Jump to content

belindaj

Honorary Members
  • Posts

    47
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Tried to uninstall Scorpion Saver, and get an error. (screenshot). There is no uninstall option for Level Quality Watcher.
  2. Ran, rebooted. Running well to my knowledge. Control panel still shows Level Quality Watcher and Scorpion Saver (as in previous screenshots). I don't get any popups in my browser - but then again, I already wasn't seeing any. I'm still not running AVG (haven't re-installed yet).
  3. (ran this time as administrator) ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{273E1F1A-7B1A-436C-A783-A4A8C97AD036} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{273E1F1A-7B1A-436C-A783-A4A8C97AD036}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{9B65F9A3-9D24-452A-B6EF-1457D65E4259} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}\ not found. OTL by OldTimer - Version 3.2.69.0 log created on 01052014_135711
  4. It didn't prompt me for a reboot - here's the notepad text. Go ahead and reboot anyway? My college son must have used my computer when home for a weekend probably. I don't see utorrent or torrent in the Add/Remove programs. Hopefully what we're doing will also at some point get it off. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{273E1F1A-7B1A-436C-A783-A4A8C97AD036} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{273E1F1A-7B1A-436C-A783-A4A8C97AD036}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{9B65F9A3-9D24-452A-B6EF-1457D65E4259} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}\ not found. OTL by OldTimer - Version 3.2.69.0 log created on 01052014_105321
  5. I've never (knowingly) used torrent or any filesharing program in my life. Can you tell if this is a newly installed file from these logs?
  6. All processes killed ========== OTL ========== C:\Users\Belinda\AppData\Roaming\uTorrent\share folder moved successfully. C:\Users\Belinda\AppData\Roaming\uTorrent\ie folder moved successfully. C:\Users\Belinda\AppData\Roaming\uTorrent\dlimagecache folder moved successfully. C:\Users\Belinda\AppData\Roaming\uTorrent\apps folder moved successfully. C:\Users\Belinda\AppData\Roaming\uTorrent folder moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{273E1F1A-7B1A-436C-A783-A4A8C97AD036} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{273E1F1A-7B1A-436C-A783-A4A8C97AD036}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{9B65F9A3-9D24-452A-B6EF-1457D65E4259} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Belinda\Desktop\cmd.bat deleted successfully. C:\Users\Belinda\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: AppData ->Temp folder emptied: 0 bytes User: Belinda ->Temp folder emptied: 2154565 bytes ->Temporary Internet Files folder emptied: 413511137 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 7601 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 5420 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 396.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01052014_102441 Files\Folders moved on Reboot... C:\Users\Belinda\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\Belinda\AppData\Local\Temp\~DF93F4.tmp not found! PendingFileRenameOperations files... Registry entries deleted on Reboot...
  7. OTL Extras logfile created on: 1/5/2014 9:29:44 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Belinda\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 15.96 Gb Total Physical Memory | 10.03 Gb Available Physical Memory | 62.86% Memory free 32.08 Gb Paging File | 28.86 Gb Available in Paging File | 89.95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931.51 Gb Total Space | 422.83 Gb Free Space | 45.39% Space Free | Partition Type: NTFS Drive E: | 298.01 Gb Total Space | 151.52 Gb Free Space | 50.84% Space Free | Partition Type: FAT32 Drive G: | 931.51 Gb Total Space | 395.24 Gb Free Space | 42.43% Space Free | Partition Type: NTFS Drive H: | 931.51 Gb Total Space | 339.70 Gb Free Space | 36.47% Space Free | Partition Type: NTFS Drive J: | 1863.01 Gb Total Space | 820.21 Gb Free Space | 44.03% Space Free | Partition Type: NTFS Drive K: | 1863.01 Gb Total Space | 212.02 Gb Free Space | 11.38% Space Free | Partition Type: NTFS Drive Z: | 1863.01 Gb Total Space | 1544.92 Gb Free Space | 82.93% Space Free | Partition Type: NTFS Computer Name: BELINDA-I5 | User Name: Belinda | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-743036512-4070977799-287011189-1000\SOFTWARE\Classes\<extension>] .bat [@ = batfile] -- Reg Error: Key error. File not found .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data] "VistaSp2" = 43 B2 9D FE 08 42 CD 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{06B60360-9DBD-4593-90A0-FD237F0845A2}" = Topaz DeNoise 5 (64-bit) "{1151BCF8-3246-4E34-9C17-22E66318C41C}" = HP Photosmart 6520 series Basic Device Software "{1CDE9DB9-7D47-46F8-83DC-9DD9899BBBFC}" = Topaz ReMask 3 (64-bit) "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit) "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{63B90F0F-DF11-4881-89F9-CA49D3D5A2EA}" = Nitro Pro 8 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8D93BD99-EECF-4812-B3BA-B8A2E7FEEA11}" = Topaz Simplify 3 (64-bit) "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64 "{91415F19-4C22-3609-A105-92ED3522D83C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{A981E64B-0F10-45D9-BD5C-A4DF7B87E218}" = Topaz Detail 2 (64-bit) "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{BA3D5FF2-A405-4654-826E-A09FABB01853}" = Topaz Fusion Express 2 (64-bit) "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}" = Adobe Photoshop Lightroom 3.6 64-bit "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DC8F0C18-E6B0-4722-A4AB-D134473091C2}" = Topaz DeJpeg 4 (64-bit) "{E44D14E2-A6D0-4F38-BF06-2E4244E23FED}" = Topaz InFocus (64-bit) "{F375FC22-BC8A-4A15-ABE6-15EE1450BF86}" = Topaz B&W Effects (64-bit) "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F7ADB493-B913-4D61-9A63-DA736C20C3F2}" = Adobe Photoshop Lightroom 4.1 64-bit "{FA85C599-2569-4C48-9AA6-2B8D8F029FA7}" = Topaz Clean 3 (64-bit) "{FF0EBE64-45AA-4B16-A0CC-945CECDCA0B6}" = Topaz Lens Effects (64-bit) "CCleaner" = CCleaner "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Pen Tablet Driver" = Bamboo "Redirection Port Monitor" = RedMon - Redirection Port Monitor "SiteGrinder3" = Media Lab SiteGrinder 3 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}" = Quicken 2013 "{03756E6D-D8DC-4BD5-AC4F-8DF2F3F23CC8}" = Studio 11 "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11 "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime "{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.1 "{1D181764-DCD0-41B8-AA7B-0A599F027A72}" = Adobe Photoshop Elements 11 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Hi-Def Suite "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 26 "{273E1F1A-7B1A-436C-A783-A4A8C97AD036}" = ScorpionSaver "{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8 "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver "{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2 "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{3AF8C37F-696E-871C-0851-CDE980FD665E}" = Bamboo Dock "{3DD8DC4E-B908-4CC6-9F42-ACEF950D8797}" = LightScribe Template Labeler "{3FDF4C9C-BFA0-43AE-B7D4-54BC33B1B0DA}" = NVIDIA PhysX v8.07.18 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "{4E776326-CC0D-46E3-8069-A92105F8789B}" = Nuance PaperPort 14 "{56D4499E-AC3E-4B8D-91C9-C700C148C44B}" = Google Drive "{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 "{5B295E70-5256-46DD-ADA8-81E9EF7F4939}" = LightScribe Template Designs - Life Events Pack 1 "{5BDEA9E0-E55B-45A7-93F7-6B8F68F851E5}" = Topaz InFocus "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6E07CF4B-A9EB-45BF-BE74-613B3D708E13}" = Topaz Lens Effects "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73C23F14-DEF8-F920-AF54-4184246D9069}" = EasyRotator Wizard "{770D3BDC-19D7-49D0-B60B-C5BB77553FBB}" = Topaz Fusion Express 2 "{7748A531-DACF-4B0A-B927-804EBC2CB5FE}" = TurboTax 2011 wmoiper "{77E6D7D4-DB16-4B1D-A69F-8BECD8974518}" = J-Bots Plus 2004 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{8117EA22-035F-4880-86AE-AC7C4F1FA3E2}" = Topaz ReMask 3 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{85E00941-FDFF-4796-A3B8-3ACC766FFCA5}" = Topaz Clean 3 "{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A1EBF29-7CF8-471E-B90B-95FF36AC8248}" = Topaz Simplify 3 "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003 "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1 "{9262B08F-E183-4FED-A2BD-23FF1A84EB79}" = HPDiagnosticCoreDll "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95140000-0137-0409-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter "{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update "{98CE8819-87AA-4814-8167-ADDDD513485F}" = PSE11 STI Installer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B65F9A3-9D24-452A-B6EF-1457D65E4259}" = ScorpionSaver "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E146BA1-26DD-4C3B-9F0F-90F2E3CEC9D2}" = Topaz DeJpeg 4 "{9E82D1DB-3AFB-4D18-A221-081F1B4B4789}" = Topaz DeNoise 5 "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8) "{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B7EB8FB7-F89E-480B-952D-813F413653BE}" = Topaz B&W Effects "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C921D7C4-24D7-4210-AEE9-DFC5DDC78428}" = Topaz Detail 2 "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport "{CB4544EA-C189-41FE-9E3A-76591DDB852B}" = Roxio Easy Media Creator 7 "{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D3293275-1002-41F5-BC37-099B4251FF5B}" = HP Photosmart 6520 series Help "{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}" = Elements 11 Organizer "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DDBD74C0-C7BF-4E73-A52B-66FD65C17B22}" = The Big Box of Art Holidays & Events "{E2B6E020-B045-444C-87FF-10C8B9CEDA9F}" = Nuance PDF Viewer Plus "{E432C362-6A71-4E8A-A68A-AE5246520656}" = Art Explosion Scrapbook Factory Deluxe "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine "{E6C4500D-137D-4B34-9B8C-973639BF5430}" = Jalbum "{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper "{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder "{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset "{FBA641F3-7A87-4179-8E4E-F77D25BC1067}" = TurboTax 2012 wmoiper "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "50 Free Elegant Fonts" = 50 Free Elegant Fonts "7-Zip" = 7-Zip 4.65 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 11" = Adobe Photoshop Elements 11 "am-sparkle" = Sparkle "Aura Software Manager_is1" = Aura Software Manager 1.0.3 "Aura Video Converter Professional_is1" = Aura Video Converter Professional 1.6.1 "Bamboo Dock" = Bamboo Dock "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.dwuser.erwizard.EasyRotatorWizard" = EasyRotator Wizard "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "ENTERPRISER" = Microsoft Office Enterprise 2007 "FileZilla Client" = FileZilla Client 3.7.3 "Google Chrome" = Google Chrome "HP Photo Creations" = HP Photo Creations "Indeo® software" = Indeo® software "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools "InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8 "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD "InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor 2 "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint "InstallShield_{DDBD74C0-C7BF-4E73-A52B-66FD65C17B22}" = The Big Box of Art Holidays & Events "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "PDFlite" = PDFlite 0.8 "PGE Platinum" = Uninstall PGE Platinum "ShapeCollage" = Shape Collage "TomTom HOME" = TomTom HOME 2.8.3.2499 "Topaz Adjust 5" = Topaz Adjust 5 "Topaz Adjust 5 (64-bit)" = Topaz Adjust 5 (64-bit) "Topaz B&W Effects" = Topaz B&W Effects "Topaz B&W Effects (64-bit)" = Topaz B&W Effects (64-bit) "Topaz Clean 3" = Topaz Clean 3 "Topaz Clean 3 (64-bit)" = Topaz Clean 3 (64-bit) "Topaz DeJpeg 4" = Topaz DeJpeg 4 "Topaz DeJpeg 4 (64-bit)" = Topaz DeJpeg 4 (64-bit) "Topaz DeNoise 5" = Topaz DeNoise 5 "Topaz DeNoise 5 (64-bit)" = Topaz DeNoise 5 (64-bit) "Topaz Detail 2" = Topaz Detail 2 "Topaz Detail 2 (64-bit)" = Topaz Detail 2 (64-bit) "Topaz Fusion Express 2" = Topaz Fusion Express 2 "Topaz Fusion Express 2 (64-bit)" = Topaz Fusion Express 2 (64-bit) "Topaz InFocus" = Topaz InFocus "Topaz InFocus (64-bit)" = Topaz InFocus (64-bit) "Topaz Lens Effects" = Topaz Lens Effects "Topaz Lens Effects (64-bit)" = Topaz Lens Effects (64-bit) "Topaz ReMask 3" = Topaz ReMask 3 "Topaz ReMask 3 (64-bit)" = Topaz ReMask 3 (64-bit) "Topaz Simplify 3" = Topaz Simplify 3 "Topaz Simplify 3 (64-bit)" = Topaz Simplify 3 (64-bit) "TurboTax 2011" = TurboTax 2011 "TurboTax 2012" = TurboTax 2012 "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin "Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin "wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock "winscp3_is1" = WinSCP 4.3.9 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-743036512-4070977799-287011189-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Amazon Kindle" = Amazon Kindle "Dropbox" = Dropbox "GoToMeeting" = GoToMeeting 5.5.0.1132 "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12/31/2013 1:10:21 PM | Computer Name = Belinda-I5 | Source = WinMgmt | ID = 10 Description = Error - 12/31/2013 1:19:15 PM | Computer Name = Belinda-I5 | Source = Windows Search Service | ID = 3024 Description = Error - 12/31/2013 4:08:11 PM | Computer Name = Belinda-I5 | Source = WinMgmt | ID = 10 Description = [ OSession Events ] Error - 6/11/2012 7:02:36 PM | Computer Name = Belinda-I5 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15141 seconds with 1620 seconds of active time. This session ended with a crash. Error - 11/20/2012 9:28:13 AM | Computer Name = Belinda-I5 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. Error - 11/22/2013 10:31:20 AM | Computer Name = Belinda-I5 | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 12/31/2013 1:08:34 PM | Computer Name = Belinda-I5 | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\Drivers\DVDVRRdr_xp.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 12/31/2013 1:08:34 PM | Computer Name = Belinda-I5 | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\Drivers\UDFReadr.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 12/31/2013 1:10:21 PM | Computer Name = Belinda-I5 | Source = Service Control Manager | ID = 7026 Description = Error - 12/31/2013 3:18:44 PM | Computer Name = Belinda-I5 | Source = Service Control Manager | ID = 7030 Description = Error - 12/31/2013 3:21:28 PM | Computer Name = Belinda-I5 | Source = Service Control Manager | ID = 7030 Description = Error - 12/31/2013 4:06:23 PM | Computer Name = Belinda-I5 | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\Drivers\DVDVRRdr_xp.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 12/31/2013 4:06:23 PM | Computer Name = Belinda-I5 | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\Drivers\UDFReadr.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 12/31/2013 4:08:11 PM | Computer Name = Belinda-I5 | Source = Service Control Manager | ID = 7026 Description = < End of report >
  8. OTL logfile created on: 1/5/2014 9:29:44 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Belinda\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 15.96 Gb Total Physical Memory | 10.03 Gb Available Physical Memory | 62.86% Memory free 32.08 Gb Paging File | 28.86 Gb Available in Paging File | 89.95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931.51 Gb Total Space | 422.83 Gb Free Space | 45.39% Space Free | Partition Type: NTFS Drive E: | 298.01 Gb Total Space | 151.52 Gb Free Space | 50.84% Space Free | Partition Type: FAT32 Drive G: | 931.51 Gb Total Space | 395.24 Gb Free Space | 42.43% Space Free | Partition Type: NTFS Drive H: | 931.51 Gb Total Space | 339.70 Gb Free Space | 36.47% Space Free | Partition Type: NTFS Drive J: | 1863.01 Gb Total Space | 820.21 Gb Free Space | 44.03% Space Free | Partition Type: NTFS Drive K: | 1863.01 Gb Total Space | 212.02 Gb Free Space | 11.38% Space Free | Partition Type: NTFS Drive Z: | 1863.01 Gb Total Space | 1544.92 Gb Free Space | 82.93% Space Free | Partition Type: NTFS Computer Name: BELINDA-I5 | User Name: Belinda | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/01/05 09:29:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Belinda\Desktop\OTL.exe PRC - [2013/12/17 19:02:36 | 030,714,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Belinda\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013/12/12 05:18:23 | 000,309,328 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2013/10/04 09:22:39 | 001,140,736 | ---- | M] (Spotify Ltd) -- C:\Users\Belinda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/02/25 23:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012/10/30 11:30:30 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE PRC - [2012/09/17 06:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe PRC - [2012/04/20 12:29:18 | 000,038,824 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe PRC - [2012/04/20 12:28:06 | 000,219,496 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe PRC - [2012/01/27 12:02:58 | 000,607,592 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe PRC - [2012/01/22 22:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2012/01/22 22:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011/10/27 19:27:11 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe PRC - [2011/09/26 21:45:40 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe PRC - [2011/03/02 20:35:24 | 012,008,296 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe PRC - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe PRC - [2009/04/15 22:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2007/11/16 04:20:26 | 000,091,432 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2007/08/09 13:17:38 | 002,503,976 | ---- | M] (Cyberlink) -- C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe PRC - [2007/06/04 18:24:44 | 000,599,600 | ---- | M] (CyberLink Corporation.) -- C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe ========== Modules (No Company Name) ========== MOD - [2013/12/17 19:01:12 | 003,558,400 | ---- | M] () -- C:\Users\Belinda\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2013/08/23 13:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Belinda\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013/08/07 13:25:24 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll MOD - [2012/10/11 21:56:46 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/10/11 21:56:22 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/10/28 08:27:12 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll MOD - [2011/10/27 19:27:11 | 000,623,912 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll MOD - [2011/09/26 21:45:40 | 000,646,232 | ---- | M] () -- C:\Program Files (x86)\Bamboo Dock\BambooCore.exe MOD - [2011/03/02 20:35:48 | 000,056,168 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\QuickTimeGlue.dll MOD - [2011/03/02 20:34:56 | 002,748,416 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\libmysqld.dll MOD - [2011/03/02 20:34:56 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Symlib.dll MOD - [2009/08/20 11:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2009/08/20 11:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2009/08/20 11:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2009/04/15 08:56:38 | 000,034,088 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Shared files\richvideops.dll MOD - [2007/10/03 21:24:28 | 001,692,968 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\P2GRC.dll MOD - [2007/04/10 16:27:40 | 008,357,424 | ---- | M] () -- C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\Res.dll MOD - [2006/12/26 14:17:40 | 000,033,328 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLVistaAudioMixer.dll MOD - [2003/08/08 07:48:12 | 000,024,621 | ---- | M] () -- C:\Program Files (x86)\WS_FTP Pro\nsftpch.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/10/30 11:30:26 | 000,230,408 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8) SRV:64bit: - [2011/09/08 16:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV:64bit: - [2011/09/08 16:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV:64bit: - [2008/01/20 20:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2008/01/20 20:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013/09/10 20:26:44 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/05/10 01:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/02/25 23:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/10/30 11:30:30 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc) SRV - [2012/09/17 06:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0) SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2012/04/20 12:28:06 | 000,219,496 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP) SRV - [2012/01/22 22:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2005/02/09 10:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Auto | Stopped] -- C:\Windows\SysWOW64\drivers\Pclepci.sys -- (PCLEPCI) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/08/10 03:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2012/04/24 03:01:00 | 000,011,376 | ---- | M] (Corel Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\cdralw2k.sys -- (Cdralw2k) DRV:64bit: - [2012/04/24 03:01:00 | 000,010,864 | ---- | M] (Corel Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\cdr4_xp.sys -- (Cdr4_xp) DRV:64bit: - [2012/02/29 07:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/11/10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011/09/08 19:08:44 | 000,089,584 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\CLVirtualDrive.sys -- (CLVirtualDrive) DRV:64bit: - [2011/09/08 16:49:36 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wacmoumonitor.sys -- (wacmoumonitor) DRV:64bit: - [2011/09/08 16:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2011/09/08 16:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2011/08/11 00:54:26 | 000,099,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1C60x64.sys -- (L1C) DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2008/10/09 18:57:28 | 000,340,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Si3132r5.sys -- (Si3132r5) DRV:64bit: - [2008/10/09 18:57:28 | 000,016,936 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\SiRemFil.sys -- (SiRemFil) DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2007/06/04 18:11:16 | 000,024,824 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\CLBStor.sys -- (CLBStor) DRV:64bit: - [2007/06/04 18:11:10 | 000,369,912 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\CLBUDF.sys -- (CLBUDF) DRV:64bit: - [2006/09/04 05:48:16 | 000,323,888 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Si3114r5.sys -- (Si3114r5) DRV:64bit: - [2006/07/12 07:43:06 | 000,022,832 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\SiWinAcc.sys -- (SiFilter) DRV - [2012/06/03 13:17:45 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2005/01/07 17:34:54 | 000,486,766 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\CLBUDF.tbl -- (CLBUDF) DRV - [2004/04/13 16:32:50 | 000,140,416 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp) DRV - [2004/04/13 16:32:42 | 000,043,392 | ---- | M] (Roxio) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\cdr4_xp.sys -- (Cdr4_xp) DRV - [2004/04/13 16:30:12 | 000,024,576 | ---- | M] (Roxio) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\cdralw2k.sys -- (Cdralw2k) DRV - [2004/04/13 16:29:44 | 000,198,528 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\Udfreadr.sys -- (UDFReadr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-743036512-4070977799-287011189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://prodsol.net/bookmarks.htm IE - HKU\S-1-5-21-743036512-4070977799-287011189-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-743036512-4070977799-287011189-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-743036512-4070977799-287011189-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS486 IE - HKU\S-1-5-21-743036512-4070977799-287011189-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-743036512-4070977799-287011189-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback> IE - HKU\S-1-5-21-743036512-4070977799-287011189-1001\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll (Zeon Corporation) FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/23 08:25:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/05 23:32:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Belinda\AppData\Roaming\Mozilla\Extensions [2012/06/05 23:32:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Belinda\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com [2013/12/26 17:39:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Belinda\AppData\Roaming\Mozilla\Firefox\Profiles\wa3hsfdb.default\extensions [2013/12/29 22:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/12/29 22:07:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2013/10/28 14:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/10/28 14:45:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.40.22 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Google Drive = C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_2\ CHR - Extension: BetterPonymotes = C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkmhlceghomaajdimmejkhldnpleoea\62.135_0\ CHR - Extension: Adblock Plus = C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\ CHR - Extension: ProxMate - Improve your Internet! = C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.4.3_0\ CHR - Extension: Reddit Enhancement Suite = C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.1.2_0\ CHR - Extension: Google Wallet = C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\ O1 HOSTS File: ([2013/12/26 17:43:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKU\S-1-5-21-743036512-4070977799-287011189-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [bambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe () O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.) O4 - HKLM..\Run: [indexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [instantBurn] C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe (CyberLink Corporation.) O4 - HKLM..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\PdfPro7Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [PPort14reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe () O4 - HKLM..\Run: [updatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-743036512-4070977799-287011189-1000..\Run: [AdobeBridge] C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe (Adobe Systems, Inc.) O4 - HKU\S-1-5-21-743036512-4070977799-287011189-1000..\Run: [LaunchList] C:\Program Files (x86)\Pinnacle\Studio 11\LaunchList2.exe (Pinnacle Systems) O4 - HKU\S-1-5-21-743036512-4070977799-287011189-1000..\Run: [Power2GoExpress] C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe (Cyberlink) O4 - HKU\S-1-5-21-743036512-4070977799-287011189-1000..\Run: [Power2GoExpress8] NA File not found O4 - HKU\S-1-5-21-743036512-4070977799-287011189-1000..\Run: [spotify Web Helper] C:\Users\Belinda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-21-743036512-4070977799-287011189-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-21-743036512-4070977799-287011189-1001..\Run: [AVG-Secure-Search-Update_JUNE2013_HP] "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe" /PROMPT /CMPID=JUNE2013_HP File not found O4 - HKU\S-1-5-21-743036512-4070977799-287011189-1001..\Run: [AVG-Secure-Search-Update_JUNE2013_TB] "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB File not found O4 - HKU\S-1-5-21-743036512-4070977799-287011189-1001..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-743036512-4070977799-287011189-1001..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Belinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Belinda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-743036512-4070977799-287011189-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-743036512-4070977799-287011189-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-743036512-4070977799-287011189-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: Open with PDF Viewer 7 - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O8 - Extra context menu item: Open with PDF Viewer 7 - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-743036512-4070977799-287011189-1000\..Trusted Domains: charmsoffice.com ([www] https in Trusted sites) O15 - HKU\S-1-5-21-743036512-4070977799-287011189-1000\..Trusted Domains: intuit.com ([accounts] https in Trusted sites) O15 - HKU\S-1-5-21-743036512-4070977799-287011189-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94756FC9-AA59-4AC6-83A6-DA04EF0C7D8C}: DhcpNameServer = 209.18.47.61 209.18.47.62 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\x-mem3 - No CLSID value found O18 - Protocol\Handler\linkscanner - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\x-mem3 {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - C:\Windows\SysWOW64\eztoolslib2.dll () O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/07/08 12:45:20 | 000,000,107 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007/03/23 11:18:50 | 000,000,000 | ---D | M] - E:\autorun -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2014/01/05 09:29:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Belinda\Desktop\OTL.exe [2013/12/31 19:47:36 | 000,000,000 | ---D | C] -- C:\Users\Belinda\PILE-O-STUFF [2013/12/31 13:22:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/12/31 13:22:37 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/12/30 11:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2013/12/30 11:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013/12/29 22:09:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/12/27 17:32:50 | 000,000,000 | ---D | C] -- C:\Users\Belinda\AppData\Local\Avg2013 [2013/12/27 14:58:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013/12/23 08:59:15 | 000,000,000 | ---D | C] -- C:\Users\Belinda\Documents\Patterns [2013/12/23 07:15:02 | 000,000,000 | ---D | C] -- C:\FRST [2013/12/22 11:34:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/12/22 11:34:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/12/22 11:34:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/12/22 11:28:41 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/12/22 11:28:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/12/22 09:45:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013/12/22 09:38:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/12/20 09:17:13 | 000,014,464 | ---- | C] (Western Digital Technologies) -- C:\Windows\SysNative\drivers\wdcsam64.sys.bak [2013/12/20 09:17:11 | 000,016,168 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacomvhid.sys.bak [2013/12/20 09:17:10 | 000,013,312 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys.bak [2013/12/20 09:17:10 | 000,012,848 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacommousefilter.sys.bak [2013/12/20 09:16:48 | 000,022,832 | ---- | C] (Silicon Image, Inc.) -- C:\Windows\SysNative\drivers\SiWinAcc.sys.bak [2013/12/20 09:16:47 | 000,340,520 | ---- | C] (Silicon Image, Inc) -- C:\Windows\SysNative\drivers\Si3132r5.sys.bak [2013/12/20 09:16:47 | 000,016,936 | ---- | C] (Silicon Image, Inc.) -- C:\Windows\SysNative\drivers\SiRemFil.sys.bak [2013/12/20 09:16:46 | 000,323,888 | ---- | C] (Silicon Image, Inc) -- C:\Windows\SysNative\drivers\Si3114r5.sys.bak [2013/12/20 09:16:35 | 000,056,336 | ---- | C] (Corel Corporation) -- C:\Windows\SysNative\drivers\PxHlpa64.sys.bak [2013/12/20 09:16:12 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys.bak [2013/12/20 09:16:10 | 000,099,440 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C60x64.sys.bak [2013/12/20 09:15:52 | 000,089,584 | ---- | C] (CyberLink) -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys.bak [2013/12/20 09:15:51 | 000,024,824 | ---- | C] (Cyberlink Co.,Ltd.) -- C:\Windows\SysNative\drivers\CLBStor.sys.bak [2013/12/20 09:15:50 | 000,011,376 | ---- | C] (Corel Corporation) -- C:\Windows\SysNative\drivers\cdralw2k.sys.bak [2013/12/20 09:15:50 | 000,010,864 | ---- | C] (Corel Corporation) -- C:\Windows\SysNative\drivers\cdr4_xp.sys.bak [2013/12/20 09:15:46 | 000,240,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys.bak [2013/12/20 09:15:45 | 000,116,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys.bak [2013/12/20 09:15:45 | 000,045,880 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys.bak [2013/12/20 09:15:43 | 000,311,608 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys.bak [2013/12/20 09:15:43 | 000,206,648 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys.bak [2013/12/20 09:15:42 | 000,246,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys.bak [2013/12/20 09:15:42 | 000,071,480 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys.bak [2013/12/11 11:13:48 | 000,000,000 | ---D | C] -- C:\Users\Belinda\AppData\Roaming\Roxio [2013/12/10 15:22:35 | 000,000,000 | ---D | C] -- C:\Users\Belinda\AppData\Roaming\Zeon [2013/12/10 15:22:31 | 000,000,000 | ---D | C] -- C:\Users\Belinda\Documents\My PaperPort Documents [2013/12/10 14:21:17 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard [2013/12/09 14:27:27 | 000,000,000 | R--D | C] -- C:\Users\Belinda\Documents\HP Photo Creations [2013/12/09 14:27:27 | 000,000,000 | ---D | C] -- C:\Users\Belinda\AppData\Roaming\Visan [2008/11/18 15:02:28 | 001,242,624 | ---- | C] (Auto FX Software) -- C:\Program Files (x86)\PGE7_PlugIn.8bf ========== Files - Modified Within 30 Days ========== [2014/01/05 09:29:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Belinda\Desktop\OTL.exe [2014/01/05 09:16:53 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/01/05 08:51:10 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job [2014/01/05 08:16:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/01/05 08:07:04 | 000,004,576 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2014/01/05 08:07:04 | 000,004,576 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/12/31 22:04:46 | 000,116,345 | ---- | M] () -- C:\Users\Belinda\Desktop\201.jpg [2013/12/31 22:04:46 | 000,001,456 | ---- | M] () -- C:\Users\Belinda\AppData\Local\Adobe Save for Web 12.0 Prefs [2013/12/31 19:22:42 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2013/12/31 19:22:41 | 000,023,040 | ---- | M] () -- C:\Users\Belinda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/12/31 14:06:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/12/30 18:11:40 | 000,160,645 | ---- | M] () -- C:\Users\Belinda\Desktop\msu.jpg [2013/12/30 17:57:19 | 000,108,805 | ---- | M] () -- C:\Users\Belinda\Desktop\rosebowl.jpg [2013/12/26 17:43:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/12/25 18:45:38 | 000,109,253 | ---- | M] () -- C:\Users\Belinda\Desktop\turkey.jpg [2013/12/23 08:14:59 | 000,760,466 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/12/23 08:14:59 | 000,643,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/12/23 08:14:59 | 000,119,770 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/12/22 09:43:19 | 000,774,662 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/12/21 20:33:47 | 000,000,953 | ---- | M] () -- C:\Users\Belinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013/12/21 20:33:31 | 000,000,925 | ---- | M] () -- C:\Users\Belinda\Desktop\Dropbox.lnk [2013/12/20 09:17:13 | 000,014,464 | ---- | M] (Western Digital Technologies) -- C:\Windows\SysNative\drivers\wdcsam64.sys.bak [2013/12/20 09:17:11 | 000,016,168 | ---- | M] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacomvhid.sys.bak [2013/12/20 09:17:10 | 000,013,312 | ---- | M] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys.bak [2013/12/20 09:17:10 | 000,012,848 | ---- | M] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacommousefilter.sys.bak [2013/12/20 09:16:48 | 000,022,832 | ---- | M] (Silicon Image, Inc.) -- C:\Windows\SysNative\drivers\SiWinAcc.sys.bak [2013/12/20 09:16:47 | 000,340,520 | ---- | M] (Silicon Image, Inc) -- C:\Windows\SysNative\drivers\Si3132r5.sys.bak [2013/12/20 09:16:47 | 000,323,888 | ---- | M] (Silicon Image, Inc) -- C:\Windows\SysNative\drivers\Si3114r5.sys.bak [2013/12/20 09:16:47 | 000,016,936 | ---- | M] (Silicon Image, Inc.) -- C:\Windows\SysNative\drivers\SiRemFil.sys.bak [2013/12/20 09:16:36 | 000,056,336 | ---- | M] (Corel Corporation) -- C:\Windows\SysNative\drivers\PxHlpa64.sys.bak [2013/12/20 09:16:12 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys.bak [2013/12/20 09:16:10 | 000,099,440 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C60x64.sys.bak [2013/12/20 09:15:53 | 000,089,584 | ---- | M] (CyberLink) -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys.bak [2013/12/20 09:15:52 | 000,024,824 | ---- | M] (Cyberlink Co.,Ltd.) -- C:\Windows\SysNative\drivers\CLBStor.sys.bak [2013/12/20 09:15:50 | 000,011,376 | ---- | M] (Corel Corporation) -- C:\Windows\SysNative\drivers\cdralw2k.sys.bak [2013/12/20 09:15:50 | 000,010,864 | ---- | M] (Corel Corporation) -- C:\Windows\SysNative\drivers\cdr4_xp.sys.bak [2013/12/20 09:15:46 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys.bak [2013/12/20 09:15:46 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys.bak [2013/12/20 09:15:45 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys.bak [2013/12/20 09:15:45 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys.bak [2013/12/20 09:15:43 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys.bak [2013/12/20 09:15:43 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys.bak [2013/12/20 09:15:42 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys.bak [2013/12/18 21:24:08 | 000,193,282 | ---- | M] () -- C:\Users\Belinda\Documents\Figaro3.jpg [2013/12/18 21:23:24 | 000,169,919 | ---- | M] () -- C:\Users\Belinda\Documents\Figaro2.jpg [2013/12/18 21:22:35 | 000,257,150 | ---- | M] () -- C:\Users\Belinda\Documents\Figaro4.jpg [2013/12/18 21:21:33 | 000,192,815 | ---- | M] () -- C:\Users\Belinda\Documents\Figaro1.jpg [2013/12/18 21:19:44 | 000,448,556 | ---- | M] () -- C:\Users\Belinda\Documents\Scan0002.jpg [2013/12/18 21:17:08 | 001,164,446 | ---- | M] () -- C:\Users\Belinda\Documents\Scan.pdf [2013/12/16 04:17:15 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk [2013/12/16 04:17:15 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk [2013/12/16 04:17:15 | 000,001,937 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk [2013/12/15 12:18:00 | 1041,530,609 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/12/12 15:08:28 | 000,000,600 | ---- | M] () -- C:\Users\Belinda\AppData\Local\PUTTY.RND [2013/12/12 14:03:48 | 000,000,680 | ---- | M] () -- C:\Users\Belinda\AppData\Local\d3d9caps.dat [2013/12/12 03:12:16 | 012,560,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/12/11 09:27:14 | 002,771,060 | ---- | M] () -- C:\Users\Belinda\Documents\Scan0001.pdf [2013/12/11 09:24:10 | 000,667,221 | ---- | M] () -- C:\Users\Belinda\Documents\Scan0001.jpg ========== Files Created - No Company Name ========== [2013/12/31 22:04:46 | 000,116,345 | ---- | C] () -- C:\Users\Belinda\Desktop\201.jpg [2013/12/30 18:02:29 | 000,160,645 | ---- | C] () -- C:\Users\Belinda\Desktop\msu.jpg [2013/12/30 17:57:42 | 000,108,805 | ---- | C] () -- C:\Users\Belinda\Desktop\rosebowl.jpg [2013/12/25 18:45:51 | 000,109,253 | ---- | C] () -- C:\Users\Belinda\Desktop\turkey.jpg [2013/12/22 11:34:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/12/22 11:34:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/12/22 11:34:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/12/22 11:34:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/12/22 11:34:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/12/18 21:24:08 | 000,193,282 | ---- | C] () -- C:\Users\Belinda\Documents\Figaro3.jpg [2013/12/18 21:23:24 | 000,169,919 | ---- | C] () -- C:\Users\Belinda\Documents\Figaro2.jpg [2013/12/18 21:22:35 | 000,257,150 | ---- | C] () -- C:\Users\Belinda\Documents\Figaro4.jpg [2013/12/18 21:21:33 | 000,192,815 | ---- | C] () -- C:\Users\Belinda\Documents\Figaro1.jpg [2013/12/18 21:19:44 | 000,448,556 | ---- | C] () -- C:\Users\Belinda\Documents\Scan0002.jpg [2013/12/18 21:17:08 | 001,164,446 | ---- | C] () -- C:\Users\Belinda\Documents\Scan.pdf [2013/12/11 09:26:40 | 002,771,060 | ---- | C] () -- C:\Users\Belinda\Documents\Scan0001.pdf [2013/12/11 09:22:23 | 000,667,221 | ---- | C] () -- C:\Users\Belinda\Documents\Scan0001.jpg [2013/12/09 14:13:37 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HP Photo Creations Communicator.job [2013/12/03 13:27:33 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013/12/02 20:35:57 | 000,774,662 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/01/10 12:40:08 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI [2012/12/18 13:37:02 | 000,279,854 | ---- | C] () -- C:\Users\Belinda\Bill-Eva.lsl [2012/12/14 16:25:44 | 000,000,629 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2012/10/10 13:21:26 | 000,000,132 | ---- | C] () -- C:\Users\Belinda\AppData\Roaming\Adobe GIF Format CS5 Prefs [2012/08/08 09:03:27 | 000,061,304 | ---- | C] () -- C:\Users\Belinda\g2mdlhlpx.exe [2012/07/28 16:32:23 | 000,000,600 | ---- | C] () -- C:\Users\Belinda\AppData\Local\PUTTY.RND [2012/07/28 15:15:23 | 000,000,499 | ---- | C] () -- C:\Users\Belinda\.jalbum-recent-projects.properties [2012/07/28 15:13:58 | 000,000,435 | ---- | C] () -- C:\Users\Belinda\.jalbum-ftp-accounts.xml [2012/07/28 15:13:13 | 000,000,899 | ---- | C] () -- C:\Users\Belinda\.jalbum-defaults.jap [2012/07/27 15:35:47 | 000,000,600 | ---- | C] () -- C:\Users\Belinda\AppData\Roaming\winscp.rnd [2012/07/25 16:26:30 | 000,068,000 | ---- | C] () -- C:\Users\Belinda\obands.jpg [2012/07/13 14:41:10 | 000,001,456 | ---- | C] () -- C:\Users\Belinda\AppData\Local\Adobe Save for Web 12.0 Prefs [2012/07/08 12:45:20 | 000,196,096 | ---- | C] () -- C:\Windows\SysWow64\macd32.dll [2012/07/08 12:45:20 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\mase32.dll [2012/07/08 12:45:20 | 000,136,192 | ---- | C] () -- C:\Windows\SysWow64\mamc32.dll [2012/07/08 12:45:20 | 000,057,856 | ---- | C] () -- C:\Windows\SysWow64\masd32.dll [2012/07/08 12:45:20 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\ma32.dll [2012/07/03 18:50:28 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll [2012/07/03 17:57:28 | 000,000,012 | ---- | C] () -- C:\Windows\Ulead32.ini [2012/06/29 07:26:15 | 000,000,680 | ---- | C] () -- C:\Users\Belinda\AppData\Local\d3d9caps.dat [2012/06/20 09:47:09 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini [2012/06/15 14:42:55 | 000,000,132 | ---- | C] () -- C:\Users\Belinda\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012/06/05 08:56:53 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\FTPStubInstUtils.dll [2012/06/05 08:50:50 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2012/06/04 15:53:02 | 000,023,040 | ---- | C] () -- C:\Users\Belinda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/06/03 17:09:37 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2012/06/03 17:09:04 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2012/06/03 17:08:35 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012/06/03 15:06:55 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2012/06/03 12:16:31 | 000,001,460 | ---- | C] () -- C:\Users\Belinda\AppData\Local\d3d9caps64.dat [2012/04/16 09:36:10 | 000,034,880 | ---- | C] () -- C:\Windows\MAXLINK.INI ========== ZeroAccess Check ========== [2006/11/02 09:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 11:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 01:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 20:50:01 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\SysWow64\wbem\wbemess.dll ========== LOP Check ========== [2013/12/10 15:25:07 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\.oit [2013/03/24 11:42:44 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\Aura4You [2013/02/27 12:32:48 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\Canon [2012/06/12 16:34:35 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\Catalina Marketing Corp [2012/11/25 09:53:06 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012/11/27 17:05:23 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\com.dwuser.erwizard.EasyRotatorWizard [2012/11/05 09:35:37 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\Downloaded Installations [2014/01/02 10:58:20 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\Dropbox [2012/11/05 09:38:25 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\FileOpen [2013/10/20 23:13:55 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\FileZilla [2012/07/03 21:17:25 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\GraphicsDesk [2012/07/03 21:41:29 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\Hemera [2012/11/05 11:08:05 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\Nitro [2013/12/31 16:12:57 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\Nitro PDF [2013/12/10 15:22:29 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\Nuance [2012/10/16 10:48:50 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\PDFlite [2013/10/09 07:17:53 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\Spotify [2013/09/27 07:49:36 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012/06/05 23:32:04 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\TomTom [2012/09/26 16:54:09 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\TuneUp Software [2012/11/17 10:05:01 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\Ulead Systems [2013/04/07 08:42:10 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\uTorrent [2013/12/09 14:27:27 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\Visan [2012/07/13 12:54:02 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\Wacom [2012/07/13 12:57:36 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2013/12/10 15:22:35 | 000,000,000 | ---D | M] -- C:\Users\Belinda\AppData\Roaming\Zeon [2012/10/14 19:48:16 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2012/10/14 19:48:16 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2012/10/14 19:48:16 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:FD9CE1F3 @Alternate Data Stream - 173 bytes -> C:\ProgramData\Temp:96D0C06F < End of report >
  9. ok weird - I have been out of town since the 1st, but I replied to this to advise it would be a few days before I followed up - don't see that reply! Anyway, glad you kept this thread open. Am now running the OTL scan and will post files asap.
  10. Happy New Year! I've got 10 hours to go for me here in the USA. Thank you so much for ALL your assistance so far.
  11. Ahh. ok, wasn't sure if I missed a step. The only place I know to look is in the control panel/programs add-remove - and yes - unfortunately both are still listed there. Screenshots attached.
  12. Did we possibly post at teh same time? I just put up the combo fix file.
  13. ComboFix 13-12-31.01 - Belinda 12/31/2013 13:16:00.2.4 - x64 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.16344.13367 [GMT -6:00] Running from: c:\users\Belinda\Desktop\ComboFix.exe Command switches used :: c:\users\Belinda\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-11-28 to 2013-12-31 ))))))))))))))))))))))))))))))) . . 2013-12-31 19:21 . 2013-12-31 19:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-12-31 19:21 . 2013-12-31 19:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-12-30 17:28 . 2013-12-30 17:26 312744 ----a-w- c:\windows\system32\javaws.exe 2013-12-30 17:28 . 2013-12-30 17:27 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-12-30 17:28 . 2013-12-30 17:26 189352 ----a-w- c:\windows\system32\javaw.exe 2013-12-30 17:28 . 2013-12-30 17:26 189352 ----a-w- c:\windows\system32\java.exe 2013-12-30 17:26 . 2013-12-30 17:26 -------- d-----w- c:\program files\Java 2013-12-30 04:09 . 2013-12-30 04:09 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-12-27 23:32 . 2013-12-27 23:37 -------- d-----w- c:\users\Belinda\AppData\Local\Avg2013 2013-12-27 20:58 . 2013-12-27 20:58 -------- d-----w- c:\windows\Sun 2013-12-27 17:11 . 2013-12-27 17:11 -------- d-----w- c:\program files (x86)\ESET 2013-12-23 13:15 . 2013-12-25 23:36 -------- d-----w- C:\FRST 2013-12-22 15:45 . 2013-12-31 17:06 -------- d-----w- C:\AdwCleaner 2013-12-22 15:38 . 2013-12-22 15:38 -------- d-----w- c:\windows\ERUNT 2013-12-20 15:16 . 2013-12-20 15:16 41984 ----a-w- c:\windows\system32\drivers\umbus.sys.bak 2013-12-20 15:15 . 2013-12-20 15:15 29696 ----a-w- c:\windows\system32\drivers\fdc.sys.bak 2013-12-16 10:17 . 2013-12-16 10:17 -------- d-----w- c:\users\Default\AppData\Local\Google 2013-12-12 07:07 . 2013-10-30 02:10 2776064 ----a-w- c:\windows\system32\win32k.sys 2013-12-11 17:13 . 2013-12-11 17:14 -------- d-----w- c:\users\Belinda\AppData\Roaming\Roxio 2013-12-10 21:22 . 2013-12-10 21:22 -------- d-----w- c:\users\Belinda\AppData\Roaming\Zeon 2013-12-10 20:21 . 2013-12-10 20:21 -------- d-----w- c:\windows\Hewlett-Packard 2013-12-09 20:27 . 2013-12-09 20:27 -------- d-----w- c:\users\Belinda\AppData\Roaming\Visan 2013-12-03 19:31 . 2013-12-18 21:02 -------- d-----w- c:\programdata\HP Photo Creations 2013-12-03 19:31 . 2013-12-09 20:27 -------- d-----w- c:\programdata\Visan 2013-12-03 19:31 . 2013-12-03 19:31 -------- d-----w- c:\program files (x86)\HP Photo Creations 2013-12-03 19:31 . 2013-12-24 21:16 -------- d-----w- c:\users\Belinda\AppData\Roaming\HpUpdate 2013-12-03 19:31 . 2012-10-17 10:31 741480 ------w- c:\windows\system32\HPDiscoPMAF11.dll 2013-12-03 19:27 . 2013-12-10 20:21 -------- d-----w- c:\programdata\HP 2013-12-03 19:27 . 2013-12-10 20:21 -------- d-----w- c:\program files (x86)\HP 2013-12-03 19:27 . 2013-12-03 19:27 -------- d-----w- c:\program files\HP 2013-12-03 19:20 . 2013-12-09 20:12 -------- d-----w- c:\users\Belinda\AppData\Local\HP 2013-12-03 02:57 . 2012-08-10 09:01 56336 ------w- c:\windows\system32\drivers\PxHlpa64.sys 2013-12-03 02:57 . 2012-04-24 09:01 11376 ------w- c:\windows\system32\drivers\cdralw2k.sys 2013-12-03 02:57 . 2012-04-24 09:01 10864 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2013-12-03 02:56 . 2013-12-03 02:56 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared 2013-12-03 02:56 . 2013-12-03 02:56 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine 2013-12-03 02:51 . 2013-12-03 02:51 -------- d-----w- c:\program files\Nuance 2013-12-03 02:46 . 2013-12-03 02:46 -------- d-----w- c:\programdata\Zeon 2013-12-03 02:43 . 2013-12-10 21:22 -------- d-----w- c:\users\Belinda\AppData\Roaming\Nuance 2013-12-03 02:42 . 2013-12-10 21:25 -------- d-----w- c:\users\Belinda\AppData\Roaming\.oit 2013-12-03 02:42 . 2013-12-03 02:43 -------- d-----w- c:\programdata\ScanSoft 2013-12-03 02:42 . 2013-12-03 02:42 -------- d-----w- c:\windows\PIXTRAN 2013-12-03 02:41 . 2013-12-03 02:46 -------- d-----w- c:\program files (x86)\Common Files\ScanSoft Shared 2013-12-03 02:41 . 2013-12-19 03:07 -------- d-----w- c:\programdata\Nuance 2013-12-03 02:41 . 2013-12-03 02:46 -------- d-----w- c:\program files (x86)\Nuance 2013-12-03 02:41 . 2013-12-03 02:41 -------- d-----w- c:\programdata\Macrovision 2013-12-03 02:41 . 2013-12-03 02:41 -------- d-----w- c:\programdata\FLEXnet . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-12-17 20:49 . 2006-11-02 12:35 90708896 ----a-w- c:\windows\system32\mrt.exe 2013-12-15 17:46 . 2012-06-04 06:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-15 17:46 . 2012-06-04 06:49 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-10-30 04:34 . 2008-01-21 02:45 1386496 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll 2013-10-11 04:23 . 2013-11-12 20:42 462848 ----a-w- c:\windows\system32\IKEEXT.DLL 2013-10-11 04:23 . 2013-11-12 20:42 781824 ----a-w- c:\windows\system32\FWPUCLNT.DLL 2013-10-11 02:07 . 2013-11-12 20:42 596480 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL 2013-10-03 15:03 . 2013-11-12 20:42 389632 ----a-w- c:\windows\system32\gdi32.dll 2013-10-03 15:02 . 2013-11-12 20:42 1278976 ----a-w- c:\windows\system32\crypt32.dll 2013-10-03 12:46 . 2013-11-12 20:42 304128 ----a-w- c:\windows\SysWow64\gdi32.dll 2013-10-03 12:45 . 2013-11-12 20:42 993792 ----a-w- c:\windows\SysWow64\crypt32.dll 2008-12-15 21:35 . 2008-11-18 21:02 1242624 ------w- c:\program files (x86)\PGE7_PlugIn.8bf . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Belinda\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Belinda\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Belinda\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress8"="NA" [X] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe" [2011-03-03 12008296] "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392] "LaunchList"="c:\program files (x86)\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-04 39408] "Power2GoExpress"="c:\program files (x86)\CyberLink\Power2Go\Power2GoExpress.exe" [2007-08-09 2503976] "Spotify Web Helper"="c:\users\Belinda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-10-04 1140736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "CLMLServer_For_P2G8"="c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [2011-10-28 107816] "CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2011-10-31 485672] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2007-03-29 185904] "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432] "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472] "UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408] "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2007-11-16 91432] "RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736] "LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760] "InstantBurn"="c:\progra~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2007-06-05 599600] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976] "PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2012-04-20 38824] "IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2012-04-20 51112] "PPort14reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2012-01-03 333672] "PDFProHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe" [2012-01-27 607592] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208] . c:\users\Belinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Belinda\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-12-17 30714312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x] . . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-08-20 18:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-12-05 06:27 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-04 06:50] . 2013-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-04 06:50] . 2013-12-31 c:\windows\Tasks\HP Photo Creations Communicator.job - c:\programdata\HP Photo Creations\Communicator.exe [2013-12-09 20:13] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Belinda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Belinda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Belinda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Belinda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-12-06 21:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-12-06 21:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2013-12-06 21:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-12-06 21:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-12-06 21:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <-loopback> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Open with PDF Viewer 7 - c:\program files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm Trusted Zone: charmsoffice.com\www Trusted Zone: intuit.com\accounts Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 FF - ProfilePath - c:\users\Belinda\AppData\Roaming\Mozilla\Firefox\Profiles\wa3hsfdb.default\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files (x86)\Coupons\uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . Completion time: 2013-12-31 13:22:35 ComboFix-quarantined-files.txt 2013-12-31 19:22 ComboFix2.txt 2013-12-27 02:45 . Pre-Run: 530,908,295,168 bytes free Post-Run: 530,865,127,424 bytes free . - - End Of File - - 699ECED089ED535DAFEBD44C45E98DFF 5C616939100B85E558DA92B899A0FC36
  14. SystemLook 30.07.11 by jpshortstuff Log created at 11:43 on 31/12/2013 by Belinda Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results. ========== folderfind ========== Searching for "*scorpion saver*" No folders found. Searching for "*quality watcher*" C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher d------ [15:47 22/12/2013] ========== regfind ========== Searching for "scorpion saver" [HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver] [HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Scorpion Saver] Searching for "quality watcher" [HKEY_CURRENT_USER\Software\AppDataLow\Software\Level Quality Watcher] [HKEY_USERS\S-1-5-21-743036512-4070977799-287011189-1000\Software\AppDataLow\Software\Level Quality Watcher] -= EOF =-
  15. # AdwCleaner v3.016 - Report created 31/12/2013 at 11:06:49 # Updated 23/12/2013 by Xplode # Operating System : Windows Vista Ultimate Service Pack 2 (64 bits) # Username : Belinda - BELINDA-I5 # Running from : C:\Users\Belinda\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6E810AB6-F34E-49A3-A93F-9E503660F718} ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16526 -\\ Mozilla Firefox v24.0 (en-US) [ File : C:\Users\Belinda\AppData\Roaming\Mozilla\Firefox\Profiles\wa3hsfdb.default\prefs.js ] -\\ Google Chrome v31.0.1650.63 [ File : C:\Users\Belinda\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [4972 octets] - [22/12/2013 09:46:10] AdwCleaner[R1].txt - [1211 octets] - [31/12/2013 11:03:39] AdwCleaner[s0].txt - [3927 octets] - [22/12/2013 09:47:16] AdwCleaner[s1].txt - [1136 octets] - [31/12/2013 11:06:49] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1196 octets] ##########
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.