InProcServer32\(Default) = C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfo.dll [Milenix Software Ltd.] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated] Advanced SystemCare Service 7, AdvancedSystemCareService7, C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [iObit] AMD External Events Utility, AMD External Events Utility, C:\Windows\system32\atiesrxx.exe [AMD] BBUpdate, BBUpdate, "C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.exe" [Microsoft Corporation.] FABS - Helping agent for MAGIX media database, Fabs, C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe /DisableUI [MAGIX® AG] GREGService, GREGService, C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [Acer Incorporated] IHA_MessageCenter, IHA_MessageCenter, "C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" [null data] Intel® Matrix Storage Event Monitor, IAANTMON, C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [intel Corporation] iolo System Service, ioloSystemService, "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [iolo technologies, LLC] LiveUpdate, LiveUpdateSvc, C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [iObit] McciCMService, McciCMService, "C:\Program Files (x86)\Common Files\Motive\McciCMService.exe" [Alcatel-Lucent] McciCMService64, McciCMService64, "C:\Program Files\Common Files\Motive\McciCMService.exe" [Alcatel-Lucent] Norton 360, N360, "C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\diMaster.dll" /prefetch:1 [symantec Corporation] Norton Identity Safe, NCO, "C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe" /s "NCO" /m "C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll" /prefetch:1 [symantec Corporation] Norton Management, MCLIENT, "C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe" /s "MCLIENT" /m "C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\diMaster.dll" /prefetch:1 [symantec Corporation] Norton Zone, NZ, "C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe" /s "NZ" /m "C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\diMaster.dll" /prefetch:1 [symantec Corporation] NTI IScheduleSvc, NTI IScheduleSvc, C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [NewTech Infosystems, Inc.] Pure Networks Platform Service, nmservice, "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" [Cisco Systems, Inc.] Spybot-S&D 2 Scanner Service, SDScannerService, "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" [safer-Networking Ltd.] Spybot-S&D 2 Security Center Service, SDWSCService, "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe" [safer-Networking Ltd.] Spybot-S&D 2 Updating Service, SDUpdateService, "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" [safer-Networking Ltd.] SpyHunter 4 Service, SpyHunter 4 Service, C:\PROGRA~1\Enigma Software Group\SpyHunter\SH4Service.exe [Enigma Software Group USA, LLC.] Steam Client Service, Steam Client Service, "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService [Valve Corporation] TabletServicePen, TabletServicePen, C:\Program Files\Tablet\Pen\Pen_Tablet.exe [Wacom Technology, Corp.] True Sword 5 Scheduler, TrueSwordSchedulerService, C:\Program Files (x86)\True Sword 5\TrueSwordSchedule.exe [null data] Updater Service, Updater Service, C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [Acer Group] USBS3S4Detection, USBS3S4Detection, C:\OEM\USBDECTION\USBS3S4Detection.exe [null data] Wacom Consumer Touch Service, TouchServicePen, C:\Program Files\Tablet\Pen\Pen_TouchService.exe [Wacom Technology, Corp.] Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS] WinTab Service, WinTabService, "C:\Windows\System32\Drivers\WTSRV.EXE" [uC-Logic Technology Corp.] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <<!>> IMFservice, Service <<!>> ioloSystemService, Service <<!>> PEVSystemStart, Service <<!>> procexp90.Sys, Driver HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <<!>> ioloSystemService, Service <<!>> PEVSystemStart, Service <<!>> procexp90.Sys, Driver Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Adobe PDF Port Monitor\Driver = AdobePDF.dll [Adobe Systems Inc] Nitro PDF Port Monitor\Driver = nitrolocalmon2.dll [Nitro PDF Software] PCL hpz3llhn\Driver = hpz3llhn.dll [Hewlett-Packard Company] ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\gurpsgm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\gurpsgm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\njkkjobcechefaoknodniidfjapgfoco\def\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\gurpsgm\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Mon 12/02/2013 at 9:15:50.16 ======================
-
Sorry this had to be broken down ... Zoek-A.txt Zoek.exe Version 4.0.0.5 Updated 30-November-2013 Tool run by gurpsgm on Mon 12/02/2013 at 8:45:04.72. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\gurpsgm\Documents\Bruce\Computer\Problems\zoek\zoek.exe [script inserted] ==== System Restore Info ====================== 12/2/2013 08:48:36 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe C:\Program Files (x86)\Common Files\Motive\McciCMService.exe C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe C:\Program Files (x86)\True Sword 5\TrueSwordSchedule.exe C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe C:\OEM\USBDECTION\USBS3S4Detection.exe C:\Windows\System32\Drivers\WTSRV.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\My Lockbox\mylbx.exe C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files (x86)\RegZooka\RegZookaScheduler.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.exe C:\Users\gurpsgm\Documents\Bruce\Computer\Problems\zoek\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\8ckfqq5x.default-1384954388521\prefs.js: user_pref("browser.startup.homepage", "http://search.yahoo.com/?type=293224&fr=spigot-yhp-ff"); user_pref("browser.search.selectedEngine", "Google"); user_pref("keyword.url", "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p="); Added to C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\8ckfqq5x.default-1384954388521\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); Deleted from C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\svdcl1jg.default-1357467556136\prefs.js: Added to C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\svdcl1jg.default-1357467556136\prefs.js: user_pref("browser.startup.homepage", "http://www.google.com"); user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.newtab.url", "http://www.google.com/"); user_pref("browser.search.defaultengine", "Google"); user_pref("browser.search.defaultenginename", "Google"); user_pref("browser.search.selectedEngine", "Google"); user_pref("browser.search.order.1", "Google"); user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q="); user_pref("browser.search.suggest.enabled", true); user_pref("browser.search.useDBForOrder", true); ProfilePath: C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\8ckfqq5x.default-1384954388521 user.js not found ---- Lines spigot removed from prefs.js ---- user_pref("browser.startup.homepage", "http://search.yahoo.com/?type=293224&fr=spigot-yhp-ff"); ---- FireFox user.js and prefs.js backups ---- prefs_20131202_0857_.backup ProfilePath: C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\svdcl1jg.default-1357467556136 user.js not found ---- FireFox user.js and prefs.js backups ---- ==== Deleting Files \ Folders ====================== C:\Windows\syswow64\appdata deleted C:\PROGRA~2\File Type Assistant deleted C:\PROGRA~2\Amazon deleted C:\ProgramData\GBox deleted C:\ProgramData\InstallMate deleted C:\ProgramData\Package Cache deleted C:\Users\gurpsgm\AppData\Local\FileTypeAssistant deleted C:\Users\gurpsgm\AppData\Local\NativeMessaging deleted C:\Windows\sysWoW64\config\systemprofile\AppData\Local\FileTypeAssistant deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar deleted "C:\Users\gurpsgm\AppData\Roaming\IDM" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 8184 MB CPU Info: Intel® Core i7 CPU 870 @ 2.93GHz CPU Speed: 2995.3 MHz Sound Card: Speakers (Realtek High Definiti | Realtek Digital Output (Realtek | Display Adapters: AMD Radeon HD 5700 Series | AMD Radeon HD 5700 Series | AMD Radeon HD 5700 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; SyncMaster T220/T220G,SyncMaster Magic T220/T220G(Digital) | Screen Resolution: 1680 X 1050 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GH60N Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 911.4GB Hard Disks - Free: C: 326.3GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 08/16/32 | ACRSYS - 20100517 Time Zone: Eastern Standard Time Motherboard *: Gateway FX6840 Country: United States Language: ENU ==== System Specs (Software) ====================== Anti-Virus: Norton 360 On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Spybot - Search and Destroy disabled (Outdated) Anti-Spyware: IObit Malware Fighter disabled (Outdated) Anti-Spyware: Norton 360 disabled (Outdated) Firewall: Norton 360 disabled Default Browser: Firefox 25.0.1 Internet Explorer Version: 10.0.9200.16686 Mozilla Firefox version: 25.0.1 (x86 en-US) Opera Browser version: 18.0.1284.49 Google Chrome version: 31.0.1650.57 Adobe Reader version: 11.0.04.63 Sun Java version: 1.7.0_45 (32-bit) Flash Player version: 11.9.900.152 Shockwave Player version: 12.0.5r146 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2013-11-21 19:00:24 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe 2013-11-21 19:00:24 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe 2013-11-21 19:00:24 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe 2013-11-21 19:00:24 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe 2013-11-21 19:00:24 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe 2013-11-20 13:37:07 A9D56A34095AB80E85AD630B8405182A 81920 ----a-w- C:\Windows\eSellerateControl350.dll 2013-11-20 13:37:07 02127FDD91FDA05FA8B201A4171CC0E2 356352 ----a-w- C:\Windows\eSellerateEngine.dll ====== C:\Users\gurpsgm\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2013-11-20 13:37:08 D5405DD640E870B1DD4F5B4BD08865BB 1122304 ----a-w- C:\Windows\SysWOW64\libeay32.dll 2013-11-20 13:37:08 8EAE03A0F0BF13AF27702E29460D7B47 274432 ----a-w- C:\Windows\SysWOW64\ssleay32.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2013-11-25 15:36:23 30855FC9634E2BC088DA663C9289A17B 57648 ----a-w- C:\Windows\Sysnative\drivers\FSPFltd2.sys 2013-11-20 13:45:21 3B32CAA07D672F8A2E0DF5CB3A873F45 22704 ----a-w- C:\Windows\Sysnative\drivers\EsgScanner.sys 2013-11-19 12:43:47 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys ====== C:\Windows\Tasks ====== 2013-11-26 21:16:41 678EA7D112E82D95BF26AC0F8885C84C 288 ----a-w- C:\Windows\Tasks\Driver Booster Update.job 2013-11-26 21:16:41 617D64DEC796AD91ABE804C73820E55C 3218 ----a-w- C:\Windows\Sysnative\Tasks\Driver Booster Scan 2013-11-26 21:16:41 4D7A0EF130A5D3E809E499FD980C9353 2566 ----a-w- C:\Windows\Sysnative\Tasks\Driver Booster Update 2013-11-20 14:52:01 FF57D8F6FBFCCE4066D9F81703A3F06A 3136 ----a-w- C:\Windows\Sysnative\Tasks\SparkTrust Registration3 2013-11-20 14:52:01 CA3CF6D3785B3DBD2A2991243F010CF5 468 ----a-w- C:\Windows\Tasks\SparkTrust Registration3.job 2013-11-20 14:51:42 4208EDC3B84FA0397433650401C0341C 478 ----a-w- C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job 2013-11-20 14:51:42 1EB8CBDEB2D1A91CDF7CF232EE0FE282 2908 ----a-w- C:\Windows\Sysnative\Tasks\SparkTrust Update Version3 Startup Task 2013-11-20 14:51:41 5AE0EE75E838763A02FCD580C6951F51 426 ----a-w- C:\Windows\Tasks\SparkTrust Update Version3.job 2013-11-20 14:51:41 0450D4866B5ADD3128FA3E48EB5BF542 3244 ----a-w- C:\Windows\Sysnative\Tasks\SparkTrust Update Version3 2013-11-20 14:51:40 EAE72F3D823C328BA0D228434FDF4303 3448 ----a-w- C:\Windows\Sysnative\Tasks\SparkTrust PC Cleaner Plus 2013-11-20 14:51:40 2A3DD257EDE4E9F9D4ED47A9EFB32540 526 ----a-w- C:\Windows\Tasks\SparkTrust PC Cleaner Plus.job 2013-11-19 11:38:56 BB8058EC5E4EF3BC0EC31417B52D2CDB 3684 ----a-w- C:\Windows\Sysnative\Tasks\PCHB_gurpsgm_PCHealthBoost_RM 2013-11-19 11:38:55 DAFC340B34FA925E2CFA81C91889F51E 3684 ----a-w- C:\Windows\Sysnative\Tasks\PCHB_gurpsgm_PCHealthBoost_RN 2013-11-19 11:38:55 80C4F48BE37D53644F9B4443E4642EAE 3684 ----a-w- C:\Windows\Sysnative\Tasks\PCHB_gurpsgm_PCHealthBoost_UP 2013-11-19 11:38:52 088033A865A6530018ACECF0E10C6157 3874 ----a-w- C:\Windows\Sysnative\Tasks\PCHB_gurpsgm_PCHealthBoost_RS 2013-11-19 11:38:36 2559AC1F969219EC72ADE3FDA93A805B 3878 ----a-w- C:\Windows\Sysnative\Tasks\PCHB_WaitAndStartAfter 2013-11-12 14:46:11 912362859EE4A3AD78747489DC4D7785 2854 ----a-w- C:\Windows\Sysnative\Tasks\ASC7_SkipUac_gurpsgm ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-11-22 21:49:06 -------- dc----w- C:\Program Files\Wireshark 2013-11-20 13:45:13 -------- dc----w- C:\Program Files\Enigma Software Group ======= C:\PROGRA~2 ===== 2013-11-24 21:40:52 -------- d-----w- C:\PROGRA~2\True Sword 5 2013-11-24 21:39:59 -------- d-----w- C:\PROGRA~2\Active Shield 5 2013-11-22 22:00:59 -------- d-----w- C:\PROGRA~2\mIRC 2013-11-22 11:52:02 -------- d-----w- C:\PROGRA~2\ERUNT 2013-11-20 14:51:39 -------- d-----w- C:\PROGRA~2\COMMON~1\SparkTrust 2013-11-20 13:37:07 -------- d-----w- C:\PROGRA~2\Spigot Removal Tool 2013-11-19 16:10:06 -------- d-----w- C:\PROGRA~2\Virtual Mechanics 2013-11-12 17:37:27 -------- d-----w- C:\PROGRA~2\Kyodai Mahjongg 2006 2013-11-11 03:58:38 -------- d-----w- C:\PROGRA~2\Alchemy Mindworks 2013-11-08 00:51:16 -------- d-----w- C:\PROGRA~2\Metacreator Demo 2013-11-02 20:52:37 -------- d-----w- C:\PROGRA~2\The Witcher 2 ======= C: ===== ====== C:\Users\gurpsgm\AppData\Roaming ====== 2013-11-30 23:30:48 -------- d-----w- C:\Users\gurpsgm\AppData\Local\Opera 2013-11-30 23:30:46 -------- d-----w- C:\Users\gurpsgm\AppData\Locallow\SecurePlugin 2013-11-30 23:30:14 -------- d-----w- C:\Users\gurpsgm\AppData\Roaming\OpenOffice.org 2013-11-30 23:30:11 -------- d-----w- C:\Users\gurpsgm\AppData\Roaming\Product_PT 2013-11-30 23:30:08 -------- d-----w- C:\Users\gurpsgm\AppData\Roaming\Real 2013-11-25 15:36:23 -------- d-----w- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Lockbox 2013-11-25 11:57:51 -------- d-----w- C:\Users\gurpsgm\AppData\Roaming\Thunderbird 2013-11-25 11:57:51 -------- d-----w- C:\Users\gurpsgm\AppData\Local\Thunderbird 2013-11-24 17:08:21 -------- d-----w- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2013-11-24 17:04:31 -------- d-----w- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2013-11-23 12:02:52 -------- d-----w- C:\Users\gurpsgm\AppData\Local\NPE 2013-11-22 22:01:00 -------- d-----w- C:\Users\gurpsgm\AppData\Roaming\mIRC 2013-11-21 19:31:14 -------- d-----w- C:\Users\Default\AppData\Local\temp 2013-11-21 19:31:14 -------- d-----w- C:\Users\Default User\AppData\Local\temp 2013-11-20 13:45:14 -------- d-----w- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2013-11-19 16:11:15 -------- d-----w- C:\Users\gurpsgm\AppData\Roaming\Virtual Mechanics 2013-11-12 18:30:08 -------- d-----w- C:\Users\gurpsgm\AppData\Local\WhiteListing 2013-11-12 12:58:19 -------- d-----w- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Metacreator 2013-11-11 03:58:40 -------- d-----w- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alchemy Mindworks 2013-11-06 11:00:57 -------- d-----w- C:\Users\gurpsgm\AppData\Locallow\AdbPlugin ====== C:\Users\gurpsgm ====== 2013-11-26 21:16:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2013-11-24 21:40:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Sword 5 2013-11-24 21:40:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active Shield 5 2013-11-24 17:10:24 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon 2013-11-22 22:06:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3 2013-11-22 22:03:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2013-11-22 22:01:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC 2013-11-22 11:52:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2013-11-20 13:37:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spigot Removal Tool 2013-11-19 16:11:15 -------- d-----w- C:\ProgramData\Virtual Mechanics 2013-11-13 12:24:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vocation 2013-11-13 12:23:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transits 2013-11-13 12:23:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TNA_db 2013-11-13 12:22:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SE_Triple_Aspects 2013-11-13 12:22:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SE_Quadruple_Aspects 2013-11-13 12:22:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SE_Aspectarian 2013-11-13 12:21:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AstroWin 2013-11-13 12:19:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astro123 2013-11-12 17:37:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kyodai Mahjongg 2006 2013-11-12 14:46:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller 2013-11-12 14:46:31 -------- d-----w- C:\ProgramData\ProductData 2013-11-12 14:46:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7 2013-11-12 13:11:30 -------- d-----w- C:\Users\gurpsgm\Metacreator 2013-11-11 03:58:37 -------- d-----w- C:\ProgramData\Alchemy Mindworks 2013-11-08 00:51:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metacreator Demo 2013-11-05 18:35:25 -------- d-sh--w- C:\ProgramData\DSS 2013-11-05 13:36:30 -------- d-----w- C:\ProgramData\LightScribe 2013-11-02 21:24:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2 ====== C: exe-files == 2013-11-25 15:39:46 17081E293449814BB8CF7A9EBBA52CC6 1176864 -c--a-w- C:\Program Files\My Lockbox\unins000.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Norton Download Manager{NF2809-PROD-FSD3202}"="C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe /m" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\iolo\System Mechanic\startup manager\configuration\Disabled\registry\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "BingDesktop"="C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey" "LogitechQuickCamRibbon"="C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe /hide" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [HKEY_USERS\S-1-5-21-2751017530-556950238-3992346484-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Screenshot Captor"="C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe /autorun" "Steam"="C:\Program Files (x86)\Steam\steam.exe -silent" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Norton Download Manager{NF2809-PROD-FSD3202}"="C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe /m" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nmapp"="C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe -autorun -nosplash" "EMET Notifier"="C:\Program Files (x86)\EMET (Tech Preview)\EMET_notifier.exe" "Google Desktop Search"="C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe /startup" "SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" "RegZooka Scheduler"="C:\Program Files (x86)\RegZooka\RegZookaScheduler.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Screenshot Captor"="C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe /autorun" "Steam"="C:\Program Files (x86)\Steam\steam.exe -silent" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" "ProfilerU"="C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" "IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" "SaiVolume"="C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe" "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "mylbx"="C:\Program Files\My Lockbox\mylbx.exe /a" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "item"="Adobe Reader Speed Launcher" "hkey"="HKLM" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackupManagerTray] "command"="\"C:\\Program Files (x86)\\NewTech Infosystems\\Gateway MyBackup\\BackupManagerTray.exe\" -h -k" "item"="BackupManagerTray" "hkey"="HKLM" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cltmng.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Hotkey Utility] "command"="C:\\Program Files (x86)\\Gateway\\Hotkey Utility\\HotkeyUtility.exe" "item"="Hotkey Utility" "hkey"="HKLM" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC] "item"="StartCCC" "hkey"="HKLM" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\THX Audio Control Panel] "command"="\"C:\\Program Files (x86)\\Creative\\THX TruStudio PC\\THXAudioCP\\THXAudio.exe\" /r" "item"="THX Audio Control Panel" "hkey"="HKLM" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdReg] "command"="C:\\Windows\\UpdReg.EXE" "item"="UpdReg" "hkey"="HKLM" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acrobat Assistant 8.0] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ActiveShield5.exe] "command"="C:\\Program Files (x86)\\Active Shield 5\\ActiveShield5.exe" "item"="ActiveShield5.exe" "hkey"="HKCU" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "command"="c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\adobearm.exe" "hkey"="HKLM" "item"="Adobe ARM" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AmazonGSDownloaderTray] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer] "command"="c:\\program files (x86)\\cyberlink\\power2go\\clmlsvc.exe" "hkey"="HKLM" "item"="CLMLServer" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cltmng.exe] "item"="cltmng.exe" "hkey"="HKCU" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DBAgent] "command"="\"c:\\program files (x86)\\seagate\\seagate dashboard 2.0\\dbagent.exe\" /winstart" "hkey"="HKLM" "item"="DBAgent" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXMediaServer] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Eraser] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update] "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Google Update" "command"="\"C:\\Users\\gurpsgm\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c" "hkey"="HKCU" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\icq] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelTBRunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM] "command"="c:\\programdata\\flexnet\\connect\\11\\isuspm.exe -scheduler" "hkey"="HKCU" "item"="ISUSPM" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MobileDocuments] "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MobileDocuments" "hkey"="HKCU" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nmctxth] "command"="c:\\program files (x86)\\common files\\pure networks shared\\platform\\nmctxth.exe" "hkey"="HKLM" "item"="nmctxth" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Pando Media Booster] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Pando Media Booster" "command"="c:\\program files (x86)\\pando networks\\media booster\\pmb.exe" "hkey"="HKCU" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Seagate.Dashboard.Uploader.exe] "command"="C:\\Program Files (x86)\\Seagate\\Seagate Dashboard 2.0\\Seagate.Dashboard.Uploader.exe" "item"="Seagate.Dashboard.Uploader.exe" "hkey"="HKCU" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "command"="c:\\program files (x86)\\common files\\java\\java update\\jusched.exe" "hkey"="HKLM" "item"="SunJavaUpdateSched" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe] "hkey"="HKLM" "item"="TkBellExe" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UnlockerAssistant] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Uploader] "command"="c:\\program files (x86)\\seagate\\seagate dashboard 2.0\\seagate.dashboard.uploader.exe" "hkey"="HKCU" "item"="Uploader" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent.exe] "command"="\"C:\\Users\\gurpsgm\\AppData\\Roaming\\uTorrent\\uTorrent.exe\"" "item"="uTorrent.exe" "hkey"="HKCU" "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Xvid] "key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Xvid" "command"="C:\\Program Files (x86)\\Xvid\\CheckUpdate.exe" "hkey"="HKCU" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AML Device Install.lnk] "item"="AML Device Install" "backupExtension"=".CommonStartup" "command"="C:\\Program Files (x86)\\AMD AVT\\bin\\kdbsync.exe aml" "backup"="C:\\Windows\\pss\\AML Device Install.lnk.CommonStartup" ==== Startup Folders ====================== 2013-02-04 00:40:23 2022 ----a-w- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnyTime.lnk 2013-11-21 17:38:06 1310 ----a-w- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11/16/2013 11:52] C:\Windows\tasks\Driver Booster Update.job --a------ C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [11/04/2013 11:01] C:\Windows\tasks\FreeFileViewerUpdateChecker.job --a------ C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [03/25/2013 17:24] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/05/2010 15:27] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/05/2010 15:27] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2751017530-556950238-3992346484-1000Core.job --a------ C:\Users\gurpsgm\AppData\Local\Google\Update\GoogleUpdate.exe [08/02/2011 10:46] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2751017530-556950238-3992346484-1000UA.job --a------ C:\Users\gurpsgm\AppData\Local\Google\Update\GoogleUpdate.exe [08/02/2011 10:46] C:\Windows\tasks\Norton Security Scan for gurpsgm.job --ah----- C:\PROGRA2\Norton Security Scan\Engine\4.0.3.24\Nss.exe [] C:\Windows\tasks\SparkTrust PC Cleaner Plus.job --a------ C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe [] C:\Windows\tasks\SparkTrust Registration3.job --a------ C:\Windows\system32\rundll32FC:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll [] C:\Windows\tasks\SparkTrust Update Version3 Startup Task.job --a------ C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe [09/11/2013 18:41] C:\Windows\tasks\SparkTrust Update Version3.job --a------ C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe [09/11/2013 18:41] C:\Windows\tasks\WpsUpdateTask_gurpsgm.job --a------ C:FC:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\ASC7_SkipUac_gurpsgm" [C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe /SkipUac] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files (x86)\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\Driver Booster Scan" [C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe] "C:\Windows\SysNative\tasks\Driver Booster Update" [C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe] "C:\Windows\SysNative\tasks\FreeFileViewerUpdateChecker" [C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe] "C:\Windows\SysNative\tasks\Game_Booster_AutoUpdate" [C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2751017530-556950238-3992346484-1000Core" [C:\Users\gurpsgm\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2751017530-556950238-3992346484-1000UA" [C:\Users\gurpsgm\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\gurpsgm DBAgent 2 0" ["C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe"] "C:\Windows\SysNative\tasks\Norton Security Scan for gurpsgm" [C:\PROGRA~2\Norton Security Scan\Engine\4.0.3.24\Nss.exe] "C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\WSCStub.exe"] "C:\Windows\SysNative\tasks\PCHB_gurpsgm_PCHealthBoost_RM" ["C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe"] "C:\Windows\SysNative\tasks\PCHB_gurpsgm_PCHealthBoost_RN" ["C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe"] "C:\Windows\SysNative\tasks\PCHB_gurpsgm_PCHealthBoost_RS" ["C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe"] "C:\Windows\SysNative\tasks\PCHB_gurpsgm_PCHealthBoost_UP" ["C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe"] "C:\Windows\SysNative\tasks\PCHB_WaitAndStartAfter" ["C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe"] "C:\Windows\SysNative\tasks\ProgramRefresh-ATFST" [C:\Program Files (x86)\File Type Assistant\tsasetup.exe] "C:\Windows\SysNative\tasks\ProgramUpdateCheck" [C:\Program Files (x86)\File Type Assistant\TSAssist.exe] "C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2751017530-556950238-3992346484-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2751017530-556950238-3992346484-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealUpgradeLogonTaskS-1-5-21-2751017530-556950238-3992346484-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\RealUpgradeScheduledTaskS-1-5-21-2751017530-556950238-3992346484-1000" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\SysNative\tasks\Reimage Reminder" ["C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe"] "C:\Windows\SysNative\tasks\Seagate_Install_Launch" [C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\SlimCleaner Run" ["C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe"] "C:\Windows\SysNative\tasks\SparkTrust PC Cleaner Plus" [C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe] "C:\Windows\SysNative\tasks\SparkTrust Registration3" [C:\Windows\system32\rundll32.exe "C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns] "C:\Windows\SysNative\tasks\SparkTrust Update Version3" [C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe] "C:\Windows\SysNative\tasks\SparkTrust Update Version3 Startup Task" [C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{21B4E9D4-6B39-431A-BA29-EF6281D6E976}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\WpsUpdateTask_gurpsgm" [C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe] "C:\Windows\SysNative\tasks\{1E2DF568-C6F3-47A0-9E95-A8122C3D839E}" [D:\autorun.exe] "C:\Windows\SysNative\tasks\{72217564-44FF-4AE7-82AC-B4662CA68FBA}" [C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest\LaunchPad.exe] "C:\Windows\SysNative\tasks\{7F385FFC-F136-4F35-B60E-036455BD4BEE}" [C:\Users\gurpsgm\Documents\Downloads\sm_dm.exe] "C:\Windows\SysNative\tasks\{A9843C85-E4C4-4086-AFE7-9042C714F914}" [D:\autorun.exe] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\Norton 360\Norton Error Analyzer" [C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe] "C:\Windows\SysNative\tasks\Norton 360\Norton Error Processor" [C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Identity Safe\Norton Error Analyzer" [C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Identity Safe\Norton Error Processor" [C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Management\Norton Error Analyzer" [C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Management\Norton Error Processor" [C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Zone\Norton Error Analyzer" [C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\SymErr.exe] "C:\Windows\SysNative\tasks\Norton Zone\Norton Error Processor" [C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\SymErr.exe] "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"] "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe"] "C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe"] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\IPSFF" [10/09/2013 12:10] ==== Firefox Extensions ====================== ProfilePath: C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\8ckfqq5x.default-1384954388521 - Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\coFFPlgn ProfilePath: C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\svdcl1jg.default-1357467556136 - Undetermined - %ProfilePath%\extensions\ascsurfingprotection@iobit.com - Undetermined - %ProfilePath%\extensions\ffxtlbr@zonealarm.com - Undetermined - %ProfilePath%\extensions\speeddial@instair.net - Undetermined - %ProfilePath%\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3} AppDir: C:\Program Files (x86)\Mozilla Firefox - Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\8ckfqq5x.default-1384954388521 EE8D96E7899D12FC3AA5DB2034C0853C - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll - Shockwave Flash 68BCBB241EF254BC5100D9E6C06ECC71 - C:\Users\gurpsgm\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator 99FE6AFE80EB7FE3EEB75DC504A326A3 - C:\Users\gurpsgm\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer AF42019A3B0EDBFA6878F75B9377A792 - C:\Users\gurpsgm\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin C2321043FA2CA4C32FF449DE6116B5D9 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll - Shockwave for Director / Shockwave for Director CFAF7B67C78D09D79688AEDCA3D090E2 - C:\Users\gurpsgm\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll - Google Update C5322029C67AD8D38311FABEEAB4E595 - C:\Users\gurpsgm\Music\Winamp Detect\npwachk.dll - Winamp Application Detector 4C07B5286D129DFD25C24B4A31B9B888 - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll - Happy Cloud Plugin 71B61A08992B0F895288CAAB2B43E3F7 - C:\Users\gurpsgm\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player B70509F8ABCBE6B75AE0976A969CDE8F - C:\Users\gurpsgm\AppData\LocalLow\Square Enix\nprun3d.dll - Square Enix Secure Launcher 87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bejbohlohkkgompgecdcbbglkpjfjgdj - No path found[] jcjcincggeadfpomfcpgpfnedgakccji - No path found[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[10/09/2013 09:59] lipgolpfajiadodbcbljdpmbmbdmfcil - C:\Users\gurpsgm\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx[] mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\Exts\Chrome.crx[10/05/2013 22:26] nfengeggddojhakldhlpjdlddgkkjkdd - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx[10/12/2013 13:04] nppllibpnmahfaklnpggkibhkapjkeob - No path found[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions lipgolpfajiadodbcbljdpmbmbdmfcil - C:\Users\gurpsgm\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx[] Google Docs - gurpsgm - Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - gurpsgm - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf Shortcuts for Google\u2122 - gurpsgm - Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd YouTube - gurpsgm - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Spotify - Music for every moment - gurpsgm - Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh Google Search - gurpsgm - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Facebook for Chrome - gurpsgm - Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp StumbleUpon - gurpsgm - Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg eBay Extension for Google Chrome\u2122 - gurpsgm - Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck Wikipedia - gurpsgm - Default\Extensions\lpofdaeejlpkojmbchffjakgmkfigjba WeatherBug - gurpsgm - Default\Extensions\njkkjobcechefaoknodniidfjapgfoco Google Wallet - gurpsgm - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Lyrics for Google Chrome\u2122 - gurpsgm - Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek Gmail - gurpsgm - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek deleted successfully C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oglbipcbkmlknhfhabolnniekmlhfoek_0.localstorage deleted successfully C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oglbipcbkmlknhfhabolnniekmlhfoek_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://search.yahoo.com/?type=293224&fr=spigot-yhp-ie" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" {8293C2B2-E7B8-44BE-82D1-DCEF01778D8C} Yahoo//search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}" ==== Reset Google Chrome ====================== C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jcjcincggeadfpomfcpgpfnedgakccji deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nppllibpnmahfaklnpggkibhkapjkeob deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonGSDownloaderTray deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cltmng.exe deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelTBRunOnce deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent.exe deleted successfully ==== HijackThis Entries ====================== O2 - BHO: Send to MyInfo (Attachment) - {4DBB4D17-C65B-4868-8E9C-7779FB3DDA27} - C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfoAttachment.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Send to MyInfo - {A1AD13F3-B8F0-4584-8088-8BCBDB42663F} - C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfo.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [EMET Notifier] C:\Program Files (x86)\EMET (Tech Preview)\EMET_notifier.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" O4 - HKLM\..\Run: [RegZooka Scheduler] C:\Program Files (x86)\RegZooka\RegZookaScheduler.exe O4 - HKCU\..\Run: [screenshot Captor] "C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe" /autorun O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKUS\S-1-5-18\..\Run: [Norton Download Manager{NF2809-PROD-FSD3202}] C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe /m (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Norton Download Manager{NF2809-PROD-FSD3202}] C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe /m (User 'Default user') O4 - Startup: AnyTime.lnk = C:\Program Files (x86)\AnyTime Organizer Premier\ISI Launcher.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: MRI_DISABLED O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm (file missing) O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Send to MyInfo (Attachment) - {F0D6B094-D85E-4EDB-81EE-971A684343AB} - C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfoAttachment.dll O9 - Extra 'Tools' menuitem: Send to MyInfo (Attachment) - {F0D6B094-D85E-4EDB-81EE-971A684343AB} - C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfoAttachment.dll O9 - Extra button: Send to MyInfo - {f192ebcd-82e5-11da-954e-00e08161165f} - C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfo.dll O9 - Extra 'Tools' menuitem: Send to MyInfo - {f192ebcd-82e5-11da-954e-00e08161165f} - C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfo.dll O9 - Extra button: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\gurpsgm\AppData\Roaming\ICQM\icq.exe (HKCU) O9 - Extra 'Tools' menuitem: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\gurpsgm\AppData\Roaming\ICQM\icq.exe (HKCU) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.clonewarsadventures.com O15 - Trusted Zone: *.freerealms.com O15 - Trusted Zone: *.soe.com O15 - Trusted Zone: *.sony.com O16 - DPF: vzTCPConfig - http://my.verizon.com/services/SpeedOptimizer/HSI/vzTCPConfig.CAB O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Unknown owner - (no file) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: Norton Management (MCLIENT) - Symantec Corporation - C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe O23 - Service: Norton Zone (NZ) - Symantec Corporation - C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: Seagate Dashboard Services - Seagate Technology LLC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe O23 - Service: Active Shield Service (ServiceAS) - Security Stronghold - C:\Program Files (x86)\Active Shield 5\ActiveShieldService.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\Enigma Software Group\SpyHunter\SH4Service.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe O23 - Service: True Sword 5 Scheduler (TrueSwordSchedulerService) - Unknown owner - C:\Program Files (x86)\True Sword 5\TrueSwordSchedule.exe O23 - Service: Intel® Turbo Boost Technology Monitor 2.6 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer Group - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe O23 - Service: USBS3S4Detection - Unknown owner - C:\OEM\USBDECTION\USBS3S4Detection.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\Windows\System32\Drivers\WTSRV.EXE (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} Screenshot Captor = "C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe" /autorun [DonationCoder] Steam = "C:\Program Files (x86)\Steam\steam.exe" -silent [Valve Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} Verizon_McciTrayApp = "C:\Program Files\Verizon\McciTrayApp.exe" [Alcatel-Lucent] ProfilerU = C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [saitek] IAAnotif = C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [intel Corporation] SaiVolume = C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe [saitek] RTHDVCPL = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor] mylbx = C:\Program Files\My Lockbox\mylbx.exe /a [FSPro Labs] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++} nmapp = "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash [Cisco Systems, Inc.] EMET Notifier = C:\Program Files (x86)\EMET (Tech Preview)\EMET_notifier.exe [null data] Google Desktop Search = "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup [Google] SDTray = "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [safer-Networking Ltd.] RegZooka Scheduler = C:\Program Files (x86)\RegZooka\RegZookaScheduler.exe [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {10921475-03CE-4E04-90CE-E2E7EF20C814}\(Default) = ExplorerWnd Helper -> {HKLM...CLSID} = ExplorerWnd Helper \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [iObit] {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = Norton Identity Protection -> {HKLM...CLSID} = Norton Identity Protection \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll [symantec Corporation] -> {HKLM...Wow...CLSID} = Norton Identity Protection \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll [symantec Corporation] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] -> {HKLM...Wow...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.] -> {HKLM...Wow...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] {d2ce3e00-f94a-4740-988e-03dc2f38c34f}\(Default) = (no title provided) -> {HKLM...CLSID} = Bing Bar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\amd64\BingExt.dll [Microsoft Corporation.] -> {HKLM...Wow...CLSID} = Bing Bar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll [Microsoft Corporation.] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {4DBB4D17-C65B-4868-8E9C-7779FB3DDA27}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Send to MyInfo (Attachment) \InProcServer32\(Default) = C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfoAttachment.dll [Milenix Software Ltd.] {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = Norton Identity Protection -> {HKLM...CLSID} = Norton Identity Protection \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll [symantec Corporation] -> {HKLM...Wow...CLSID} = Norton Identity Protection \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll [symantec Corporation] {6D53EC84-6AAE-4787-AEEE-F4628F01010C}\(Default) = Norton Vulnerability Protection -> {HKLM...Wow...CLSID} = Norton Vulnerability Protection \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.DLL [symantec Corporation] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Java Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] -> {HKLM...Wow...CLSID} = Windows Live ID Sign-in Helper \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS] {A1AD13F3-B8F0-4584-8088-8BCBDB42663F}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Send to MyInfo \InProcServer32\(Default) = C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfo.dll [Milenix Software Ltd.] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Inc.] -> {HKLM...Wow...CLSID} = Google Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.] {AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Adobe PDF Conversion Toolbar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe Systems Incorporated] {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Advanced SystemCare Browser Protection \InProcServer32\(Default) = C:\PROGRA~2\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [iObit] {d2ce3e00-f94a-4740-988e-03dc2f38c34f}\(Default) = (no title provided) -> {HKLM...CLSID} = Bing Bar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\amd64\BingExt.dll [Microsoft Corporation.] -> {HKLM...Wow...CLSID} = Bing Bar Helper \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll [Microsoft Corporation.] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Java Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation] {F4971EE7-DAA0-4053-9964-665D8EE6A077}\(Default) = SmartSelect -> {HKLM...Wow...CLSID} = SmartSelect Class \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [Adobe Systems Incorporated] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -> {HKCU...CLSID} = UpToDateOverlayHandler Class \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll [MS] SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -> {HKCU...CLSID} = SyncingOverlayHandler Class \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll [MS] SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524} -> {HKCU...CLSID} = ErrorOverlayHandler Class \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll [MS] 1NZOverlayExcluded\(Default) = {32427327-aea5-4bef-811a-b1bd00daf4b4} -> {HKLM...CLSID} = NZOverlayExcluded Class \InProcServer32\(Default) = C:\Program Files (x86)\Norton Zone\Engine64\1.0.15.13\NZOvrlay.dll [symantec Corporation] 1NZOverlayPending\(Default) = {2cfec48b-08ec-4361-8575-7c0da17ab7a5} -> {HKLM...CLSID} = NZOverlayPending Class \InProcServer32\(Default) = C:\Program Files (x86)\Norton Zone\Engine64\1.0.15.13\NZOvrlay.dll [symantec Corporation] 1NZOverlaySynced\(Default) = {a9e700bc-92b0-403e-96b3-b87b06ff9d3a} -> {HKLM...CLSID} = NZOverlaySynced Class \InProcServer32\(Default) = C:\Program Files (x86)\Norton Zone\Engine64\1.0.15.13\NZOvrlay.dll [symantec Corporation] DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.] DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.] DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.] DropboxExt4\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.] GDriveBlacklistedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google] GDriveSharedEditOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google] GDriveSharedViewOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google] GDriveSyncedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google] GDriveSyncingOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} -> {HKLM...CLSID} = Google Drive Shell extension \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google] OverlayExcluded\(Default) = {4433A54A-1AC8-432F-90FC-85F045CF383C} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\buShell.dll [symantec Corporation] OverlayPending\(Default) = {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\buShell.dll [symantec Corporation] OverlayProtected\(Default) = {476D0EA3-80F9-48B5-B70B-05E677C9C148} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\buShell.dll [symantec Corporation] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -> {HKCU...Wow...CLSID} = UpToDateOverlayHandler Class \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [MS] SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -> {HKCU...Wow...CLSID} = SyncingOverlayHandler Class \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [MS] SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524} -> {HKCU...Wow...CLSID} = ErrorOverlayHandler Class \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [MS] DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...Wow...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.] DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...Wow...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.] DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...Wow...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.] HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.] {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.] {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.] {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {44176360-2BBF-4EC1-93CE-384B8681A0BC} = SDECon64 -> {HKLM...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [safer-Networking Ltd.] {A6FF0E3A-8437-482C-8E04-4F9E15C57538} = UnLockerMenu -> {HKLM...CLSID} = UnLockerMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll [iObit] {1F77B17B-F531-44DB-ACA4-76ABB5010A28} = AIMP ShellExt Unit -> {HKLM...CLSID} = AIMP ShellExt Unit \InProcServer32\(Default) = C:\Program Files (x86)\AIMP3\Modules\aimp_menu64.dll [AIMP DevTeam] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {44176360-2BBF-4EC1-93CE-384B8681A0BC} = SDECon32 -> {HKLM...Wow...CLSID} = Spybot-S&D Explorer Integration \InProcServer32\(Default) = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon32.dll [safer-Networking Ltd.] {1F77B17B-F531-44DB-ACA4-76ABB5010A28} = AIMP ShellExt Unit -> {HKLM...Wow...CLSID} = AIMP ShellExt Unit \InProcServer32\(Default) = C:\Program Files (x86)\AIMP3\Modules\aimp_menu32.dll [AIMP DevTeam] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <<!>> pure-go\CLSID = {4746C79A-2042-4332-8650-48966E44ABA8} -> {HKLM...CLSID} = CPureGoProtoInfo Object \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll [Cisco Systems, Inc.] <<!>> skype-ie-addon-data\CLSID = {91774881-D725-4E58-B298-07617B9B86A8} -> {HKLM...CLSID} = Skype IE add-on Pluggable Protocol \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [skype Technologies S.A.] HKCU\Software\Classes\*\shellex\ContextMenuHandlers\ DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} -> {HKCU...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.] -> {HKCU...Wow...CLSID} = DropboxExt \InProcServer32\(Default) = C:\Users\gurpsgm\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} -> {HKLM...CLSID} = Acrobat Elements Context Menu \InProcServer32\(Default) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [Adobe Systems Inc.] -> {HKLM...Wow...CLSID} = Acrobat Elements Context Menu \InProcServer32\(Default) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll [Adobe Systems Inc.] Advanced SystemCare\(Default) = {2803063F-4B8D-4dc6-8874-D1802487FE2D} -> {HKLM...CLSID} = CExtMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCExtMenu_64.dll [iObit] AIMP\(Default) = {1F77B17B-F531-44DB-ACA4-76ABB5010A28} -> {HKLM...CLSID} = AIMP ShellExt Unit \InProcServer32\(Default) = C:\Program Files (x86)\AIMP3\Modules\aimp_menu64.dll [AIMP DevTeam] -> {HKLM...Wow...CLSID} = AIMP ShellExt Unit \InProcServer32\(Default) = C:\Program Files (x86)\AIMP3\Modules\aimp_menu32.dll [AIMP DevTeam] ANotepad++64\(Default) = {B298D29A-A6ED-11DE-BA8C-A68E55D89593} -> {HKLM...CLSID} = ANotepad++64 \InProcServer32\(Default) = C:\Program Files (x86)\Notepad++\NppShell_05.dll [null data] BitZipper32\(Default) = {D5906221-A717-479B-9B49-CD848F9CE816} -> {HKLM...CLSID} = BZShlExtImpl Class \InProcServer32\(Default) = C:\Program Files (x86)\BitZipper\BZShlExt64.dll [bitberry Software] -> {HKLM...Wow...CLSID} = BZShlExtImpl Class \InProcServer32\(Default) = C:\Program Files (x86)\BitZipper\BZShlExt.dll [bitberry Software] BitZipper64\(Default) = {9176020F-4A61-4F57-A133-258110EBC765} -> {HKLM...CLSID} = BitZipper64 \InProcServer32\(Default) = C:\Program Files (x86)\BitZipper\BZShlExt64.dll [bitberry Software] BUContextMenu\(Default) = {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\buShell.dll [symantec Corporation] Eraser\(Default) = {BC9B776A-90D7-4476-A791-79D835F30650} -> {HKLM...CLSID} = Eraser Shell Extension \InProcServer32\(Default) = "C:\PROGRA~1\Eraser\Eraser.Shell.dll" [The Eraser Project] Foxit_ConvertToPDF_Reader\(Default) = {A94757A0-0226-426F-B4F1-4DF381C630D3} -> {HKLM...CLSID} = ConvertToPDF Class \InProcServer32\(Default) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [Foxit Corporation] GDContextMenu\(Default) = {BB02B294-8425-42E5-983F-41A1FA970CD6} -> {HKLM...CLSID} = GDContextMenu Class \InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\contextmenu64.dll [Google]
-
OTL Log for 12-02-2013: All processes killed ========== OTL ========== HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}\ not found. Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to remove the default_search_provider items. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: gurpsgm ->Temp folder emptied: 17110 bytes ->Temporary Internet Files folder emptied: 250898 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 4366273 bytes ->Google Chrome cache emptied: 6586036 bytes ->Flash cache emptied: 21009 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 262144 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 11.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12022013_080618 Files\Folders moved on Reboot... C:\Users\gurpsgm\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Windows\temp\fb_3796.lck not found! PendingFileRenameOperations files... Registry entries deleted on Reboot...