Jump to content

Doops

Honorary Members
  • Posts

    21
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I just finished a scan with MB, turned out clean! Thank you very much! This is the second time you experts here in the forum have helped me out, and I'll donate again. Out of curiosity, may I ask what PUPs detected by MB usually are? They seem harmless, but I know they're security holes. Where are they usually coming from by the way (so I can practice better browsing habits)? (I'm using Firefox as my main browser, with NoScript)
  2. Here is the Zoek file. Thanks again for your help. It was quite scary to have to disable Norton. There were quite a few things I had to manually turn off. zoek-results.txt
  3. After this previous scan, the number of PUPs has gone right back up to four (it was previously 2 for two scans). I'm a little worried. I'm very thankful for your help! Scan log attached. MB_Scan1.txt
  4. Hello, I've been doing my best to keep a computer I got last year clean, and within the past week, I've picked up some PUPs (opencandy). MB has detected at least five of them before (within the past week) but it seems to have removed them down to two particularly sticky ones that keep regenerating after each scan+delete by MB. Your experts have helped me once before, and I'm glad you guys are here. I ask for your help once more. Addition.txt FRST.txt
  5. Both ran clean, and I don't see any other problems that I saw with Spigot. Thank you so much for your help!
  6. I tried to reset IE and Chrome's homepages, and it worked! I haven't seen any search redirects in Firefox since the last OTL fix run either (granted, even before then, I only saw it three times). I think it's fine now! Thank you so much! Is there any way we can check for sure that there's no remaining Spigot data, rootkits, trojans, etc? Just to be sure.
  7. All processes killed ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found. HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKU\S-1-5-21-825749163-974839105-3472330399-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKU\S-1-5-21-825749163-974839105-3472330399-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-825749163-974839105-3472330399-1004\Software\Microsoft\Internet Explorer\SearchScopes\{6B46B519-F692-44CD-A626-23B2D48A9F47}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B46B519-F692-44CD-A626-23B2D48A9F47}\ not found. Prefs.js: "Bing" removed from browser.search.defaultenginename Prefs.js: "Bing" removed from browser.search.selectedEngine Prefs.js: "msn.com" removed from browser.startup.homepage C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\adsremoval@adsremoval.net\lib folder moved successfully. C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\adsremoval@adsremoval.net\defaults folder moved successfully. C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\adsremoval@adsremoval.net\chrome\content\subscriptions folder moved successfully. C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\adsremoval@adsremoval.net\chrome\content\scripts folder moved successfully. C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\adsremoval@adsremoval.net\chrome\content\images folder moved successfully. C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\adsremoval@adsremoval.net\chrome\content folder moved successfully. C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\adsremoval@adsremoval.net\chrome folder moved successfully. C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\adsremoval@adsremoval.net\bin folder moved successfully. C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\adsremoval@adsremoval.net folder moved successfully. C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\js folder moved successfully. C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\img folder moved successfully. C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\filtering folder moved successfully. C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\dll folder moved successfully. C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\db folder moved successfully. C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0 folder moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\MT\Desktop\Logs\cmd.bat deleted successfully. C:\Users\MT\Desktop\Logs\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: AdMin ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: MT ->Temp folder emptied: 19690725 bytes ->Temporary Internet Files folder emptied: 3081516 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 394995801 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 4020 bytes User: Public User: TT ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Work ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 37184 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 398.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01282014_014009 Files\Folders moved on Reboot... C:\Users\MT\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\MT\AppData\Local\Temp\MMDUtl.log moved successfully. C:\Users\MT\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  8. Also, this was in Firefox (my main browser, which was previously unaffected by the Spigot redirect like IE/Chrome).
  9. This is a new problem: Since yesterday, I've been getting some Bing search hit redirects. Only two incidents so far, but it's worrysome. When I click on a search link, I am sometimes taken to a different site, or a download prompt for some sort of file comes up (usually a zip file). When I am redirected, I click back immediately (though if anything happens, I suppose that the damage is too fast anyways). For the download prompts I deny them. I'm very scared by this.
  10. I ran OTL the same as your last instructions for it, but there was no Extras.txt log this time (just the OTL.txt). Did I do something wrong?
  11. OTL logfile created on: 1/25/2014 9:03:58 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MT\Desktop\Logs 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.86 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 48.94% Memory free 9.63 Gb Paging File | 7.58 Gb Available in Paging File | 78.69% Paging File free Paging file location(s): c:\pagefile.sys 5920 5920 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 447.66 Gb Total Space | 334.28 Gb Free Space | 74.67% Space Free | Partition Type: NTFS Computer Name: ASPIRE5755-9401 | User Name: MT | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/01/21 21:06:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MT\Desktop\Logs\OTL.exe PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/12/13 17:44:36 | 001,573,184 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe PRC - [2013/12/09 15:02:00 | 002,285,344 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe PRC - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe PRC - [2013/12/03 16:10:24 | 000,775,968 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe PRC - [2013/11/11 17:19:48 | 000,341,824 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe PRC - [2013/10/25 12:07:12 | 000,469,280 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\DelayLoad.exe PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe PRC - [2012/04/24 13:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe PRC - [2012/04/05 14:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe PRC - [2011/11/29 18:16:12 | 000,109,984 | ---- | M] (CypherTec Inc.) -- C:\Program Files (x86)\Common Files\CypherTec\cgrdsrv32.exe PRC - [2011/06/30 21:51:14 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe PRC - [2011/06/30 21:51:14 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2011/06/30 21:51:12 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2011/06/30 21:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2011/05/29 21:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2011/05/20 13:13:06 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe PRC - [2011/05/20 13:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe PRC - [2011/05/09 20:41:56 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe PRC - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe PRC - [2011/04/23 20:28:38 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe PRC - [2011/04/20 16:58:02 | 001,204,224 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe PRC - [2011/04/20 16:53:10 | 000,335,872 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe PRC - [2011/02/01 16:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2011/02/01 16:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/11/16 20:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010/09/30 05:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe PRC - [2010/06/10 12:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe PRC - [2010/03/08 23:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe PRC - [2010/03/08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe PRC - [2010/03/05 19:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe ========== Modules (No Company Name) ========== MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\madexcept_.bpl MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\maddisAsm_.bpl MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\madbasic_.bpl MOD - [2013/01/15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\webres.dll MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll MOD - [2011/05/20 13:13:04 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll MOD - [2011/05/20 13:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe MOD - [2011/04/23 20:29:56 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2012/04/05 14:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service) SRV:64bit: - [2011/11/29 18:48:06 | 000,131,000 | ---- | M] (CypherTec Inc.) [Auto | Running] -- C:\Program Files\Common Files\CypherTec\cthwsrv64.exe -- (CypherGuard Info Service) SRV:64bit: - [2011/11/29 18:26:28 | 000,127,416 | ---- | M] (CypherTec Inc.) [Auto | Running] -- C:\Program Files\Common Files\CypherTec\cgrdsrv64.exe -- (CypherGuard cguard Service 64bit Edition) SRV:64bit: - [2011/08/02 13:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2011/05/02 16:27:50 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2011/05/02 16:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011/05/02 16:10:26 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2010/11/29 17:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/12/20 05:26:05 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/12/16 16:51:38 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/12/09 15:01:58 | 000,881,440 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7) SRV - [2013/12/03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc) SRV - [2013/11/11 17:19:48 | 000,341,824 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice) SRV - [2013/11/07 01:52:56 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2013/10/07 14:19:22 | 000,240,736 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService) SRV - [2013/10/07 13:30:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS) SRV - [2012/04/24 13:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2011/11/29 18:16:12 | 000,109,984 | ---- | M] (CypherTec Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\CypherTec\cgrdsrv32.exe -- (CypherGuard cguard Service 32bit Edition) SRV - [2011/06/30 21:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2011/05/29 21:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011/04/23 20:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2011/02/01 16:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011/02/01 16:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/09/30 05:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010/03/08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP) SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/11/13 13:23:49 | 000,435,512 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2013/11/07 01:52:44 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2013/10/09 09:16:27 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013/10/08 10:43:55 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2013/05/23 00:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA) DRV:64bit: - [2013/05/22 17:49:32 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV:64bit: - [2013/05/21 00:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys -- (SymDS) DRV:64bit: - [2013/05/16 00:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013/04/24 19:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys -- (SymNetS) DRV:64bit: - [2013/04/15 21:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2013/03/04 20:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012/12/14 16:40:22 | 000,123,832 | ---- | M] (CypherTec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cymon.sys -- (Cymon) DRV:64bit: - [2012/09/06 20:48:08 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON) DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/07/14 00:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/07/14 00:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/06/21 17:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011/06/21 17:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011/06/19 09:35:09 | 000,196,704 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus) DRV:64bit: - [2011/05/16 16:57:32 | 000,051,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa) DRV:64bit: - [2011/05/06 12:11:12 | 000,086,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa) DRV:64bit: - [2011/05/01 16:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011/04/26 13:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/04/05 06:26:26 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2011/03/09 23:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2011/03/09 23:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2011/02/10 01:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011/02/10 01:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011/01/20 20:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp) DRV:64bit: - [2011/01/20 20:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd) DRV:64bit: - [2010/11/29 17:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/10/15 03:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010/03/19 05:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2014/01/23 13:35:22 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20140125.005\ex64.sys -- (NAVEX15) DRV - [2014/01/23 13:35:22 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20140125.005\eng64.sys -- (NAVENG) DRV - [2014/01/20 18:45:57 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20140124.001\IDSviA64.sys -- (IDSVia64) DRV - [2013/12/17 19:32:10 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20140121.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013/11/21 00:07:51 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013/11/21 00:07:51 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013/11/19 16:10:34 | 000,034,848 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter) DRV - [2013/11/19 16:10:34 | 000,023,016 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter) DRV - [2013/03/23 15:48:48 | 000,023,048 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor) DRV - [2012/12/14 16:40:24 | 000,110,136 | ---- | M] (CypherTec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\cymon.sys -- (Cymon) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-18\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-825749163-974839105-3472330399-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=198484&fr=spigot-yhp-ie IE - HKU\S-1-5-21-825749163-974839105-3472330399-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\S-1-5-21-825749163-974839105-3472330399-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-825749163-974839105-3472330399-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 5B 45 94 2D C4 CE 01 [binary data] IE - HKU\S-1-5-21-825749163-974839105-3472330399-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-825749163-974839105-3472330399-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFD_enUS557 IE - HKU\S-1-5-21-825749163-974839105-3472330399-1004\..\SearchScopes\{6B46B519-F692-44CD-A626-23B2D48A9F47}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms} IE - HKU\S-1-5-21-825749163-974839105-3472330399-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.selectedEngine: "Bing" FF - prefs.js..browser.startup.homepage: "msn.com" FF - prefs.js..extensions.enabledAddons: rikaichan-jpen%40polarcloud.com:2.01.130701 FF - prefs.js..extensions.enabledAddons: %7B0AA9101C-D3C1-4129-A9B7-D778C6A17F82%7D:2.07 FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\MT\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFF [2013/10/09 11:17:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\ [2014/01/25 20:57:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/10/10 15:55:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/15 22:59:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/10/10 15:55:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/15 22:59:14 | 000,000,000 | ---D | M] [2013/10/20 12:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MT\AppData\Roaming\Mozilla\Extensions [2014/01/24 21:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions [2013/10/20 13:05:13 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [2013/10/20 13:05:13 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2013/12/13 13:27:49 | 000,000,000 | ---D | M] (Ads Removal) -- C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\adsremoval@adsremoval.net [2013/10/20 13:14:44 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\rikaichan-jpen@polarcloud.com [2014/01/16 12:09:38 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014/01/04 19:03:59 | 000,000,905 | ---- | M] () -- C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\searchplugins\yahoo_ff.xml [2013/12/20 05:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/12/20 05:26:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF File not found (No name found) -- C:\USERS\MT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EZZ5BZ6N.DEFAULT\EXTENSIONS\ASCSURFINGPROTECTION@IOBIT.COM [2013/11/15 03:32:00 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - Extension: Google Docs = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Ads Removal = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\ CHR - Extension: avast! Online Security = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\ CHR - Extension: Skype Click to Call = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\ CHR - Extension: Norton Identity Protection = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.5.2_0\ CHR - Extension: Store = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\ CHR - Extension: Google Wallet = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ CHR - Extension: Gmail = C:\Users\MT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O3:64bit: - HKU\S-1-5-21-825749163-974839105-3472330399-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-825749163-974839105-3472330399-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.) O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [indexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [iObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-825749163-974839105-3472330399-1004..\Run: [Advanced SystemCare 7] C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe (IObit) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0BCF2FB-1545-4F42-9C6F-8160A8B30C5C}: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9B0643F-BDCE-4FE4-8860-BF102ADAAB91}: DhcpNameServer = 75.75.75.75 75.75.76.76 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6c7c70cb-545e-11e3-b0b5-b870f4ee7158}\Shell - "" = AutoRun O33 - MountPoints2\{6c7c70cb-545e-11e3-b0b5-b870f4ee7158}\Shell\AutoRun\command - "" = V:\setup.exe O33 - MountPoints2\{7a1d30ab-4118-11e3-8e84-b870f4ee7158}\Shell - "" = AutoRun O33 - MountPoints2\{7a1d30ab-4118-11e3-8e84-b870f4ee7158}\Shell\AutoRun\command - "" = V:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014/01/24 22:13:08 | 000,000,000 | ---D | C] -- C:\Windows\Migration [2014/01/24 22:13:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2014/01/24 21:28:14 | 000,000,000 | ---D | C] -- C:\_OTL [2014/01/21 20:50:55 | 000,000,000 | ---D | C] -- C:\Users\MT\Desktop\Logs [2014/01/21 20:50:15 | 000,000,000 | ---D | C] -- C:\Users\MT\Documents\Black Crusade [2014/01/20 10:50:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014/01/20 10:49:05 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014/01/17 21:26:49 | 000,000,000 | ---D | C] -- C:\Users\MT\Desktop\NUIP [2014/01/17 19:36:22 | 000,000,000 | ---D | C] -- C:\Users\MT\AppData\Roaming\Unity [2014/01/15 14:02:04 | 000,000,000 | ---D | C] -- C:\Users\MT\AppData\Local\Unity [2014/01/15 11:03:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2014/01/13 09:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UVa Network Setup Tool [2014/01/13 09:08:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\University of Virginia [2014/01/07 01:02:55 | 000,000,000 | ---D | C] -- C:\Users\MT\Documents\GuP Motto Love Love Sakusen Desu C08 [2014/01/05 10:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2014/01/04 19:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller [2014/01/04 19:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData [2014/01/04 19:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} [2014/01/04 19:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7 [2014/01/03 20:52:08 | 000,000,000 | ---D | C] -- C:\Users\MT\AppData\Roaming\SPSSInc [2014/01/03 20:51:18 | 000,000,000 | ---D | C] -- C:\Users\MT\.spss [2014/01/03 20:50:52 | 000,000,000 | ---D | C] -- C:\Users\MT\AppData\Local\javasharedresources [2014/01/03 19:34:29 | 000,000,000 | ---D | C] -- C:\Users\MT\Desktop\Job [2014/01/03 19:26:33 | 000,000,000 | ---D | C] -- C:\Users\MT\AppData\Local\IBM [2014/01/03 19:26:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SafeNet Sentinel [2014/01/03 19:26:17 | 000,000,000 | ---D | C] -- C:\Users\MT\Desktop\MedEssays [2014/01/03 19:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SPSS [2014/01/03 19:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics [2014/01/03 19:23:46 | 000,000,000 | ---D | C] -- C:\SysWOW64 [2014/01/03 19:23:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\IBM [2014/01/03 19:22:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IBM [2014/01/02 22:06:03 | 000,000,000 | ---D | C] -- C:\Users\MT\AppData\Roaming\e-academy Inc [2014/01/02 22:06:03 | 000,000,000 | ---D | C] -- C:\Users\MT\AppData\Local\e-academy Inc ========== Files - Modified Within 30 Days ========== [2014/01/25 21:03:35 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\Driver Booster Update.job [2014/01/25 21:03:20 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/01/25 21:03:20 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/01/25 21:02:19 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014/01/25 21:02:19 | 000,653,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014/01/25 21:02:19 | 000,121,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014/01/25 20:59:14 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014/01/25 20:55:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/01/25 20:55:36 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys [2014/01/25 20:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014/01/25 20:14:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014/01/24 22:15:45 | 000,762,252 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014/01/24 13:43:41 | 503,663,545 | ---- | M] () -- C:\Users\MT\Documents\[underwater] KILL la KILL - 15 (720p) [9FE2481B].mkv [2014/01/23 00:34:40 | 429,702,335 | ---- | M] () -- C:\Users\MT\Documents\[Vivid] D-Frag! - 02 [3570BC9C].mkv [2014/01/23 00:33:28 | 402,262,665 | ---- | M] () -- C:\Users\MT\Documents\[Vivid] D-Frag! - 03 [47F4A5C7].mkv [2014/01/22 04:56:53 | 000,158,109 | ---- | M] () -- C:\Users\MT\Desktop\FacultyStaff Discount Program _3_.pdf [2014/01/16 22:36:44 | 349,278,301 | ---- | M] () -- C:\Users\MT\Documents\[HorribleSubs] Kill la Kill - 14 [720p].mkv [2014/01/15 22:52:54 | 000,464,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014/01/15 11:04:24 | 000,003,719 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml [2014/01/14 15:19:37 | 318,472,067 | ---- | M] () -- C:\Users\MT\Documents\[FFF] Sekai Seifuku ~Bouryaku no Zvezda~ - 01 [043C6B38].mkv [2014/01/13 09:08:51 | 000,001,371 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CertChecker.lnk [2014/01/09 23:37:10 | 445,342,059 | ---- | M] () -- C:\Users\MT\Documents\[AOI] Kyousougiga Music Collection [flac+scans].zip [2014/01/09 23:36:01 | 181,547,899 | ---- | M] () -- C:\Users\MT\Documents\[AOI] Kyousougiga Music Collection [320k+scans].zip [2014/01/09 21:40:14 | 375,854,580 | ---- | M] () -- C:\Users\MT\Documents\[HorribleSubs] Kyousougiga - 10.5 [720p].mkv [2014/01/09 21:38:01 | 376,281,091 | ---- | M] () -- C:\Users\MT\Documents\[HorribleSubs] Kyousougiga - 10 [720p].mkv [2014/01/09 21:37:19 | 524,318,219 | ---- | M] () -- C:\Users\MT\Documents\[Commie] Kyousougiga - 09 [4D1C06C5].mkv [2014/01/09 14:59:08 | 348,459,256 | ---- | M] () -- C:\Users\MT\Documents\[HorribleSubs] Kill la Kill - 13 [720p].mkv [2014/01/07 21:06:09 | 432,938,492 | ---- | M] () -- C:\Users\MT\Documents\[Vivid] D-Frag! - 01 [F0D3C74F].mkv [2014/01/07 12:01:24 | 000,506,084 | ---- | M] () -- C:\Users\MT\Desktop\010.jpg [2014/01/04 19:19:53 | 000,011,054 | ---- | M] () -- C:\Users\MT\Documents\cc_20140104_191934.reg [2014/01/03 19:22:13 | 000,000,219 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.tgz [2014/01/03 19:22:13 | 000,000,205 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.dll [2014/01/03 19:22:13 | 000,000,016 | -H-- | M] () -- C:\Windows\SysWow64\servdat.slm [2014/01/03 19:22:12 | 000,001,025 | ---- | M] () -- C:\Windows\SysWow64\sysprs7.tgz [2014/01/03 19:22:12 | 000,001,025 | ---- | M] () -- C:\Windows\SysWow64\sysprs7.dll [2014/01/02 16:38:43 | 001,922,012 | ---- | M] () -- C:\Users\MT\Documents\Devil Vs Goddess (Pixiv 40638995) - Imgur.zip ========== Files Created - No Company Name ========== [2014/01/24 22:15:45 | 000,762,252 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014/01/24 13:40:42 | 503,663,545 | ---- | C] () -- C:\Users\MT\Documents\[underwater] KILL la KILL - 15 (720p) [9FE2481B].mkv [2014/01/23 00:30:46 | 429,702,335 | ---- | C] () -- C:\Users\MT\Documents\[Vivid] D-Frag! - 02 [3570BC9C].mkv [2014/01/23 00:30:15 | 402,262,665 | ---- | C] () -- C:\Users\MT\Documents\[Vivid] D-Frag! - 03 [47F4A5C7].mkv [2014/01/22 04:57:01 | 000,158,109 | ---- | C] () -- C:\Users\MT\Desktop\FacultyStaff Discount Program _3_.pdf [2014/01/16 22:33:12 | 349,278,301 | ---- | C] () -- C:\Users\MT\Documents\[HorribleSubs] Kill la Kill - 14 [720p].mkv [2014/01/15 11:04:24 | 000,003,719 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml [2014/01/14 15:17:28 | 318,472,067 | ---- | C] () -- C:\Users\MT\Documents\[FFF] Sekai Seifuku ~Bouryaku no Zvezda~ - 01 [043C6B38].mkv [2014/01/13 09:08:51 | 000,001,371 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CertChecker.lnk [2014/01/09 23:31:36 | 445,342,059 | ---- | C] () -- C:\Users\MT\Documents\[AOI] Kyousougiga Music Collection [flac+scans].zip [2014/01/09 23:31:25 | 181,547,899 | ---- | C] () -- C:\Users\MT\Documents\[AOI] Kyousougiga Music Collection [320k+scans].zip [2014/01/09 21:34:20 | 375,854,580 | ---- | C] () -- C:\Users\MT\Documents\[HorribleSubs] Kyousougiga - 10.5 [720p].mkv [2014/01/09 21:32:47 | 376,281,091 | ---- | C] () -- C:\Users\MT\Documents\[HorribleSubs] Kyousougiga - 10 [720p].mkv [2014/01/09 21:32:42 | 524,318,219 | ---- | C] () -- C:\Users\MT\Documents\[Commie] Kyousougiga - 09 [4D1C06C5].mkv [2014/01/09 14:52:03 | 348,459,256 | ---- | C] () -- C:\Users\MT\Documents\[HorribleSubs] Kill la Kill - 13 [720p].mkv [2014/01/07 20:59:27 | 432,938,492 | ---- | C] () -- C:\Users\MT\Documents\[Vivid] D-Frag! - 01 [F0D3C74F].mkv [2014/01/07 12:01:24 | 000,506,084 | ---- | C] () -- C:\Users\MT\Desktop\010.jpg [2014/01/04 19:19:38 | 000,011,054 | ---- | C] () -- C:\Users\MT\Documents\cc_20140104_191934.reg [2014/01/03 19:22:12 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.tgz [2014/01/03 19:22:12 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2014/01/03 19:22:12 | 000,000,219 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.tgz [2014/01/03 19:22:12 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2014/01/03 19:22:12 | 000,000,016 | -H-- | C] () -- C:\Windows\SysWow64\servdat.slm [2014/01/02 16:38:51 | 001,922,012 | ---- | C] () -- C:\Users\MT\Documents\Devil Vs Goddess (Pixiv 40638995) - Imgur.zip [2013/11/07 01:52:42 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2013/10/31 23:23:55 | 000,087,040 | ---- | C] () -- C:\Windows\UnGins.exe [2013/10/26 01:12:31 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2013/10/26 01:12:24 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2013/10/10 15:48:49 | 000,210,391 | ---- | C] () -- C:\Windows\hpwins19.dat [2013/10/10 15:48:49 | 000,000,673 | ---- | C] () -- C:\Windows\hpwmdl19.dat [2013/10/08 08:03:00 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2013/10/08 08:02:49 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2014/01/13 08:56:20 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit [2014/01/13 08:56:20 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit [2013/10/08 08:45:34 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\ControlCenter4 [2013/10/26 01:07:03 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\CypherTec [2013/10/08 10:43:45 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\DAEMON Tools Lite [2013/10/26 01:36:16 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\DLsite [2014/01/02 22:06:03 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\e-academy Inc [2014/01/04 19:12:51 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\IObit [2013/10/08 11:23:43 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\Nuance [2013/10/23 20:26:32 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\PowerCinema [2014/01/03 20:52:08 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\SPSSInc [2013/10/10 08:08:31 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\Stardock [2014/01/17 19:36:22 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\Unity [2013/10/09 08:57:50 | 000,000,000 | ---D | M] -- C:\Users\MT\AppData\Roaming\WildTangent [2013/10/08 08:23:08 | 000,000,000 | ---D | M] -- C:\Users\TT\AppData\Roaming\ControlCenter4 [2013/10/09 20:11:04 | 000,000,000 | ---D | M] -- C:\Users\TT\AppData\Roaming\e-academy Inc [2013/10/17 20:37:49 | 000,000,000 | ---D | M] -- C:\Users\TT\AppData\Roaming\ImgBurn [2014/01/12 12:13:37 | 000,000,000 | ---D | M] -- C:\Users\TT\AppData\Roaming\IObit [2013/10/08 08:14:54 | 000,000,000 | ---D | M] -- C:\Users\TT\AppData\Roaming\Nuance [2013/10/08 07:19:39 | 000,000,000 | ---D | M] -- C:\Users\TT\AppData\Roaming\TeraCopy [2013/10/08 08:15:10 | 000,000,000 | ---D | M] -- C:\Users\TT\AppData\Roaming\Zeon [2014/01/13 08:57:49 | 000,000,000 | ---D | M] -- C:\Users\Work\AppData\Roaming\ControlCenter4 [2014/01/13 08:57:54 | 000,000,000 | ---D | M] -- C:\Users\Work\AppData\Roaming\IObit [2014/01/13 09:00:45 | 000,000,000 | ---D | M] -- C:\Users\Work\AppData\Roaming\SPSSInc ========== Purity Check ========== ========== Files - Unicode (All) ========== [2013/11/25 01:01:10 | 442,453,349 | ---- | M] ()(C:\Users\MT\Documents\SAINT☆YOUNG MEN THE MOVIEEiga Saint☆Oniisan映画 聖☆おにいさん 「聖☆おにいさん ネ申話 ?降臨前夜?」 (BD 1280x720 x264 AAC 中国語字幕).mp4) -- C:\Users\MT\Documents\SAINT☆YOUNG MEN THE MOVIEEiga Saint☆Oniisan映画 聖☆おにいさん 「聖☆おにいさん ネ申話 〜降臨前夜〜」 (BD 1280x720 x264 AAC 中国語字幕).mp4 [2013/11/25 00:55:17 | 442,453,349 | ---- | C] ()(C:\Users\MT\Documents\SAINT☆YOUNG MEN THE MOVIEEiga Saint☆Oniisan映画 聖☆おにいさん 「聖☆おにいさん ネ申話 ?降臨前夜?」 (BD 1280x720 x264 AAC 中国語字幕).mp4) -- C:\Users\MT\Documents\SAINT☆YOUNG MEN THE MOVIEEiga Saint☆Oniisan映画 聖☆おにいさん 「聖☆おにいさん ネ申話 〜降臨前夜〜」 (BD 1280x720 x264 AAC 中国語字幕).mp4 < End of report >
  12. IE is still redirecting to Yahoo with a check after the OTL run.
  13. All processes killed ========== OTL ========== HKU\S-1-5-21-825749163-974839105-3472330399-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\ascsurfingprotection@iobit.com\chrome\content folder moved successfully. C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\ascsurfingprotection@iobit.com\chrome folder moved successfully. C:\Users\MT\AppData\Roaming\Mozilla\Firefox\Profiles\ezz5bz6n.default\extensions\ascsurfingprotection@iobit.com folder moved successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ deleted successfully. C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll moved successfully. C:\Users\MT\AppData\Roaming\uTorrent\updates folder moved successfully. C:\Users\MT\AppData\Roaming\uTorrent\share folder moved successfully. C:\Users\MT\AppData\Roaming\uTorrent\ie folder moved successfully. C:\Users\MT\AppData\Roaming\uTorrent\dlimagecache folder moved successfully. C:\Users\MT\AppData\Roaming\uTorrent\apps folder moved successfully. C:\Users\MT\AppData\Roaming\uTorrent folder moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\MT\Desktop\Logs\cmd.bat deleted successfully. C:\Users\MT\Desktop\Logs\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: AdMin ->Temp folder emptied: 4786586 bytes ->Temporary Internet Files folder emptied: 64985118 bytes ->Flash cache emptied: 42424 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 57472 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: MT ->Temp folder emptied: 1115889 bytes ->Temporary Internet Files folder emptied: 12811254 bytes ->Java cache emptied: 42293 bytes ->FireFox cache emptied: 379222121 bytes ->Google Chrome cache emptied: 14044730 bytes ->Flash cache emptied: 73131 bytes User: Public User: TT ->Temp folder emptied: 595921 bytes ->Temporary Internet Files folder emptied: 128 bytes ->Java cache emptied: 49090 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 57983 bytes User: Work ->Temp folder emptied: 789390 bytes ->Temporary Internet Files folder emptied: 7198691 bytes ->Flash cache emptied: 57547 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 994314 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42240976 bytes RecycleBin emptied: 717109287 bytes Total Files Cleaned = 1,189.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01242014_212814 Files\Folders moved on Reboot... C:\Users\MT\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\MT\AppData\Local\Temp\MMDUtl.log moved successfully. C:\Users\MT\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  14. Extras.txt OTL Extras logfile created on: 1/22/2014 12:46:40 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MT\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.86 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 47.19% Memory free 9.63 Gb Paging File | 7.43 Gb Available in Paging File | 77.12% Paging File free Paging file location(s): c:\pagefile.sys 5920 5920 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 447.66 Gb Total Space | 336.28 Gb Free Space | 75.12% Space Free | Partition Type: NTFS Computer Name: ASPIRE5755-9401 | User Name: MT | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-825749163-974839105-3472330399-1004\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files (x86)\File Type Helper\FileTypeHelper.exe "%1" Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files (x86)\File Type Helper\FileTypeHelper.exe "%1" Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{27DBA220-9122-476B-B4AF-21BE0B96DE71}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe | "{4296F753-A53E-47FB-8CF8-2A187EA38CFA}" = rport=445 | protocol=6 | dir=out | app=system | "{527BF00E-F5C6-46B5-80AF-92FEF8750E58}" = rport=137 | protocol=17 | dir=out | app=system | "{618274DA-4BB2-47F3-B619-6E0E52467D0E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{61838BBC-7166-4F8B-8470-DE6075F63508}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{6A4D7EB5-2CB3-42E9-8541-9208C3911024}" = lport=137 | protocol=17 | dir=in | app=system | "{7514E482-B479-4D8F-B5DC-02E42D7AF6B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{76C7F152-A783-4288-B58C-51CA0F7FA246}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{7D911053-BE63-41DE-AA19-1108DE01AC9B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{81AD360E-816B-4658-AEEA-DF62C013A4F2}" = rport=10243 | protocol=6 | dir=out | app=system | "{83651B15-88AE-4B56-9B7B-84FF10BDE76E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8879D10C-9206-464C-BDC0-63FF19A7E88B}" = rport=139 | protocol=6 | dir=out | app=system | "{9280B1D8-039A-4222-9A63-A59B3E42AEBA}" = lport=445 | protocol=6 | dir=in | app=system | "{96B8D625-EEB4-4C8D-B7FC-06CD7C5D4AA8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{A7C8B67A-674D-4557-804C-0B6A8CFED7D6}" = rport=138 | protocol=17 | dir=out | app=system | "{AB7276B5-355B-4AB8-A889-386DF9252B82}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B1FEA02E-AD54-488F-A4BD-12AD394B12DB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B91C8AEB-7497-457C-8545-E5F2348BEF37}" = lport=2869 | protocol=6 | dir=in | app=system | "{C375A13D-8311-4DD7-A567-5EC3D63D7918}" = lport=139 | protocol=6 | dir=in | app=system | "{C8BF8E3C-E25C-4502-AD93-D665A5596FD8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{D3A6B657-3951-42FC-B594-44DA0392DA17}" = lport=138 | protocol=17 | dir=in | app=system | "{D8EC3F43-1FFB-46FD-A27D-0121BFBB3296}" = lport=10243 | protocol=6 | dir=in | app=system | "{D99A53DA-F2E3-4FB3-BC80-5529034C41A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DD415292-6900-4A47-9E99-5B7FE54EBC71}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | "{F747A27D-6326-42C1-99C0-90E2890650D8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{15462950-B164-4CA2-86F9-DA0AA3B8DFCC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{164CCA09-39A4-4CF3-ABCA-E6AB9525FD4C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{1AEB288A-B780-4D0D-978F-4F358EA437C5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | "{1AF60F84-9B7C-4F89-9686-28D306BFA705}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{1C0DBD59-D40C-45C0-97D2-F6AFF1CD28C0}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{1F3B538D-3D50-4D0C-BF9D-3499B9378E4A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | "{2097B56B-D93D-4FA0-98C9-275DCF51D798}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{23F15CB6-CB8B-4C6A-9A2F-20F0C18AE6F8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{27DC5022-FD18-4F2A-995B-DD43202CD9F1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{27DD7C63-441D-4429-A6B3-1FD98895A3DC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{287B5FE3-1602-4285-8BE4-2272F1FE022E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{29CA7291-B6A7-417C-B7DE-BE553E7E5D6E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | "{2E9880EB-5E74-45F0-9E30-4132C16E43C7}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | "{314716B8-122B-42BD-8E37-4E3BC117E97B}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe | "{3334006E-04B8-4A6E-8325-C2E64ABB3A9A}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{35FD00D7-4DC9-46EC-ACB9-C7991B0D490F}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe | "{3D9EB480-1D38-45F7-8B03-C26C73CEDD95}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{40D92468-0419-47C8-8B68-E3AB99F3F458}" = protocol=6 | dir=out | app=system | "{42B713FD-52EE-4DBF-B1A3-A4473D1951CC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4520CBB9-F5A9-4645-BDE9-A65C09CB6C20}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{505DB397-FE61-43D5-A2DF-7085BB4CF7BF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{53FBBF7D-95FF-4376-A7CB-E426483E9A3B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{577D64B1-C453-4575-92DA-0450B1BB5320}" = protocol=17 | dir=in | app=c:\users\mt\appdata\roaming\utorrent\utorrent.exe | "{6343150F-E36E-4D9A-B81B-6CC8849D99D9}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{7FDFFA98-1A35-4AC6-A538-843EF9E51980}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{867BE5DC-1FB1-4781-845F-62CE4A5C35B5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{882EE9C6-207F-40C8-8C0C-64F2A6AAD24A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{89AA6A7F-3857-4856-A86F-79C2A8C914D1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{904D29CE-0011-4E80-BA67-915D04BA9B03}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | "{9487C9C4-E1A1-4771-BF95-BE53CD992C85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{97F75185-3A84-459C-B07B-1CD257F576DB}" = protocol=6 | dir=in | app=c:\users\mt\appdata\roaming\utorrent\utorrent.exe | "{9A4FA2D5-48DB-45AA-A207-FB04B06033C6}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{9DFDDF22-FE30-4B87-93FF-3CD667F924DD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{A5884C01-683A-44D7-B254-77D1DF81A89F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{A5ABD09A-F2F5-4B32-B99D-CE6C3A25E2FF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{A7B4E5D0-4499-44D1-86BE-8B468AAEE276}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{A9F7607E-F604-4E07-A36F-1DEBDF58158E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AD639B34-4C96-40EB-B964-3497FB6AE893}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B01C1C90-2B56-484E-8442-D5109F0F8ACD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{B0B6CC60-6D34-4849-96EB-B8140C3C774B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{B0CD2A7D-0FA9-4E72-80ED-9D396E7B3F16}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{B76F1F44-3518-477F-A5AE-70E82A056E98}" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "{BB07C6D4-2186-4250-8A93-D9787C775B02}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BF7A9A4B-37F6-446C-8478-62D2C62F404A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{BFB9ADC5-C3A1-4AFC-8E4D-7BCDCC154829}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C1CDAB75-77EC-4DD1-9B5E-29CEE7C2CE8A}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | "{C22FA43E-724D-47D5-A354-5D2A825DE658}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{C2B7D509-9402-41A9-9D48-4CD88E5A162D}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe | "{C304FB7A-3643-4075-9F4B-9492940EA5F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CB69EE29-55AC-49B2-A30B-D3AE7E1CDF28}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | "{CBB0B887-71B3-4BD7-8071-ACE025A2F98A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D0E826C7-AA0B-4459-B0B1-9765AC55C5FF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{DAB1E255-2EB7-4B42-948D-EA689E09CC58}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "{DD24A5A9-0294-4661-A2CB-57411F537835}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | "{E0A69DFE-EC46-462D-9D7F-D43AB3C7C6DB}" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "{E9DB3E1D-4219-4085-B8FC-8F08E62A5F0D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{EC08510F-5B03-4A41-B924-382732EA3E9B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F5B5107E-2777-444A-A028-B66189114C58}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{FEB9E829-D080-4138-B9E0-528D4573C320}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit) "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display "{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel® PROSet/Wireless WiFi Software "{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer "{5208CEC4-308D-44C0-BFEA-FE9D32B043F5}" = CypherGuard Browser for x64 "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013 "{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013 "{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013 "{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013 "{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013 "{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013 "{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English "{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français "{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español "{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013 "{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013 "{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013 "{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013 "{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013 "{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013 "{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013 "{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013 "{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013 "{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013 "{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013 "{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013 "{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013 "{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B220B4C6-869C-4081-AC6D-1A65FFCF874F}" = CypherGuard for Movie x64 Edition "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0 "{BB19952F-77FE-4877-A570-79C150EE6CE4}" = CypherGuard for PDF x64 Edition "{C624E231-8799-43A9-B8C5-FE3FDD2B318B}" = DLsite Viewer 64bit Edition "{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E11448F2-0B44-4239-B04E-D88FE743E929}" = Officejet J4500 Series "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer "CCleaner" = CCleaner "Elantech" = ETDWare PS/2-X64 8.0.6.3_WHQL "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Office15.PROPLUSR" = Microsoft Office Professional Plus 2013 "ProInst" = Intel PROSet Wireless "Shop for HP Supplies" = Shop for HP Supplies [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3 "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{104875A1-D083-4A34-BC4F-3F635B7F8EF7}" = IBM SPSS Statistics 22 "{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = clear.fi "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi "{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51 "{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus "{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33F7A957-A66D-45A1-BADF-6576083B14E2}" = RPGツクール2000 ランタイムパッケージ "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite DCP-7065DN "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer "{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11 "{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12 "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7682DFED-23C6-44C9-B9FD-109E0B630277}" = Secure Download Manager "{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel® WiDi "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi "{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2 "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BD7825E5-6B37-4514-B470-C9E5C9E05B89}_is1" = UVa Network Setup Tool version 2.1.0.0 "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E86B07AE-9F94-44D5-AD47-DC2716EA90D2}" = Secure Download Manager "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500 "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9 "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "Advanced SystemCare 7_is1" = Advanced SystemCare 7 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2013-10-17 "Driver Booster_is1" = Driver Booster "Identity Card" = Identity Card "ImgBurn" = ImgBurn "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam "InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi "InstallShield_{5208CEC4-308D-44C0-BFEA-FE9D32B043F5}" = CypherGuard Browser for x64 "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{B220B4C6-869C-4081-AC6D-1A65FFCF874F}" = CypherGuard for Movie x64 Edition "InstallShield_{BB19952F-77FE-4877-A570-79C150EE6CE4}" = CypherGuard for PDF x64 Edition "InstallShield_{C624E231-8799-43A9-B8C5-FE3FDD2B318B}" = DLsite Viewer 64bit Edition "InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9 "IObit Malware Fighter_is1" = IObit Malware Fighter "IObit Surfing Protection_is1" = Surfing Protection "IObitUninstall" = IObit Uninstaller "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "NIS" = Norton Internet Security "ProInst" = Intel PROSet Wireless "Revo Uninstaller" = Revo Uninstaller 1.95 "Smart Defrag 2_is1" = Smart Defrag 2 "WildTangent acer Master Uninstall" = Acer Games "Winamp" = Winamp "WinCDEmu" = WinCDEmu "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 5.00 (32-bit) "WTA-0ffc9fa0-fbc2-464b-a6bb-f1e43d3be4a6" = Penguins! "WTA-1c5bb5fc-0928-422f-a4d5-d24444c34970" = Bejeweled 2 Deluxe "WTA-5d0c63a0-ef1d-4bd7-91ef-b3789c3a74a7" = FATE: The Cursed King "WTA-76c6c72d-70e0-474c-a7ba-342259050e1f" = Plants vs. Zombies - Game of the Year "WTA-7ebbfa45-efc5-4b21-a6b1-71c8a2e695db" = Torchlight "WTA-84f6763d-870d-4f78-94a6-60481fe04f58" = Build-a-lot 4 - Power Source "WTA-892d759d-bed4-4e11-88cb-13f70c1e8106" = Jewel Match 3 "WTA-8a42c684-e050-4dd7-8c7e-34bfbc19c209" = Zuma's Revenge "WTA-8d8c4623-9157-42b4-8dab-42bd7479bf4c" = Virtual Villagers 5 - New Believers "WTA-919fac9d-a111-46f8-b113-9edf165b3041" = Cradle of Rome 2 "WTA-9ac53bad-5b7a-4112-915d-4938ede47fde" = Agatha Christie - Death on the Nile "WTA-aa9f3e87-47e7-45b9-8fc9-0aea69610ff8" = Chronicles of Albian "WTA-ab14a37b-3ffd-45e4-8d7a-e98d4abe8739" = Governor of Poker 2 Premium Edition "WTA-bde235a6-dac3-4910-ba23-367eefb10d2a" = Chuzzle Deluxe "WTA-c37c081b-135d-4e0b-9e26-02b3816ae160" = Dora's World Adventure "WTA-c84ddb2b-3203-4b61-b270-0f8d6e280c53" = Mystery of Mortlake Mansion "WTA-cf2713c3-d71d-4625-88e4-decbfd25ff46" = Polar Golfer "WTA-dfb4cfa0-1b02-4261-93c5-9619074e4849" = Final Drive: Nitro "WTA-f459d33e-848f-41e0-aa29-f01a5207df3f" = Polar Bowler ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-825749163-974839105-3472330399-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Amazon Kindle" = Amazon Kindle "UnityWebPlayer" = Unity Web Player "Winamp Detect" = Winamp Detector Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 1/20/2014 1:04:38 PM | Computer Name = Aspire5755-9401 | Source = WinMgmt | ID = 10 Description = Error - 1/22/2014 1:14:18 AM | Computer Name = Aspire5755-9401 | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 1/20/2014 1:15:57 PM | Computer Name = Aspire5755-9401 | Source = Service Control Manager | ID = 7034 Description = The LiveUpdate service terminated unexpectedly. It has done this 1 time(s). Error - 1/22/2014 1:12:23 AM | Computer Name = Aspire5755-9401 | Source = DCOM | ID = 10010 Description = Error - 1/22/2014 1:45:40 AM | Computer Name = Aspire5755-9401 | Source = Service Control Manager | ID = 7034 Description = The LiveUpdate service terminated unexpectedly. It has done this 1 time(s). < End of report >
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.