Jump to content

Conduit Hijack


Recommended Posts

Hi, I've been looking everywhere, and I couldn't figure out how to get rid of this virus. I was hoping you guys could help me.

I was on a website I accidentally clicked the wrong link and downloaded a vGrabber toolbar, because I thought it was going to be the LoL replay grabber. Needless to say, it wasn't. I uninstalled it using "Change/Remove Programs", but now every time I open one of my browsers up I'm taken to this Conduit/Bing homepage. No matter what I have tried, I can't get rid of it. So far, I tried (using Chrome):

1. Changing the homepage manually.

2. Going to "Manage Search Engines" and deleting everything except Google.

3. Using the Malwarebytes program (obviously) to do a:

- Quick Scan: 4 items detected, all removed. I restarted and it was still there.

- Full Scan: 10 items detected, 1 removed (the rest were my own local host files I recognized). It was still there when I restarted.

- Flash Scan: Nothing.

So what is my next step? I attached the DDS.txt file, and I have the Attach too, if you need it.

DDS.txt

Link to post
Share on other sites

Hello Frizz and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

OTL.txt:

OTL logfile created on: 7/13/2012 3:25:13 PM - Run 2

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Kevin\Documents

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 3.83 Gb Available Physical Memory | 64.86% Memory free

11.82 Gb Paging File | 9.44 Gb Available in Paging File | 79.90% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 682.10 Gb Total Space | 461.77 Gb Free Space | 67.70% Space Free | Partition Type: NTFS

Drive D: | 481.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 3.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive G: | 29.71 Gb Total Space | 10.02 Gb Free Space | 33.73% Space Free | Partition Type: FAT32

Computer Name: NOAH-PC | User Name: Kevin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kevin\Documents\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()

PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe ()

PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)

PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

PRC - C:\Oracle\product\10.2.0\client_2\bin\omtsreco.exe (Oracle Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()

MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()

MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()

MOD - C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe ()

MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)

SRV:64bit: - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)

SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)

SRV:64bit: - (ZcfgSvc7) Intel® -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe (Intel® Corporation)

SRV:64bit: - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()

SRV:64bit: - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)

SRV:64bit: - (DMAgent) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.)

SRV:64bit: - (WiMAXAppSrv) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Intel® Corporation)

SRV:64bit: - (BTHSSecurityMgr) Intel® Centrino® Wireless Bluetooth® -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)

SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)

SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)

SRV:64bit: - (ipsecd) -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe ()

SRV:64bit: - (dtpd) -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe ()

SRV:64bit: - (iked) -- C:\Program Files\ShrewSoft\VPN Client\iked.exe ()

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (cphs) Intel® -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (TMachInfo) -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)

SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)

SRV - (NWVZHelper) -- C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe (Novatel Wireless Inc.)

SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (OracleMTSRecoveryService) -- C:\oracle\product\10.2.0\client_2\bin\omtsreco.exe (Oracle Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)

DRV:64bit: - (Hfsplus) -- C:\Windows\SysNative\drivers\hfsplus.sys (Paragon Software Group)

DRV:64bit: - (gpt_loader) -- C:\Windows\SysNative\drivers\gpt_loader.sys (Paragon Software Group)

DRV:64bit: - (apmwin) -- C:\Windows\SysNative\drivers\apmwin.sys (Paragon Software Group)

DRV:64bit: - (mounthlp) -- C:\Windows\SysNative\drivers\mounthlp.sys (Paragon Software Group)

DRV:64bit: - (HfsplusRec) -- C:\Windows\SysNative\drivers\hfsplusrec.sys (Paragon Software Group)

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)

DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)

DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)

DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)

DRV:64bit: - (S3XXx64) -- C:\Windows\SysNative\drivers\S3XXx64.sys (SCM Microsystems Inc.)

DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (NETwNs64) ___ Intel® -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)

DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)

DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)

DRV:64bit: - (bpmp) Intel® Centrino® -- C:\Windows\SysNative\drivers\bpmp.sys (Intel Corporation)

DRV:64bit: - (bpusb) Intel® Centrino® -- C:\Windows\SysNative\drivers\bpusb.sys (Intel Corporation)

DRV:64bit: - (bpenum) Intel® Centrino® -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation)

DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)

DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (vflt) -- C:\Windows\SysNative\drivers\vfilter.sys (Shrew Soft Inc)

DRV:64bit: - (vnet) -- C:\Windows\SysNative\drivers\virtualnet.sys (Shrew Soft Inc)

DRV:64bit: - (NWADI) -- C:\Windows\SysNative\drivers\NWADIenum.sys (Novatel Wireless Inc)

DRV:64bit: - (NWUSBPort2_000) Novatel Wireless USB Status2 Port Driver (vGEN) -- C:\Windows\SysNative\drivers\nwusbser2_000.sys (Novatel Wireless Inc.)

DRV:64bit: - (NWUSBPort_000) Novatel Wireless USB Status Port Driver (vGEN) -- C:\Windows\SysNative\drivers\nwusbser_000.sys (Novatel Wireless Inc.)

DRV:64bit: - (NWUSBModem_000) Novatel Wireless USB Modem Driver (vGEN) -- C:\Windows\SysNative\drivers\nwusbmdm_000.sys (Novatel Wireless Inc.)

DRV:64bit: - (NWUSBCDFIL64) -- C:\Windows\SysNative\drivers\NwUsbCdFil64.sys (Novatel Wireless Inc.)

DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)

DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)

DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)

DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)

DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)

DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)

DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys (eMPIA Technology, Inc.)

DRV:64bit: - (DCamUSBEMPIA) -- C:\Windows\SysNative\drivers\emDevice64.sys (eMPIA Technology, Inc.)

DRV:64bit: - (FiltUSBEMPIA) -- C:\Windows\SysNative\drivers\emFilter64.sys (eMPIA Technology, Inc.)

DRV:64bit: - (ScanUSBEMPIA) -- C:\Windows\SysNative\drivers\emScan64.sys (eMPIA Technology, Inc.)

DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)

DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9

IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3131886

IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\..\URLSearchHook: {f9bbf004-6e40-4019-8214-c43a37e1d058} - No CLSID value found

IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\..\SearchScopes,DefaultScope = {0B5C8144-2011-4033-83C2-3472F45DEF5A}

IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\..\SearchScopes\{0B5C8144-2011-4033-83C2-3472F45DEF5A}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO

IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\..\SearchScopes\{54D00635-2CA6-423F-9F16-8ACD826BDD1B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9

IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\..\SearchScopes\{A0A7F0A7-4198-4191-8EFE-F1A09EC229ED}: "URL" = http://delicious.com/search?p={searchTerms}

IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\..\SearchScopes\{D190853F-CD24-4999-A2F5-E50191AD085C}: "URL" = http://www.flickr.com/search/?q={searchTerms}

IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.0.4:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.selectedEngine: ""

FF - prefs.js..network.proxy.ftp: "173.13.175.17"

FF - prefs.js..network.proxy.ftp_port: 8080

FF - prefs.js..network.proxy.http: "173.13.175.17"

FF - prefs.js..network.proxy.http_port: 8080

FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1"

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "173.13.175.17"

FF - prefs.js..network.proxy.socks_port: 8080

FF - prefs.js..network.proxy.ssl: "173.13.175.17"

FF - prefs.js..network.proxy.ssl_port: 8080

FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kevin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/15 12:00:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/10 11:22:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/30 23:59:12 | 000,000,000 | ---D | M]

[2011/12/21 11:03:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions

[2012/07/12 15:19:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions

[2012/04/06 16:41:25 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}

[2012/07/12 13:26:20 | 000,000,000 | ---D | M] (Vgrabber1) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}

[2012/02/04 13:24:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/02/04 13:24:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2012/07/02 15:49:00 | 000,102,890 | ---- | M] () (No name found) -- C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HRJX8RR.DEFAULT\EXTENSIONS\FBPHOTOZOOM@INSTALLDADDY.COM.XPI

[2012/01/13 13:16:43 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/12/16 18:20:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/12/16 18:20:10 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: https://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: https://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll

CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll

CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll

CHR - plugin: Unity Player (Enabled) = C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Kevin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: Gmail = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/12/20 20:41:40 | 000,000,841 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 192.168.0.4 lap4

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll File not found

O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll File not found

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll File not found

O4:64bit: - HKLM..\Run: [] File not found

O4:64bit: - HKLM..\Run: [apmwinapp] C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.0\apmwinsrv.exe ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [intelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [intelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()

O4 - HKLM..\Run: [HFS Activator] C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.0\activation\hfsactivator.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000..\Run: [AdobeBridge] File not found

O4 - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000..\Run: [Facebook Update] C:\Users\Kevin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bronico.local

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35571C5B-AA0B-41A5-8DEA-637A3FEBE7C5}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AFF932F-85E1-45B9-ABB3-4985EF28A5F8}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3B877E8-FF17-4C08-9EC4-4D3A4C99D179}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/04/27 16:09:58 | 000,000,143 | R--- | M] () - D:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2007/04/19 16:57:31 | 000,000,086 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]

O32 - AutoRun File - [2008/08/05 08:58:42 | 000,000,000 | ---D | M] - F:\Autoplay -- [ CDFS ]

O32 - AutoRun File - [2007/01/22 22:57:44 | 000,186,552 | R--- | M] (Adobe Systems Incorporated) - F:\Autoplay.exe -- [ CDFS ]

O33 - MountPoints2\{34f3533c-3dd8-11e1-97d9-b870f4cd9133}\Shell - "" = AutoRun

O33 - MountPoints2\{34f3533c-3dd8-11e1-97d9-b870f4cd9133}\Shell\AutoRun\command - "" = E:\iStudio.exe

O33 - MountPoints2\{520e4040-cfec-11e0-9125-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{520e4040-cfec-11e0-9125-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup\rsrc\AUTORUN.EXE -- [2000/01/17 09:28:36 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <skrueger@installsite.org>)

O33 - MountPoints2\{520e4040-cfec-11e0-9125-806e6f6e6963}\Shell\dinstall\command - "" = D:\DirectX\dxsetup.exe -- [2003/08/18 17:15:00 | 000,467,456 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\{57284aa7-ef92-11e0-bdef-b870f4cd9133}\Shell - "" = AutoRun

O33 - MountPoints2\{57284aa7-ef92-11e0-bdef-b870f4cd9133}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect

O33 - MountPoints2\{57284ac4-ef92-11e0-bdef-b870f4cd9133}\Shell - "" = AutoRun

O33 - MountPoints2\{57284ac4-ef92-11e0-bdef-b870f4cd9133}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect

O33 - MountPoints2\{aada953d-eeea-11e0-a646-b870f4cd9133}\Shell - "" = AutoRun

O33 - MountPoints2\{aada953d-eeea-11e0-a646-b870f4cd9133}\Shell\AutoRun\command - "" = F:\Autoplay.exe -- [2007/01/22 22:57:44 | 000,186,552 | R--- | M] (Adobe Systems Incorporated)

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/13 06:39:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/07/13 06:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/07/13 06:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/07/13 06:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012/07/12 22:34:49 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Kevin\Desktop\dds.com

[2012/07/12 22:33:52 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Kevin\Documents\dds.com

[2012/07/12 19:36:31 | 000,000,000 | ---D | C] -- C:\windows\Prefetch

[2012/07/12 19:20:49 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes

[2012/07/12 19:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/12 19:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/07/12 19:20:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/07/12 19:20:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/07/12 19:19:00 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Kevin\Documents\mbam-setup-1.62.0.1300.exe

[2012/07/12 19:14:28 | 000,000,000 | ---D | C] -- C:\Riot Games

[2012/07/12 19:14:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games

[2012/07/12 17:13:29 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Chromium

[2012/07/12 16:57:14 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Ubisoft Game Launcher

[2012/07/12 16:57:08 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Might & Magic Heroes VI

[2012/07/12 16:57:08 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Might & Magic Heroes VI

[2012/07/12 16:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft

[2012/07/12 15:59:04 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Documents\OTL.exe

[2012/07/12 15:20:06 | 000,000,000 | ---D | C] -- C:\windows\SysNative\appmgmt

[2012/07/12 13:26:26 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\CRE

[2012/07/12 13:26:10 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Conduit

[2012/07/10 21:19:03 | 000,000,000 | ---D | C] -- C:\Users\Kevin\riotsGamesLogs

[2012/07/10 21:18:26 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\LolClient

[2012/07/09 16:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Doom 3

[2012/07/09 16:12:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOOM 3

[2012/07/09 09:32:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LOL

[2012/07/09 09:32:06 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\PMB Files

[2012/07/08 20:57:16 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

[2012/07/08 20:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

[2012/07/08 20:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam

[2012/07/08 20:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam

[2012/06/17 20:19:49 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Pinnacle Studio

[2012/06/17 20:19:41 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Pinnacle

[2012/06/17 20:17:33 | 000,215,808 | ---- | C] (eMPIA Technology, Inc.) -- C:\windows\SysNative\drivers\emDevice64.sys

[2012/06/17 20:17:33 | 000,070,656 | ---- | C] (Pinnacle Systems) -- C:\windows\SysNative\PCLECoInst64.dll

[2012/06/17 20:17:33 | 000,057,344 | ---- | C] (eMPIA Technology, Inc.) -- C:\windows\SysWow64\emVFW.dll

[2012/06/17 20:17:33 | 000,032,768 | ---- | C] (eMPIA Technology, Inc.) -- C:\windows\SysWow64\emProp.ax

[2012/06/17 20:17:33 | 000,013,824 | ---- | C] (eMPIA Technology, Inc.) -- C:\windows\SysNative\emUSD64.dll

[2012/06/17 20:17:33 | 000,006,400 | ---- | C] (eMPIA Technology, Inc.) -- C:\windows\SysNative\drivers\emFilter64.sys

[2012/06/17 20:17:33 | 000,006,144 | ---- | C] (eMPIA Technology, Inc.) -- C:\windows\SysNative\drivers\emScan64.sys

[2012/06/17 20:17:23 | 000,079,872 | ---- | C] (eMPIA Technology, Inc.) -- C:\windows\SysNative\drivers\emAudio64.sys

[2012/06/17 20:16:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Pinnacle

[2012/06/17 20:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio HD

[2012/06/17 20:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 15

[2012/06/17 20:14:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Projects

[2012/06/17 20:08:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Pegasus Imaging

[2012/06/17 20:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Yahoo!

[2012/06/17 20:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Studio 15

[2012/06/17 20:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Plus

[2012/06/17 20:08:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle

[2012/06/17 20:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pinnacle

[2012/06/17 19:58:05 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{B67244FB-3554-41E1-B42A-D9AF0B3D44F2}

[2012/06/17 19:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle

[2012/06/16 01:49:00 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1

[2012/06/16 01:47:37 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Wacom

[2012/06/16 01:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Wacom

[2012/06/16 01:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo Dock

[2012/06/16 01:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bamboo Dock

[2012/06/16 01:46:20 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/13 15:31:01 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/13 13:13:02 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3374679522-1588394677-3506598666-1000UA.job

[2012/07/13 12:10:59 | 000,030,288 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/13 12:10:57 | 000,030,288 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/12 22:34:50 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Kevin\Desktop\dds.com

[2012/07/12 22:33:52 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Kevin\Documents\dds.com

[2012/07/12 22:30:31 | 000,862,134 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/07/12 22:30:31 | 000,718,296 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/07/12 22:30:31 | 000,144,284 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/07/12 22:26:41 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/12 22:26:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/07/12 22:25:52 | 463,486,975 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/12 19:20:21 | 000,001,148 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2012/07/12 19:20:03 | 000,001,731 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk

[2012/07/12 19:18:58 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Kevin\Documents\mbam-setup-1.62.0.1300.exe

[2012/07/12 19:13:19 | 002,353,512 | ---- | M] () -- C:\Users\Kevin\Documents\LeagueofLegends.exe

[2012/07/12 16:13:09 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3374679522-1588394677-3506598666-1000Core.job

[2012/07/12 15:58:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Documents\OTL.exe

[2012/07/12 13:26:37 | 000,000,009 | ---- | M] () -- C:\END

[2012/07/11 03:28:11 | 005,284,560 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/07/10 16:48:01 | 000,133,199 | ---- | M] () -- C:\Users\Kevin\Documents\3rtkB.jpg

[2012/07/10 12:08:35 | 000,137,102 | ---- | M] () -- C:\Users\Kevin\Documents\1oMZ0.jpg

[2012/07/10 11:45:13 | 000,656,125 | ---- | M] () -- C:\Users\Kevin\Documents\kd9cL.jpg

[2012/07/10 11:06:01 | 000,071,059 | ---- | M] () -- C:\Users\Kevin\Documents\lK7l4.jpg

[2012/07/09 16:34:13 | 000,000,343 | ---- | M] () -- C:\windows\doom3.ini

[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/07/01 02:13:35 | 000,029,321 | ---- | M] () -- C:\Users\Kevin\Documents\ftas3.jpg

[2012/06/30 00:04:11 | 000,013,395 | ---- | M] () -- C:\Users\Kevin\Documents\img_1932_pete-burns-monroe-megamix.jpg

[2012/06/27 13:45:54 | 000,223,987 | ---- | M] () -- C:\Users\Kevin\Documents\2H51l.jpg

[2012/06/18 23:16:09 | 000,649,218 | ---- | M] () -- C:\Users\Kevin\Documents\MZh36.jpg

[2012/06/17 22:42:19 | 000,002,826 | ---- | M] () -- C:\Users\Kevin\Documents\My Movie.wlmp

[2012/06/17 20:19:55 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/12 19:20:21 | 000,001,148 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2012/07/12 19:20:03 | 000,001,731 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk

[2012/07/12 19:13:23 | 002,353,512 | ---- | C] () -- C:\Users\Kevin\Documents\LeagueofLegends.exe

[2012/07/12 13:26:37 | 000,000,009 | ---- | C] () -- C:\END

[2012/07/10 16:48:02 | 000,133,199 | ---- | C] () -- C:\Users\Kevin\Documents\3rtkB.jpg

[2012/07/10 12:08:37 | 000,137,102 | ---- | C] () -- C:\Users\Kevin\Documents\1oMZ0.jpg

[2012/07/10 11:45:15 | 000,656,125 | ---- | C] () -- C:\Users\Kevin\Documents\kd9cL.jpg

[2012/07/10 11:06:03 | 000,071,059 | ---- | C] () -- C:\Users\Kevin\Documents\lK7l4.jpg

[2012/07/09 16:34:13 | 000,000,343 | ---- | C] () -- C:\windows\doom3.ini

[2012/07/01 02:13:40 | 000,029,321 | ---- | C] () -- C:\Users\Kevin\Documents\ftas3.jpg

[2012/06/30 00:04:13 | 000,013,395 | ---- | C] () -- C:\Users\Kevin\Documents\img_1932_pete-burns-monroe-megamix.jpg

[2012/06/27 13:45:55 | 000,223,987 | ---- | C] () -- C:\Users\Kevin\Documents\2H51l.jpg

[2012/06/18 23:16:13 | 000,649,218 | ---- | C] () -- C:\Users\Kevin\Documents\MZh36.jpg

[2012/06/17 22:42:19 | 000,002,826 | ---- | C] () -- C:\Users\Kevin\Documents\My Movie.wlmp

[2012/06/17 20:06:54 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI

[2012/06/16 01:46:13 | 000,000,488 | ---- | C] () -- C:\windows\SysNative\PenTouchTabletUserDefaults.xml

[2012/06/16 01:46:13 | 000,000,488 | ---- | C] () -- C:\windows\SysNative\PenTabletUserDefaults.xml

[2012/05/18 14:49:45 | 000,002,958 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2012/03/19 16:31:16 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin

[2012/03/19 16:31:16 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

[2012/03/19 16:25:58 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll

[2012/03/19 15:21:14 | 013,212,672 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll

[2012/01/27 10:21:26 | 000,000,093 | ---- | C] () -- C:\Users\Kevin\AppData\Local\fusioncache.dat

[2011/10/05 14:06:41 | 000,000,306 | ---- | C] () -- C:\windows\ODBC.INI

[2011/10/05 13:31:13 | 002,463,976 | ---- | C] () -- C:\windows\SysWow64\NPSWF32.dll

[2011/10/04 23:25:20 | 000,876,284 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011/10/04 16:03:31 | 000,000,017 | ---- | C] () -- C:\Users\Kevin\AppData\Local\resmon.resmoncfg

[2011/06/27 09:53:58 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

[2011/02/03 19:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== LOP Check ==========

[2012/05/22 13:46:28 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012/03/26 01:16:16 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\cYo

[2012/01/15 22:17:22 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DAEMON Tools Lite

[2012/04/28 11:06:41 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\e-academy Inc

[2012/07/10 21:18:26 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\LolClient

[2012/07/12 17:15:45 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Might & Magic Heroes VI

[2012/01/15 22:07:35 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\OpenCandy

[2012/02/04 13:27:11 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\OpenOffice.org

[2012/05/22 14:44:47 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\PACE Anti-Piracy

[2012/05/22 14:44:19 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\PDAppFlex

[2012/05/11 22:19:51 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\SystemRequirementsLab

[2012/01/29 23:34:58 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Tomato

[2011/10/04 15:16:31 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Toshiba

[2012/04/14 09:15:45 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Unity

[2012/06/16 01:47:37 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Wacom

[2012/06/16 01:49:00 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1

[2011/10/03 20:13:41 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\WinBatch

[2012/06/19 20:04:09 | 000,000,000 | ---D | M] -- C:\Users\nbrown\AppData\Roaming\Wacom

[2012/07/12 16:13:09 | 000,000,906 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3374679522-1588394677-3506598666-1000Core.job

[2012/07/13 13:13:02 | 000,000,928 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3374679522-1588394677-3506598666-1000UA.job

[2009/07/13 22:08:49 | 000,027,944 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 987 bytes -> C:\Users\Kevin\AppData\Local\Temp:WQm3W4gQjjrpxnCmNtOxCHQ

< End of report >

Link to post
Share on other sites

It didn't give me another Extra.txt file, but here's one from yesterday:

OTL Extras logfile created on: 7/12/2012 4:00:27 PM - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Kevin\Documents

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 2.92 Gb Available Physical Memory | 49.45% Memory free

11.82 Gb Paging File | 9.13 Gb Available in Paging File | 77.26% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 682.10 Gb Total Space | 464.33 Gb Free Space | 68.07% Space Free | Partition Type: NTFS

Drive D: | 481.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 3.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive G: | 29.71 Gb Total Space | 10.02 Gb Free Space | 33.73% Space Free | Partition Type: FAT32

Computer Name: NOAH-PC | User Name: Kevin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DefaultOutboundAction" = 0

"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{029D2556-5D0A-4B67-9AF1-297F4E8EC543}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

"{08DFACE4-41A8-4162-9C9B-963C1E98F9F0}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\vdsldr.exe |

"{0962D587-BCFF-4E90-8932-07D2A4C778F6}" = lport=445 | protocol=6 | dir=in | app=system |

"{097B1BE4-65BE-4D44-98A8-84ED67A74E87}" = lport=1701 | protocol=17 | dir=in | app=system |

"{09B97A80-926E-4794-BA99-EF6690166DD4}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{0FB7EFF9-CA9A-4AF2-9C17-9740D36EE606}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |

"{11162CD2-6611-4AC4-9196-443A576DE7C9}" = rport=137 | protocol=17 | dir=out | app=system |

"{11A73ADD-56D9-4688-A936-D9F892EEFDB9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{17C8FB58-0DE1-41E8-BF71-DE139C7413B8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{1A019CD2-C9DE-4594-B8F8-08AF7E0C4894}" = lport=445 | protocol=6 | dir=in | app=system |

"{1B02E55B-679C-4DC6-82D8-733759AC384A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2032A664-3EFF-499C-8D13-DABF19446FF4}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=%systemroot%\system32\svchost.exe |

"{2353D78C-B860-4B40-8ED4-81D5F0CA48F5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |

"{2A4F7BA1-9CBC-4560-82D2-45DCB1B26C50}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2AB5B9CD-C207-4E86-8217-EA158089F143}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{2D3CD326-1490-4F16-95AF-AFD6855DC5A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{3113EE66-E70B-431B-A65E-6008F42F7633}" = lport=58075 | protocol=17 | dir=in | name=pando media booster |

"{3542BC25-B542-4D19-B419-A6E3AE036770}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

"{355A3779-DB9C-4958-BB9F-6D3CDD4EC921}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{3D10595A-3B05-4710-89B1-94A4F5E7A8D2}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |

"{4684AAEE-4C6E-4C9D-B0E9-3D517D44652C}" = lport=rpc | protocol=6 | dir=in | app=%systemroot%\system32\services.exe |

"{535F77FE-8452-4B0D-AFBE-FA8957CD572B}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=%systemroot%\system32\svchost.exe |

"{542C33FC-70C8-442C-96DE-9F21D1AA8657}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{54DD3AA8-B2AB-4283-B306-01B0F75AC098}" = lport=1723 | protocol=6 | dir=in | app=system |

"{567CB5DA-C7EC-4843-B8FB-B782F65E2FDA}" = lport=5358 | protocol=6 | dir=in | app=system |

"{5769985C-FFAB-4298-B5C6-4973D1788A48}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{5AB4226B-279C-4663-A960-07FC655AB7B6}" = rport=5358 | protocol=6 | dir=out | app=system |

"{5C5EBC3A-7BC3-4219-A2AA-66E24E5771C2}" = lport=58075 | protocol=6 | dir=in | name=pando media booster |

"{5F551BB0-19C6-4B0E-BAF7-A2E6406B30BE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{66A82F63-4ABE-4423-B417-3C375CE4BA4F}" = lport=138 | protocol=17 | dir=in | app=system |

"{700021A2-772B-4DC6-A504-14651E7F4024}" = lport=58075 | protocol=17 | dir=in | name=pando media booster |

"{719C0858-6DA2-4932-9058-135CF8CBFF06}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |

"{73FE6410-2867-48C6-832B-77D88F24CC1C}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=%systemroot%\system32\vds.exe |

"{7735BD5F-D60F-40D9-9561-E0409C81CE85}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{799D3701-3988-4688-ADCC-F07739F0A889}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |

"{7A718203-8B89-4719-8E07-B0E414B46E00}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=%systemroot%\system32\svchost.exe |

"{7B6C4688-7D84-42A8-8212-8CFAC2D5CD8D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{7D0EDCB4-CFC3-4CD1-9B22-B09ABB860311}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

"{7D4C7CDF-5B01-450E-8906-16FF25AB2DB5}" = rport=1723 | protocol=6 | dir=out | app=system |

"{7DADD087-DD77-4E89-B154-DA2AF04B15DD}" = lport=445 | protocol=6 | dir=in | app=system |

"{7EBB5A44-2745-4689-A1EC-D2121571AE46}" = lport=10245 | protocol=6 | dir=in | app=system |

"{7F5BF22E-F752-4C4D-93C7-C5EF8C1E729A}" = lport=10243 | protocol=6 | dir=in | app=system |

"{7FFAAF36-6B0C-48A7-83E2-A810D86698AD}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |

"{86414951-DA5C-4E1E-AFF5-6CF3C3025B9D}" = lport=2869 | protocol=6 | dir=in | app=system |

"{8756041B-855C-4B9F-964C-CC6F1BC80199}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |

"{87A2EDB2-5847-4CB8-BC5F-6266DFDDF796}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{890F917F-4419-4B46-9631-12F7578923D0}" = lport=58075 | protocol=6 | dir=in | name=pando media booster |

"{8B820580-3542-4820-B91D-7BE5C2145D77}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{8C2FF94A-94C9-4FE7-98B2-A88DC8DDBA03}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{90FB08D5-3A29-49BC-B6DB-CB823834CEC3}" = lport=445 | protocol=6 | dir=in | app=system |

"{9444316B-8D8B-424F-BB10-BAF81001B98F}" = lport=137 | protocol=17 | dir=in | app=system |

"{A033D410-8786-4C2A-BEEE-A16284D468B8}" = lport=5357 | protocol=6 | dir=in | app=system |

"{A9B2D2AB-9E57-4CDB-90D9-0A0DBD9DDBAA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |

"{ABB0238F-3883-4FAA-BCC9-732BBB09612E}" = rport=138 | protocol=17 | dir=out | app=system |

"{B7CAF3E7-2736-446C-89EE-DD6C8EA5938F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{B9ED1AD3-55AE-4E20-B1EE-40954C7E81E5}" = lport=2869 | protocol=6 | dir=in | app=system |

"{BE1D997F-5001-4FBB-8EC6-7B24C09CE0DD}" = lport=5985 | protocol=6 | dir=in | app=system |

"{C14640C9-F485-4A68-B3AC-B7DBEBDBB8E2}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=%systemroot%\system32\snmptrap.exe |

"{C395F953-6A7D-4510-BADC-58F84EB0D3B4}" = rport=10243 | protocol=6 | dir=out | app=system |

"{C4BCD089-0889-4B34-A4BB-64590AD13ABC}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |

"{C6EDA355-09D7-4662-9B57-09ACBC73F48C}" = lport=139 | protocol=6 | dir=in | app=system |

"{C7126056-1ABB-47E6-A72D-B93595FC71C0}" = lport=443 | protocol=6 | dir=in | app=system |

"{CA920600-5C10-4E62-9DE3-4BF1F5C36594}" = rport=5357 | protocol=6 | dir=out | app=system |

"{CC9BAB67-067C-4E5A-BB5F-31A34AA0B22F}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |

"{D1CC2C35-7883-4B52-9190-F980BA3835B1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{D3FCA967-C524-47F4-B33D-5EF17539E236}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{D4302EFF-CE53-4EDB-965D-D52CCF4AE54F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D5260769-F474-43C2-A681-CE17D3DEAC6B}" = rport=1701 | protocol=17 | dir=out | app=system |

"{D89DC074-6508-45FB-90C8-8742B7244094}" = lport=3390 | protocol=6 | dir=in | app=system |

"{DAD7337B-616A-48E8-9E0A-3D30CD3FEE73}" = rport=139 | protocol=6 | dir=out | app=system |

"{DE814DD0-F87E-4CD5-B804-10BD7E09D17B}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E6D3792E-6D26-4689-97B1-A7704F0E31DD}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |

"{E84AF35C-5003-40ED-839D-B4370DC16385}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{EEE980C7-4EE8-42CA-8471-79593DAA250B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F0958548-A163-4D58-AC39-7B92571246FF}" = lport=80 | protocol=6 | dir=in | app=system |

"{F16A10FD-4725-4D3F-8B31-C29A699BE124}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F1D7B7FB-D3E7-4E5D-96D8-F147E3CDA882}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=%systemroot%\system32\svchost.exe |

"{F26A5047-4D5B-4692-B80B-5DA95FFF4135}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F38560C1-464B-43F3-BCAF-38D3172731AA}" = lport=10244 | protocol=6 | dir=in | app=system |

"{F3C29135-C230-4B3A-8F85-BFB9496BF6EB}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

"{F3F2F9C1-C2FA-4709-B8FA-F7AF95695978}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |

"{F552DDC8-7235-45DD-B580-748BB5D61E66}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F625DBFC-2AF1-4165-9C29-5A320F4903EF}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F659A93D-DD18-4973-A487-8A8A3AD48F67}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{FA02B32C-8A28-478E-B387-E556FB97291B}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00B567C5-484F-41B5-B2D0-DFF5A95FAC01}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |

"{02CB3A72-572F-4362-BF9D-A11F68A20460}" = dir=in | app=c:\users\kevin\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{0475A1FA-469D-44BF-81F5-71B7A7A1D949}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{04C4733A-61A3-409E-9CD1-1D426DAA23F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{0784B393-C879-4C5D-97CD-F99105E0821F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{0B4EB71D-285A-4B5B-842D-859C918A7EB9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{0CAD28E3-C433-4724-BFEF-12A6A01A2ECA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{0DF8D3EE-1633-4525-AEC2-55B8BF8D7E71}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\umi.exe |

"{19F84514-A028-4798-B61A-B58A5BC5409D}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\studio.exe |

"{214D694A-BE20-476B-A046-3643A51739BC}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{2150404F-C2E7-47FA-8FD0-7874F23F2D28}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{225F1140-0A4E-42F6-9109-A7E7195621BF}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |

"{25BA01FC-A004-4622-86AB-C4EC40F8F41B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{297D4AC3-AB8F-4E98-9047-DD997C2CFC49}" = protocol=6 | dir=in | app=%systemroot%\system32\plasrv.exe |

"{2AC7ECB6-C948-4B6E-A366-7D7E7B8AEE27}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{2C3BED8E-2403-4E82-A40F-8275AA3831DF}" = protocol=6 | dir=out | app=system |

"{2C5A495E-5E0C-4861-8B12-DED812517CF3}" = protocol=47 | dir=in | app=system |

"{2FD598E4-9723-4615-8225-B6CA085815D1}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{3115E775-E493-492C-B743-BF08FB9BD301}" = protocol=6 | dir=out | app=%systemroot%\system32\msdtc.exe |

"{3611A74F-CA2A-4760-AE39-DBCC6ABC1110}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |

"{368010D8-05C8-4E8C-BC57-F82B5BF36647}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{385D5795-9DAE-44E1-A137-C6914BCED8F0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |

"{3D7CE23C-2976-4F3A-94C4-95E5FC1F9D4D}" = protocol=6 | dir=in | app=%systemroot%\system32\wbem\unsecapp.exe |

"{3F31BAE5-631E-405C-B2E8-00A813DEDCD4}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |

"{44A7D10A-8276-49AA-BB0A-DDB8FF3A5CC7}" = protocol=17 | dir=in | app=c:\program files (x86)\3do\heroes3\online\autorun.exe |

"{4A69AEDF-7231-4C47-8220-37D2BB679912}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |

"{4B346B03-A3EF-40F8-9214-F877CB3FEFCE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{4E593487-7508-41A6-99E5-C6235DF04C6B}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |

"{5179A232-14DA-49E7-A20B-DA42160A8CB0}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |

"{54119BDC-D310-4EB5-8E4A-4373AE0F3E43}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{55969917-241E-4D8B-9EE6-B6A92F807431}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{58526C44-CA19-40BC-960E-A2DB0B34B15D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{5BEFF63F-5771-4B4F-861F-72FD21FC0077}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{5FE99FFD-2904-45AF-AD61-67F3117DAD00}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{6127C6A0-272F-4188-9D84-94B1D3258BCE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{62D38A48-019A-4BEA-B42D-9DB995FDC867}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{631DF802-B3E3-4C2C-9ED2-FBFB5FB89BB5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{65BF99E9-E15F-4361-8188-79071030CE67}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{6D8BFD6E-490A-4A30-914C-E5220F937355}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{6DFAF3AB-94AF-4CF6-8DEC-6DAAD55CD4B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{6F24F02F-DA0D-430E-A98E-4805FA0340B4}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |

"{6FEFC3B5-6307-451D-BFD0-8C37C294FF92}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{70F43087-6D5B-4F89-BF04-A387340CD01B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{751A82A8-C366-49CC-B397-3D50665E8DBC}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\umi.exe |

"{79A6FFCE-13AC-478A-8764-8F57684FCEB2}" = protocol=47 | dir=out | app=system |

"{7B005B7C-FAAF-4F73-80A6-6631E93B3834}" = protocol=6 | dir=out | svc=msiscsi | app=%systemroot%\system32\svchost.exe |

"{7FCD4511-2207-4B12-9979-8D06219358F9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{80B791DD-1272-4662-AB10-72B582EA1CE7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{83A79E28-8AE0-4CC1-BD5F-812A6BE762BB}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |

"{84ABDBF8-2C30-480B-9E03-7881779A0C55}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{8594A79F-A713-4039-9C4C-FE240A7FBB17}" = protocol=6 | dir=in | app=c:\program files (x86)\3do\heroes3\online\autorun.exe |

"{8672AF69-9C2C-4180-A972-F89D88E6895D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{89D5A426-D814-4450-B532-826684C29815}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |

"{8AFEFC56-630D-491E-B8D4-DE6F80F3C788}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{8B92033C-E7B8-4002-B198-2A27390393A1}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |

"{8EE403A4-5887-48C9-B54A-E5C874222727}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{8F51CF2E-BA14-4443-96DE-2FE755290C1F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{8F90B346-B309-4168-A752-8DDF11F416C7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |

"{8FF197F4-2B7D-452C-B48A-814902B3C5EE}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\rm.exe |

"{9665CB42-F836-409C-8F6C-FB54B3206298}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |

"{A585CE6A-3BD3-4088-B8E2-C39894819AF6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{AC132F53-C43B-4C51-AE08-D4F93E7E30AD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{AD411390-AD4C-40CE-9E5F-A157E6AF6640}" = protocol=6 | dir=in | svc=winmgmt | app=%systemroot%\system32\svchost.exe |

"{B415E8AA-C4EC-4E92-A9A7-51C53A2C9C22}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\rm.exe |

"{BAAD872F-DA03-48CE-84F5-E7D9A7BB18AC}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |

"{BF4C6330-06B7-4910-A8AC-83C6A1C873DC}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |

"{BF9AB5A1-1D22-463D-ACD4-DF0DDBF7707D}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |

"{C17EBBD3-3C0E-4F45-91F1-693FE099D101}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{C1CDF7B0-F2BF-4D8F-B64C-F8341F1C7637}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |

"{C1E58453-B3E2-4E3D-8184-8D632C03AF63}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{C38E7476-0BB1-466F-AA35-6C7D5C893C8D}" = protocol=6 | dir=in | svc=msiscsi | app=%systemroot%\system32\svchost.exe |

"{C7E4D4EC-0C68-4BF3-86A4-FCF60A4126D0}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{CA0DA5B0-77FE-42A1-8A08-D69EB4DBB40C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{CA5CADA1-48A1-4EB8-8A62-58B1775C2CB0}" = protocol=6 | dir=in | app=%systemroot%\system32\msdtc.exe |

"{CB5418CB-C864-455D-9C0C-5D08E7C977B8}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |

"{CCD874C6-E456-4F32-9F0E-9C98639E8CBD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{D7B807FC-4E52-4646-B1B3-CA2EF16B7135}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe |

"{D8DD99FF-2602-4307-B890-C85040B0F4B3}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{D91ED229-95CA-47EE-99EE-3800D1C93923}" = protocol=6 | dir=out | svc=winmgmt | app=%systemroot%\system32\svchost.exe |

"{DCD2E020-8FAA-4812-94A8-F733FF9D5DFF}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |

"{DFD1BB29-9383-4698-BCA2-2BE940D7C860}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |

"{E0119316-D4EB-4F97-BB7F-5A4BC59968E4}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |

"{E480DD88-650C-4E3C-8042-6C994798E918}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{E5B4826F-B3BE-4F41-8379-6EBE6966CEB7}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{E662C56D-8701-4088-AF02-812A26A8F208}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{E6639F73-F0FC-44D3-9798-33CC256D6B68}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{EC721082-D4DF-4CB1-B18A-F8189B083911}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{F2C9BC11-5B57-4E3F-A903-70FCD7795EF9}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{F6AC9D15-807B-4A09-BECD-994428E24D85}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\might and magic heroes vi\might & magic heroes vi.exe |

"{F7A4A0DF-9EE2-45CF-94B0-DDA17576FEE5}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |

"{F7C74C60-71EA-4462-B4FF-A19DE70891B4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |

"{F920B696-4049-48A7-A4A5-0F5BF97DA9D2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{F9A386FC-7D07-4EFD-88F7-B25CA9C15D2B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{F9EFF210-A162-42B4-810C-04E9B6BFA361}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{FAC442D0-04B7-4925-9CED-0B24471458E4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{FC493035-79C3-41CB-BB7D-399627E2704F}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |

"{FC65A05A-4E90-45F7-8E2E-A1A09FB59964}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\studio.exe |

"{FDAC7C07-C1C9-41FC-BE41-BDF85D12E228}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |

"{FEC148C5-A934-49CD-A59B-F154635924E3}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"TCP Query User{00135903-58D5-4C44-A63A-3FB92627BA34}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe |

"TCP Query User{1A4EED05-C1BE-40C0-BBF3-B06D4CA3B7EE}C:\users\kevin\desktop\downloader_diablo2_lord_of_destruction_enus.exe" = protocol=6 | dir=in | app=c:\users\kevin\desktop\downloader_diablo2_lord_of_destruction_enus.exe |

"TCP Query User{2F5361C2-CC14-4118-A934-7D6D3ADDF870}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe |

"TCP Query User{36DDFD29-CD46-4A71-A6BB-B51AE7F0D655}C:\program files (x86)\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo ii\game.exe |

"TCP Query User{3DD21A66-AFC7-4987-ADE4-314D5F1E2D73}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |

"TCP Query User{552CE12A-5CED-4B29-AC40-E6E79CD7B986}C:\users\kevin\desktop\downloader_diablo2_enus.exe" = protocol=6 | dir=in | app=c:\users\kevin\desktop\downloader_diablo2_enus.exe |

"TCP Query User{583A8D8A-41F1-4F36-AC47-28A0A5F8E052}C:\program files (x86)\steam\steamapps\freakyfrizb\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\freakyfrizb\team fortress 2\hl2.exe |

"TCP Query User{85B33FEB-F2EF-4AA6-9DB9-962FEA1E1B0F}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |

"TCP Query User{D029B6DD-4393-4B35-90BF-3B04E20726C5}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |

"TCP Query User{F0BB088B-0847-4D27-A79C-A6AF0114D856}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"TCP Query User{FEDF8561-3AFA-4F51-9A8D-1FE9657F7237}C:\users\kevin\downloads\ghostplusplus_17.1\ghost\ghost.exe" = protocol=6 | dir=in | app=c:\users\kevin\downloads\ghostplusplus_17.1\ghost\ghost.exe |

"UDP Query User{253032D9-3480-4FE2-B4D9-232F37933C8F}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |

"UDP Query User{2C716882-CA0C-4FA0-9881-8F51F2472ABE}C:\program files (x86)\steam\steamapps\freakyfrizb\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\freakyfrizb\team fortress 2\hl2.exe |

"UDP Query User{38DA4ADE-D7C1-45CC-89CE-3C9DC936AEAF}C:\users\kevin\downloads\ghostplusplus_17.1\ghost\ghost.exe" = protocol=17 | dir=in | app=c:\users\kevin\downloads\ghostplusplus_17.1\ghost\ghost.exe |

"UDP Query User{43D9E548-C7A8-4C56-8DCB-2B65BCE8524E}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe |

"UDP Query User{4656FD0E-68CB-43C0-A62E-F2A93A06DAE6}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |

"UDP Query User{50ECDD4D-325D-4038-9131-047650BCD170}C:\users\kevin\desktop\downloader_diablo2_lord_of_destruction_enus.exe" = protocol=17 | dir=in | app=c:\users\kevin\desktop\downloader_diablo2_lord_of_destruction_enus.exe |

"UDP Query User{70CA3A4A-3F32-4376-A5F7-8F18C87A80B1}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe |

"UDP Query User{8593F1B2-4432-46F8-8ED6-828F4A7A065D}C:\program files (x86)\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo ii\game.exe |

"UDP Query User{8F1AA68F-0951-4976-9272-C6DFF3F74161}C:\users\kevin\desktop\downloader_diablo2_enus.exe" = protocol=17 | dir=in | app=c:\users\kevin\desktop\downloader_diablo2_enus.exe |

"UDP Query User{930F3A73-97E5-4BAE-BE89-E7E985899BA7}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"UDP Query User{DD44EF4E-579C-418C-988D-3E6C352F6790}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)

"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series" = Canon MX340 series MP Drivers

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219

"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)

"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel® PROSet/Wireless WiFi Software

"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display

"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools

"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{59D3F691-179D-4E52-832C-D22B81541AC5}" = Microsoft SQL Server 2008 Setup Support Files

"{5C1DA3D9-F590-4317-A4FB-274F658E504B}" = Intel® PROSet/Wireless WiMAX Software

"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools

"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English

"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense

"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes

"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU

"{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1

"{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)

"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU

"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"ComicRack" = ComicRack v0.9.153

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1

"Microsoft Security Client" = Microsoft Security Essentials

"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU

"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU

"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"Pen Tablet Driver" = Bamboo

"ProInst" = Intel PROSet Wireless

"Shrew Soft VPN Client" = Shrew Soft VPN Client

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools

"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1

"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"{1362E602-9625-42D3-B57F-CDA9D26F9DA8}" = Pinnacle Studio 15

"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph

"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver

"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java 6 Update 22

"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java 6 Update 29

"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU

"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder

"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{3AF8C37F-696E-871C-0851-CDE980FD665E}" = Bamboo Dock

"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup

"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005

"{456534C0-51E7-11DF-B336-005056C00008}" = Paragon HFS+ for Windows™ 9.0

"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration

"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD

"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6A1F4E2C-D10A-411B-A95C-EC6D38066DA7}" = WCF RIA Services V1.0 SP2

"{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3

"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files

"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash

"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC

"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools

"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects

"{780F9A1C-6BFE-4691-83A9-095D859E3052}" = VZAccess Manager

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project

"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3

"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159

"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles

"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime

"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection

"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_PRJSTDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_VISSTDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_PRJSTDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_VISSTDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}_PRJSTDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}_VISSTDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007

"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007

"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_PRJSTDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_VISSTDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_PRJSTDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_VISSTDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007

"{90120000-0054-0409-0000-0000000FF1CE}_VISSTDR_{7DA87C7E-E8A7-473E-ADFF-1B6BECCCADA7}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}_PRJSTDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}_VISSTDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007

"{90120000-00B4-0409-0000-0000000FF1CE}_PRJSTDR_{F3CD3F3F-726C-4414-A1FE-5CD0968313EA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}_PRJSTDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}_VISSTDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_PRJSTDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_VISSTDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91120000-003A-0000-0000-0000000FF1CE}" = Microsoft Office Project Standard 2007

"{91120000-003A-0000-0000-0000000FF1CE}_PRJSTDR_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}" = Microsoft Office Project 2007 Service Pack 3 (SP3)

"{91120000-0053-0000-0000-0000000FF1CE}" = Microsoft Office Visio Standard 2007

"{91120000-0053-0000-0000-0000000FF1CE}_VISSTDR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant

"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI

"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4

"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator

"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3

"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework

"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C40ECA0A-90C4-4B11-A28D-0F81A99C5A74}" = ActiveReports for .NET 3.0

"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3

"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C7EA29FC-78F2-4680-9D9B-22CA8191E63C}" = Microsoft Visual SourceSafe 2005 - ENU

"{CAC2CF93-B532-4A88-81FE-110750C3E4BA}" = Verizon Wireless USB760 Firmware Updates

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3

"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU

"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1

"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2

"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3

"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F19553C5-F843-4C27-BF9F-9DE4D901B895}" = Verizon Mobile Broadband Drivers

"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in

"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari

"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app

"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI

"7-Zip" = 7-Zip 9.22beta

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection

"ASIO4ALL" = ASIO4ALL

"Bamboo Dock" = Bamboo Dock

"bc8a6440-918f-11dd-ad8b-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.17.01.801

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"Diablo II" = Diablo II

"Diablo III" = Diablo III

"Diablo III Beta" = Diablo III Beta

"FL Studio 9" = FL Studio 9

"Google Chrome" = Google Chrome

"Hardcore" = Hardcore

"Heroes of Might and Magic® III" = Heroes of Might and Magic® III

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HyperCam 2" = HyperCam 2

"IL Download Manager" = IL Download Manager

"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3

"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)

"MagicDisc 2.7.106" = MagicDisc 2.7.106

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005

"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Microsoft Visual SourceSafe 2005 - ENU" = Microsoft Visual SourceSafe 2005 - ENU

"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime

"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU

"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU

"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1

"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools

"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)

"PoiZone" = PoiZone

"PRJSTDR" = Microsoft Office Project Standard 2007

"ProInst" = Intel PROSet Wireless

"RealPlayer 15.0" = RealPlayer

"Sawer" = Sawer

"Steam App 1250" = Killing Floor

"Steam App 440" = Team Fortress 2

"Steam App 48220" = Might & Magic ® Heroes ® VI

"Toxic Biohazard" = Toxic Biohazard

"UnityWebPlayer" = Unity Web Player

"VISSTDR" = Microsoft Office Visio Standard 2007

"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime

"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component

"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin

"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin

"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin

"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock

"Warcraft III" = Warcraft III

"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"ActiveReports for .NET 3.0" = ActiveReports for .NET 3.0

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 7/9/2012 4:18:12 PM | Computer Name = Noah-PC.bronico.local | Source = Application Error | ID = 1000

Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:

0x4febb13c Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4ff5e9c0 Exception code: 0xc0000005 Fault offset: 0x5b80e279 Faulting

process id: 0x2e48 Faulting application start time: 0x01cd5e0f2f96b73d Faulting application

path: c:\program files (x86)\steam\steamapps\freakyfrizb\team fortress 2\hl2.exe

Faulting

module path: filesystem_steam.dll Report Id: 34aab40b-ca03-11e1-9deb-b870f4cd9133

Error - 7/10/2012 4:08:05 AM | Computer Name = Noah-PC.bronico.local | Source = Google Update | ID = 20

Description =

Error - 7/10/2012 7:08:05 AM | Computer Name = Noah-PC.bronico.local | Source = Google Update | ID = 20

Description =

Error - 7/10/2012 10:08:05 AM | Computer Name = Noah-PC.bronico.local | Source = Google Update | ID = 20

Description =

Error - 7/11/2012 12:16:57 AM | Computer Name = Noah-PC.bronico.local | Source = Application Error | ID = 1000

Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:

0x4febb13c Faulting module name: filesystem_steam.dll_unloaded, version: 0.0.0.0,

time stamp: 0x4ffb6d06 Exception code: 0xc0000005 Fault offset: 0x6171e349 Faulting

process id: 0x1ae4 Faulting application start time: 0x01cd5f1af43f6eda Faulting application

path: c:\program files (x86)\steam\steamapps\freakyfrizb\team fortress 2\hl2.exe

Faulting

module path: filesystem_steam.dll Report Id: 408408e2-cb0f-11e1-9deb-b870f4cd9133

Error - 7/11/2012 6:02:31 AM | Computer Name = Noah-PC.bronico.local | Source = Windows Search Service | ID = 3007

Description =

Error - 7/11/2012 6:27:40 AM | Computer Name = Noah-PC.bronico.local | Source = WinMgmt | ID = 10

Description =

Error - 7/11/2012 6:56:12 AM | Computer Name = Noah-PC.bronico.local | Source = Microsoft-Windows-Defrag | ID = 257

Description =

Error - 7/12/2012 5:51:07 PM | Computer Name = Noah-PC.bronico.local | Source = TabletServicePen | ID = 1

Description =

Error - 7/12/2012 5:51:17 PM | Computer Name = Noah-PC.bronico.local | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 7/12/2012 6:26:47 AM | Computer Name = Noah-PC.bronico.local | Source = NETLOGON | ID = 5719

Description = This computer was not able to set up a secure session with a domain

controller

in domain BRONICO due to the following: %%1311 This may lead to authentication problems.

Make sure that this computer is connected to the network. If the problem persists,

please

contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller

for the specified domain, it sets up the secure session to the primary domain controller

emulator in the specified domain. Otherwise, this computer sets up the secure session

to any domain controller in the specified domain.

Error - 7/12/2012 7:43:29 AM | Computer Name = Noah-PC.bronico.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129

Description = The processing of Group Policy failed because of lack of network connectivity

to a domain controller. This may be a transient condition. A success message would

be generated once the machine gets connected to the domain controller and Group

Policy has succesfully processed. If you do not see a success message for several

hours, then contact your administrator.

Error - 7/12/2012 10:07:40 AM | Computer Name = Noah-PC.bronico.local | Source = Server | ID = 2505

Description = The server could not bind to the transport \Device\NetBT_Tcpip_{65A5D981-4B48-4A94-B5F8-090D129F493B}

because another computer on the network has the same name. The server could not

start.

Error - 7/12/2012 10:26:53 AM | Computer Name = Noah-PC.bronico.local | Source = NETLOGON | ID = 5719

Description = This computer was not able to set up a secure session with a domain

controller

in domain BRONICO due to the following: %%1311 This may lead to authentication problems.

Make sure that this computer is connected to the network. If the problem persists,

please

contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller

for the specified domain, it sets up the secure session to the primary domain controller

emulator in the specified domain. Otherwise, this computer sets up the secure session

to any domain controller in the specified domain.

Error - 7/12/2012 2:27:25 PM | Computer Name = Noah-PC.bronico.local | Source = NETLOGON | ID = 5719

Description = This computer was not able to set up a secure session with a domain

controller

in domain BRONICO due to the following: %%1311 This may lead to authentication problems.

Make sure that this computer is connected to the network. If the problem persists,

please

contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller

for the specified domain, it sets up the secure session to the primary domain controller

emulator in the specified domain. Otherwise, this computer sets up the secure session

to any domain controller in the specified domain.

Error - 7/12/2012 5:48:55 PM | Computer Name = Noah-PC.bronico.local | Source = DCOM | ID = 10010

Description =

Error - 7/12/2012 5:50:20 PM | Computer Name = Noah-PC.bronico.local | Source = NETLOGON | ID = 5719

Description = This computer was not able to set up a secure session with a domain

controller

in domain BRONICO due to the following: %%1311 This may lead to authentication problems.

Make sure that this computer is connected to the network. If the problem persists,

please

contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller

for the specified domain, it sets up the secure session to the primary domain controller

emulator in the specified domain. Otherwise, this computer sets up the secure session

to any domain controller in the specified domain.

Error - 7/12/2012 5:51:12 PM | Computer Name = Noah-PC.bronico.local | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

AppleMNT

Error - 7/12/2012 5:51:35 PM | Computer Name = Noah-PC.bronico.local | Source = DCOM | ID = 10016

Description =

Error - 7/12/2012 6:00:17 PM | Computer Name = Noah-PC.bronico.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129

Description = The processing of Group Policy failed because of lack of network connectivity

to a domain controller. This may be a transient condition. A success message would

be generated once the machine gets connected to the domain controller and Group

Policy has succesfully processed. If you do not see a success message for several

hours, then contact your administrator.

< End of report >

Link to post
Share on other sites

Step 1

Please uninstall the following application: IMinent Toolbar

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10&ctid=CT3131886
    IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\..\URLSearchHook: {f9bbf004-6e40-4019-8214-c43a37e1d058} - No CLSID value found
    IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\..\SearchScopes,DefaultScope = {0B5C8144-2011-4033-83C2-3472F45DEF5A}
    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.selectedEngine: ""
    O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll File not found
    O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll File not found
    O4:64bit: - HKLM..\Run: [] File not found
    [2012/07/12 13:26:26 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\CRE
    [2012/07/12 13:26:10 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Conduit
    @Alternate Data Stream - 987 bytes -> C:\Users\Kevin\AppData\Local\Temp:WQm3W4gQjjrpxnCmNtOxCHQ

    :files
    C:\Program Files (x86)\IMinent Toolbar
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

I couldn't find the option to uninstall the Iminent Toolbar anywhere. I looked in "Change/Remove Programs" and it wasn't there. I even searched it in my search bar and couldn't find it.

Regardless, I did what you told me to do in OTL. Here is the log.

All processes killed

========== OTL ==========

HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-3374679522-1588394677-3506598666-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f9bbf004-6e40-4019-8214-c43a37e1d058} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9bbf004-6e40-4019-8214-c43a37e1d058}\ not found.

HKEY_USERS\S-1-5-21-3374679522-1588394677-3506598666-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Prefs.js: "" removed from browser.search.defaultenginename

Prefs.js: "" removed from browser.search.selectedEngine

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\ deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-3374679522-1588394677-3506598666-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

C:\Users\Kevin\AppData\Local\CRE folder moved successfully.

C:\Users\Kevin\AppData\Local\Conduit folder moved successfully.

ADS C:\Users\Kevin\AppData\Local\Temp:WQm3W4gQjjrpxnCmNtOxCHQ deleted successfully.

========== FILES ==========

File\Folder C:\Program Files (x86)\IMinent Toolbar not found.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Kevin\Documents\cmd.bat deleted successfully.

C:\Users\Kevin\Documents\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: breeder

->Temp folder emptied: 50254 bytes

->Temporary Internet Files folder emptied: 93236 bytes

->Flash cache emptied: 56466 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 57482 bytes

->Flash cache emptied: 56466 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Kevin

->Temp folder emptied: 763628188 bytes

->Temporary Internet Files folder emptied: 87431829 bytes

->Java cache emptied: 18297878 bytes

->FireFox cache emptied: 150424107 bytes

->Google Chrome cache emptied: 377806865 bytes

->Apple Safari cache emptied: 8345600 bytes

->Flash cache emptied: 333772 bytes

User: nbrown

->Temp folder emptied: 4832820 bytes

->Temporary Internet Files folder emptied: 1798258 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 50887907 bytes

->Flash cache emptied: 56936 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 471238040 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 4091736 bytes

%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50199 bytes

RecycleBin emptied: 8112322951 bytes

Total Files Cleaned = 9,586.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.54.0 log created on 07142012_093331

Files\Folders moved on Reboot...

C:\Users\Kevin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

File C:\Users\Kevin\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

Okay. Thanks for being patient.

OTL logfile created on: 7/15/2012 12:10:16 PM - Run 3

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Kevin\Documents

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 3.02 Gb Available Physical Memory | 51.15% Memory free

11.82 Gb Paging File | 8.58 Gb Available in Paging File | 72.62% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 682.10 Gb Total Space | 474.62 Gb Free Space | 69.58% Space Free | Partition Type: NTFS

Drive D: | 481.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 3.31 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive G: | 29.71 Gb Total Space | 10.02 Gb Free Space | 33.73% Space Free | Partition Type: FAT32

Computer Name: NOAH-PC | User Name: Kevin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kevin\Documents\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe (Apple Inc.)

PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Apple Inc.)

PRC - C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)

PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

PRC - C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

PRC - C:\Oracle\product\10.2.0\client_2\bin\omtsreco.exe (Oracle Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\libglesv2.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\libegl.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\avutil-51.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\avformat-54.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll ()

MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()

MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()

MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (TabletServicePen) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)

SRV:64bit: - (TouchServicePen) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)

SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)

SRV:64bit: - (ZcfgSvc7) Intel® -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe (Intel® Corporation)

SRV:64bit: - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()

SRV:64bit: - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)

SRV:64bit: - (DMAgent) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.)

SRV:64bit: - (WiMAXAppSrv) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Intel® Corporation)

SRV:64bit: - (BTHSSecurityMgr) Intel® Centrino® Wireless Bluetooth® -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)

SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)

SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)

SRV:64bit: - (ipsecd) -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe ()

SRV:64bit: - (dtpd) -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe ()

SRV:64bit: - (iked) -- C:\Program Files\ShrewSoft\VPN Client\iked.exe ()

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (cphs) Intel® -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (TMachInfo) -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)

SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (NWVZHelper) -- C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe (Novatel Wireless Inc.)

SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (OracleMTSRecoveryService) -- C:\oracle\product\10.2.0\client_2\bin\omtsreco.exe (Oracle Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)

DRV:64bit: - (Hfsplus) -- C:\Windows\SysNative\drivers\hfsplus.sys (Paragon Software Group)

DRV:64bit: - (gpt_loader) -- C:\Windows\SysNative\drivers\gpt_loader.sys (Paragon Software Group)

DRV:64bit: - (apmwin) -- C:\Windows\SysNative\drivers\apmwin.sys (Paragon Software Group)

DRV:64bit: - (mounthlp) -- C:\Windows\SysNative\drivers\mounthlp.sys (Paragon Software Group)

DRV:64bit: - (HfsplusRec) -- C:\Windows\SysNative\drivers\hfsplusrec.sys (Paragon Software Group)

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)

DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)

DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)

DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)

DRV:64bit: - (S3XXx64) -- C:\Windows\SysNative\drivers\S3XXx64.sys (SCM Microsystems Inc.)

DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)

DRV:64bit: - (NETwNs64) ___ Intel® -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)

DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)

DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)

DRV:64bit: - (bpmp) Intel® Centrino® -- C:\Windows\SysNative\drivers\bpmp.sys (Intel Corporation)

DRV:64bit: - (bpusb) Intel® Centrino® -- C:\Windows\SysNative\drivers\bpusb.sys (Intel Corporation)

DRV:64bit: - (bpenum) Intel® Centrino® -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation)

DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)

DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (vflt) -- C:\Windows\SysNative\drivers\vfilter.sys (Shrew Soft Inc)

DRV:64bit: - (vnet) -- C:\Windows\SysNative\drivers\virtualnet.sys (Shrew Soft Inc)

DRV:64bit: - (NWADI) -- C:\Windows\SysNative\drivers\NWADIenum.sys (Novatel Wireless Inc)

DRV:64bit: - (NWUSBPort2_000) Novatel Wireless USB Status2 Port Driver (vGEN) -- C:\Windows\SysNative\drivers\nwusbser2_000.sys (Novatel Wireless Inc.)

DRV:64bit: - (NWUSBPort_000) Novatel Wireless USB Status Port Driver (vGEN) -- C:\Windows\SysNative\drivers\nwusbser_000.sys (Novatel Wireless Inc.)

DRV:64bit: - (NWUSBModem_000) Novatel Wireless USB Modem Driver (vGEN) -- C:\Windows\SysNative\drivers\nwusbmdm_000.sys (Novatel Wireless Inc.)

DRV:64bit: - (NWUSBCDFIL64) -- C:\Windows\SysNative\drivers\NwUsbCdFil64.sys (Novatel Wireless Inc.)

DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)

DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)

DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)

DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)

DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)

DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)

DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys (eMPIA Technology, Inc.)

DRV:64bit: - (DCamUSBEMPIA) -- C:\Windows\SysNative\drivers\emDevice64.sys (eMPIA Technology, Inc.)

DRV:64bit: - (FiltUSBEMPIA) -- C:\Windows\SysNative\drivers\emFilter64.sys (eMPIA Technology, Inc.)

DRV:64bit: - (ScanUSBEMPIA) -- C:\Windows\SysNative\drivers\emScan64.sys (eMPIA Technology, Inc.)

DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)

DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9

IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\..\SearchScopes\{0B5C8144-2011-4033-83C2-3472F45DEF5A}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO

IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\..\SearchScopes\{54D00635-2CA6-423F-9F16-8ACD826BDD1B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9

IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\..\SearchScopes\{A0A7F0A7-4198-4191-8EFE-F1A09EC229ED}: "URL" = http://delicious.com/search?p={searchTerms}

IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\..\SearchScopes\{D190853F-CD24-4999-A2F5-E50191AD085C}: "URL" = http://www.flickr.com/search/?q={searchTerms}

IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.0.4:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.selectedEngine: ""

FF - prefs.js..network.proxy.ftp: "173.13.175.17"

FF - prefs.js..network.proxy.ftp_port: 8080

FF - prefs.js..network.proxy.http: "173.13.175.17"

FF - prefs.js..network.proxy.http_port: 8080

FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1"

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "173.13.175.17"

FF - prefs.js..network.proxy.socks_port: 8080

FF - prefs.js..network.proxy.ssl: "173.13.175.17"

FF - prefs.js..network.proxy.ssl_port: 8080

FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kevin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/15 12:00:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/10 11:22:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/30 23:59:12 | 000,000,000 | ---D | M]

[2011/12/21 11:03:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions

[2012/07/12 15:19:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions

[2012/04/06 16:41:25 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}

[2012/07/12 13:26:20 | 000,000,000 | ---D | M] (Vgrabber1) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}

[2012/02/04 13:24:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/02/04 13:24:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2012/07/02 15:49:00 | 000,102,890 | ---- | M] () (No name found) -- C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0HRJX8RR.DEFAULT\EXTENSIONS\FBPHOTOZOOM@INSTALLDADDY.COM.XPI

[2012/01/13 13:16:43 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/12/16 18:20:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/12/16 18:20:10 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: https://www.google.com/

CHR - default_search_provider: google (Enabled)

CHR - default_search_provider: search_url = https://www.google.com/search.php?value={searchTerms}&search_type=title

CHR - default_search_provider: suggest_url =

CHR - homepage: https://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll

CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll

CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll

CHR - plugin: Unity Player (Enabled) = C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Kevin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: Gmail = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/12/20 20:41:40 | 000,000,841 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 192.168.0.4 lap4

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [apmwinapp] C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.0\apmwinsrv.exe ()

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [intelPROSet] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [intelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe ()

O4 - HKLM..\Run: [HFS Activator] C:\Program Files (x86)\Paragon Software\HFS+ for Windows 9.0\activation\hfsactivator.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000..\Run: [AdobeBridge] File not found

O4 - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000..\Run: [Facebook Update] C:\Users\Kevin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bronico.local

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35571C5B-AA0B-41A5-8DEA-637A3FEBE7C5}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AFF932F-85E1-45B9-ABB3-4985EF28A5F8}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3B877E8-FF17-4C08-9EC4-4D3A4C99D179}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/04/27 16:09:58 | 000,000,143 | R--- | M] () - D:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2007/04/19 16:57:31 | 000,000,086 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]

O32 - AutoRun File - [2008/08/05 08:58:42 | 000,000,000 | ---D | M] - F:\Autoplay -- [ CDFS ]

O32 - AutoRun File - [2007/01/22 22:57:44 | 000,186,552 | R--- | M] (Adobe Systems Incorporated) - F:\Autoplay.exe -- [ CDFS ]

O33 - MountPoints2\{34f3533c-3dd8-11e1-97d9-b870f4cd9133}\Shell - "" = AutoRun

O33 - MountPoints2\{34f3533c-3dd8-11e1-97d9-b870f4cd9133}\Shell\AutoRun\command - "" = E:\iStudio.exe

O33 - MountPoints2\{520e4040-cfec-11e0-9125-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{520e4040-cfec-11e0-9125-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup\rsrc\AUTORUN.EXE -- [2000/01/17 09:28:36 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <skrueger@installsite.org>)

O33 - MountPoints2\{520e4040-cfec-11e0-9125-806e6f6e6963}\Shell\dinstall\command - "" = D:\DirectX\dxsetup.exe -- [2003/08/18 17:15:00 | 000,467,456 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\{57284aa7-ef92-11e0-bdef-b870f4cd9133}\Shell - "" = AutoRun

O33 - MountPoints2\{57284aa7-ef92-11e0-bdef-b870f4cd9133}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect

O33 - MountPoints2\{57284ac4-ef92-11e0-bdef-b870f4cd9133}\Shell - "" = AutoRun

O33 - MountPoints2\{57284ac4-ef92-11e0-bdef-b870f4cd9133}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe /z detect

O33 - MountPoints2\{aada953d-eeea-11e0-a646-b870f4cd9133}\Shell - "" = AutoRun

O33 - MountPoints2\{aada953d-eeea-11e0-a646-b870f4cd9133}\Shell\AutoRun\command - "" = F:\Autoplay.exe -- [2007/01/22 22:57:44 | 000,186,552 | R--- | M] (Adobe Systems Incorporated)

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/14 09:33:31 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/07/13 06:39:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/07/13 06:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/07/13 06:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/07/13 06:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012/07/12 22:34:49 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Kevin\Desktop\dds.com

[2012/07/12 22:33:52 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Kevin\Documents\dds.com

[2012/07/12 19:36:31 | 000,000,000 | ---D | C] -- C:\windows\Prefetch

[2012/07/12 19:20:49 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes

[2012/07/12 19:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/12 19:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/07/12 19:20:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/07/12 19:20:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/07/12 19:19:00 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Kevin\Documents\mbam-setup-1.62.0.1300.exe

[2012/07/12 19:14:28 | 000,000,000 | ---D | C] -- C:\Riot Games

[2012/07/12 19:14:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games

[2012/07/12 17:13:29 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Chromium

[2012/07/12 16:57:14 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Ubisoft Game Launcher

[2012/07/12 16:57:08 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Might & Magic Heroes VI

[2012/07/12 16:57:08 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Might & Magic Heroes VI

[2012/07/12 16:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft

[2012/07/12 15:59:04 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Documents\OTL.exe

[2012/07/12 15:20:06 | 000,000,000 | ---D | C] -- C:\windows\SysNative\appmgmt

[2012/07/10 21:19:03 | 000,000,000 | ---D | C] -- C:\Users\Kevin\riotsGamesLogs

[2012/07/10 21:18:26 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\LolClient

[2012/07/09 16:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Doom 3

[2012/07/09 16:12:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOOM 3

[2012/07/09 09:32:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LOL

[2012/07/09 09:32:06 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\PMB Files

[2012/07/08 20:57:16 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

[2012/07/08 20:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

[2012/07/08 20:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam

[2012/07/08 20:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam

[2012/06/17 20:19:49 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Pinnacle Studio

[2012/06/17 20:19:41 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Pinnacle

[2012/06/17 20:17:33 | 000,215,808 | ---- | C] (eMPIA Technology, Inc.) -- C:\windows\SysNative\drivers\emDevice64.sys

[2012/06/17 20:17:33 | 000,070,656 | ---- | C] (Pinnacle Systems) -- C:\windows\SysNative\PCLECoInst64.dll

[2012/06/17 20:17:33 | 000,057,344 | ---- | C] (eMPIA Technology, Inc.) -- C:\windows\SysWow64\emVFW.dll

[2012/06/17 20:17:33 | 000,032,768 | ---- | C] (eMPIA Technology, Inc.) -- C:\windows\SysWow64\emProp.ax

[2012/06/17 20:17:33 | 000,013,824 | ---- | C] (eMPIA Technology, Inc.) -- C:\windows\SysNative\emUSD64.dll

[2012/06/17 20:17:33 | 000,006,400 | ---- | C] (eMPIA Technology, Inc.) -- C:\windows\SysNative\drivers\emFilter64.sys

[2012/06/17 20:17:33 | 000,006,144 | ---- | C] (eMPIA Technology, Inc.) -- C:\windows\SysNative\drivers\emScan64.sys

[2012/06/17 20:17:23 | 000,079,872 | ---- | C] (eMPIA Technology, Inc.) -- C:\windows\SysNative\drivers\emAudio64.sys

[2012/06/17 20:16:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Pinnacle

[2012/06/17 20:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio HD

[2012/06/17 20:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 15

[2012/06/17 20:14:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Projects

[2012/06/17 20:08:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Pegasus Imaging

[2012/06/17 20:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Yahoo!

[2012/06/17 20:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Studio 15

[2012/06/17 20:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle Studio Plus

[2012/06/17 20:08:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle

[2012/06/17 20:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pinnacle

[2012/06/17 19:58:05 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{B67244FB-3554-41E1-B42A-D9AF0B3D44F2}

[2012/06/17 19:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle

[2012/06/16 01:49:00 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1

[2012/06/16 01:47:37 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Wacom

[2012/06/16 01:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Wacom

[2012/06/16 01:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo Dock

[2012/06/16 01:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bamboo Dock

[2012/06/16 01:46:20 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo

========== Files - Modified Within 30 Days ==========

[2012/07/15 11:36:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/15 10:13:00 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3374679522-1588394677-3506598666-1000UA.job

[2012/07/15 08:36:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/14 16:13:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3374679522-1588394677-3506598666-1000Core.job

[2012/07/14 09:47:07 | 000,030,288 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/14 09:47:07 | 000,030,288 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/14 09:38:25 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/07/14 09:38:10 | 463,486,975 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/13 16:21:53 | 001,028,581 | ---- | M] () -- C:\Users\Kevin\Documents\Fvafs.gif

[2012/07/13 16:16:55 | 000,089,289 | ---- | M] () -- C:\Users\Kevin\Documents\tbyDN.jpg

[2012/07/12 22:34:50 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Kevin\Desktop\dds.com

[2012/07/12 22:33:52 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Kevin\Documents\dds.com

[2012/07/12 22:30:31 | 000,862,134 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/07/12 22:30:31 | 000,718,296 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/07/12 22:30:31 | 000,144,284 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/07/12 19:20:21 | 000,001,148 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2012/07/12 19:20:03 | 000,001,731 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk

[2012/07/12 19:18:58 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Kevin\Documents\mbam-setup-1.62.0.1300.exe

[2012/07/12 19:13:19 | 002,353,512 | ---- | M] () -- C:\Users\Kevin\Documents\LeagueofLegends.exe

[2012/07/12 15:58:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Documents\OTL.exe

[2012/07/12 13:26:37 | 000,000,009 | ---- | M] () -- C:\END

[2012/07/11 03:28:11 | 005,284,560 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/07/10 16:48:01 | 000,133,199 | ---- | M] () -- C:\Users\Kevin\Documents\3rtkB.jpg

[2012/07/10 12:08:35 | 000,137,102 | ---- | M] () -- C:\Users\Kevin\Documents\1oMZ0.jpg

[2012/07/10 11:45:13 | 000,656,125 | ---- | M] () -- C:\Users\Kevin\Documents\kd9cL.jpg

[2012/07/10 11:06:01 | 000,071,059 | ---- | M] () -- C:\Users\Kevin\Documents\lK7l4.jpg

[2012/07/09 16:34:13 | 000,000,343 | ---- | M] () -- C:\windows\doom3.ini

[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/07/01 02:13:35 | 000,029,321 | ---- | M] () -- C:\Users\Kevin\Documents\ftas3.jpg

[2012/06/30 00:04:11 | 000,013,395 | ---- | M] () -- C:\Users\Kevin\Documents\img_1932_pete-burns-monroe-megamix.jpg

[2012/06/27 13:45:54 | 000,223,987 | ---- | M] () -- C:\Users\Kevin\Documents\2H51l.jpg

[2012/06/18 23:16:09 | 000,649,218 | ---- | M] () -- C:\Users\Kevin\Documents\MZh36.jpg

[2012/06/17 22:42:19 | 000,002,826 | ---- | M] () -- C:\Users\Kevin\Documents\My Movie.wlmp

[2012/06/17 20:19:55 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI

========== Files Created - No Company Name ==========

[2012/07/13 16:21:55 | 001,028,581 | ---- | C] () -- C:\Users\Kevin\Documents\Fvafs.gif

[2012/07/13 16:16:57 | 000,089,289 | ---- | C] () -- C:\Users\Kevin\Documents\tbyDN.jpg

[2012/07/12 19:20:21 | 000,001,148 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2012/07/12 19:20:03 | 000,001,731 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk

[2012/07/12 19:13:23 | 002,353,512 | ---- | C] () -- C:\Users\Kevin\Documents\LeagueofLegends.exe

[2012/07/12 13:26:37 | 000,000,009 | ---- | C] () -- C:\END

[2012/07/10 16:48:02 | 000,133,199 | ---- | C] () -- C:\Users\Kevin\Documents\3rtkB.jpg

[2012/07/10 12:08:37 | 000,137,102 | ---- | C] () -- C:\Users\Kevin\Documents\1oMZ0.jpg

[2012/07/10 11:45:15 | 000,656,125 | ---- | C] () -- C:\Users\Kevin\Documents\kd9cL.jpg

[2012/07/10 11:06:03 | 000,071,059 | ---- | C] () -- C:\Users\Kevin\Documents\lK7l4.jpg

[2012/07/09 16:34:13 | 000,000,343 | ---- | C] () -- C:\windows\doom3.ini

[2012/07/01 02:13:40 | 000,029,321 | ---- | C] () -- C:\Users\Kevin\Documents\ftas3.jpg

[2012/06/30 00:04:13 | 000,013,395 | ---- | C] () -- C:\Users\Kevin\Documents\img_1932_pete-burns-monroe-megamix.jpg

[2012/06/27 13:45:55 | 000,223,987 | ---- | C] () -- C:\Users\Kevin\Documents\2H51l.jpg

[2012/06/18 23:16:13 | 000,649,218 | ---- | C] () -- C:\Users\Kevin\Documents\MZh36.jpg

[2012/06/17 22:42:19 | 000,002,826 | ---- | C] () -- C:\Users\Kevin\Documents\My Movie.wlmp

[2012/06/17 20:06:54 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI

[2012/06/16 01:46:13 | 000,000,488 | ---- | C] () -- C:\windows\SysNative\PenTouchTabletUserDefaults.xml

[2012/06/16 01:46:13 | 000,000,488 | ---- | C] () -- C:\windows\SysNative\PenTabletUserDefaults.xml

[2012/05/18 14:49:45 | 000,002,958 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2012/03/19 16:31:16 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin

[2012/03/19 16:31:16 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

[2012/03/19 16:25:58 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll

[2012/03/19 15:21:14 | 013,212,672 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll

[2012/01/27 10:21:26 | 000,000,093 | ---- | C] () -- C:\Users\Kevin\AppData\Local\fusioncache.dat

[2011/10/05 14:06:41 | 000,000,306 | ---- | C] () -- C:\windows\ODBC.INI

[2011/10/05 13:31:13 | 002,463,976 | ---- | C] () -- C:\windows\SysWow64\NPSWF32.dll

[2011/10/04 23:25:20 | 000,876,284 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011/10/04 16:03:31 | 000,000,017 | ---- | C] () -- C:\Users\Kevin\AppData\Local\resmon.resmoncfg

[2011/06/27 09:53:58 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

[2011/02/03 19:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== LOP Check ==========

[2012/05/22 13:46:28 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012/03/26 01:16:16 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\cYo

[2012/01/15 22:17:22 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DAEMON Tools Lite

[2012/04/28 11:06:41 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\e-academy Inc

[2012/07/10 21:18:26 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\LolClient

[2012/07/12 17:15:45 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Might & Magic Heroes VI

[2012/01/15 22:07:35 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\OpenCandy

[2012/02/04 13:27:11 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\OpenOffice.org

[2012/05/22 14:44:47 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\PACE Anti-Piracy

[2012/05/22 14:44:19 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\PDAppFlex

[2012/05/11 22:19:51 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\SystemRequirementsLab

[2012/01/29 23:34:58 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Tomato

[2011/10/04 15:16:31 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Toshiba

[2012/04/14 09:15:45 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Unity

[2012/06/16 01:47:37 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Wacom

[2012/06/16 01:49:00 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1

[2011/10/03 20:13:41 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\WinBatch

[2012/06/19 20:04:09 | 000,000,000 | ---D | M] -- C:\Users\nbrown\AppData\Roaming\Wacom

[2012/07/14 16:13:00 | 000,000,906 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3374679522-1588394677-3506598666-1000Core.job

[2012/07/15 10:13:00 | 000,000,928 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3374679522-1588394677-3506598666-1000UA.job

[2009/07/13 22:08:49 | 000,028,194 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Do you know anything about this proxy?

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.selectedEngine: ""

FF - prefs.js..network.proxy.ftp: "173.13.175.17"

FF - prefs.js..network.proxy.ftp_port: 8080

FF - prefs.js..network.proxy.http: "173.13.175.17"

FF - prefs.js..network.proxy.http_port: 8080

FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1"

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "173.13.175.17"

FF - prefs.js..network.proxy.socks_port: 8080

FF - prefs.js..network.proxy.ssl: "173.13.175.17"

FF - prefs.js..network.proxy.ssl_port: 8080

FF - prefs.js..network.proxy.type: 0

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\..\SearchScopes,DefaultScope =
    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.selectedEngine: ""
    [2012/04/06 16:41:25 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
    [2012/07/12 13:26:20 | 000,000,000 | ---D | M] (Vgrabber1) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}
    [2011/12/16 18:20:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    CHR - default_search_provider: suggest_url =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

It didn't work. :(

========== OTL ==========

HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!

HKU\S-1-5-21-3374679522-1588394677-3506598666-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_USERS\S-1-5-21-3374679522-1588394677-3506598666-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Prefs.js: "" removed from browser.search.defaultenginename

Prefs.js: "" removed from browser.search.selectedEngine

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\components folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome\content\id_imbooster4web_v6 folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome\content folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\Plugins folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\modules folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\META-INF folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\lib folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\defaults\preferences folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\defaults folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\skin folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\sl folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\lib folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\core folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\WEATHER\js folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\WEATHER\css folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\WEATHER folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\TWITTER\resources folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\TWITTER\js folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\TWITTER\img folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\TWITTER folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\TESTER_POPUP\js folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\TESTER_POPUP folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\TESTER_EMBEDDED folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\TESTER_BCAPI\js folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\TESTER_BCAPI\autoTest\spec folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\TESTER_BCAPI\autoTest\lib\jasmine-1.1.0 folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\TESTER_BCAPI\autoTest\lib folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\TESTER_BCAPI\autoTest folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\TESTER_BCAPI folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\SEARCH\view\style folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\SEARCH\view\script folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\SEARCH\view folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\SEARCH\resources folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\SEARCH\js folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\SEARCH\Css folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\SEARCH folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\RADIO_PLAYER folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\PRICE_GONG\images folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\PRICE_GONG\css folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\PRICE_GONG folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\Optimizer\js folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\Optimizer folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\NOTIFICATION\js folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\NOTIFICATION\images folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\NOTIFICATION\css folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\NOTIFICATION folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\MULTI_RSS\js folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\MULTI_RSS\img folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\MULTI_RSS\css folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\MULTI_RSS folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\HIGHLIGHTER folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa\404 folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\wa folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\ui\menu\js folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\ui\menu\img folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\ui\menu\css folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\ui\menu folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\ui\gf\img folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\ui\gf\css folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\ui\gf folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\ui\gadgetFrame folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\ui\dlg\ftd\images folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\ui\dlg\ftd folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\ui\dlg folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\ui folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\searchProtector\searchProtectorSettingsDialog\images folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\searchProtector\searchProtectorSettingsDialog folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\searchProtector\SearchProtectorBubbleDialog folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\searchProtector\js folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\searchProtector folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\options\js\resources folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\options\js folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\options\images folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\options\css folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\options folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\myStuffDialogs folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\features\js\resources folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\features\js folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\features folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\api folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\ac\res folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\ac\img folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\ac\css folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\ac folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\aboutBox\js folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\aboutBox\images folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al\aboutBox folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb\al folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content\tb folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886\content folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome\CT3131886 folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\chrome folder moved successfully.

C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\0hrjx8rr.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058} folder moved successfully.

C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml moved successfully.

Use Chrome's Settings page to remove the default_search_provider items.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

OTL by OldTimer - Version 3.2.54.0 log created on 07162012_165527

Link to post
Share on other sites

In Chrome. Every time I open Chrome, it takes me to the Conduit/Bing search page (specifically: http://search.conduit.com/?ctid=CT3131886&SearchSource=48). However, if I click the "home" button, it takes me to Google (I set Google as my default search engine).

I do think you helped me fix Internet Explorer, though. I used to have the same problem with Internet Explorer, but since I ran the OTL fix, I have no problems with it. It just takes me to msn.com.

Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :regfind
    Conduit
    Bing

    :folderfind
    *Conduit*


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 11:44 on 19/07/2012 by Kevin

Administrator - Elevation successful

WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== regfind ==========

Searching for "Conduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit]

[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\Community Alerts]

"Path"="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\HomePage]

"{f9bbf004-6e40-4019-8214-c43a37e1d058}"="http://search.conduit.com?SearchSource=10&ctid=CT3131886"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.0\Setup\Windows Workflow Foundation\Debugger]

"ControllerConduitTypeName"="Microsoft.Workflow.DebugEngine.ControllerConduit, Microsoft.Workflow.DebugController, Version=10.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\conduitinstaller_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\conduitinstaller_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]

@="Conduit Community Alerts"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]

@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68ff6973-d55b-4252-821e-4b44ae677299}]

@="Microsoft.Workflow.DebugEngine.ControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68ff6973-d55b-4252-821e-4b44ae677299}\InprocServer32]

"Class"="Microsoft.Workflow.DebugEngine.ControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68ff6973-d55b-4252-821e-4b44ae677299}\InprocServer32\9.0.0.0]

"Class"="Microsoft.Workflow.DebugEngine.ControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68ff6973-d55b-4252-821e-4b44ae677299}\ProgId]

@="Microsoft.Workflow.DebugEngine.ControllerConduit.9.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}]

@="Microsoft.Workflow.DebugEngine.ControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\InprocServer32]

"Class"="Microsoft.Workflow.DebugEngine.ControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\InprocServer32\10.0.0.0]

"Class"="Microsoft.Workflow.DebugEngine.ControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\ProgId]

@="Microsoft.Workflow.DebugEngine.ControllerConduit.10.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1F7382B9-6B5D-4373-8880-387238072DAD}]

@="IControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2392D0C5-72EA-4215-8C66-280E1CB4344A}]

@="IControllerConduitCallback"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.Workflow.DebugEngine.ControllerConduit.10.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.Workflow.DebugEngine.ControllerConduit.10.0]

@="Microsoft.Workflow.DebugEngine.ControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.Workflow.DebugEngine.ControllerConduit.9.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.Workflow.DebugEngine.ControllerConduit.9.0]

@="Microsoft.Workflow.DebugEngine.ControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]

@="Conduit Community Alerts"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]

@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{68ff6973-d55b-4252-821e-4b44ae677299}]

@="Microsoft.Workflow.DebugEngine.ControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{68ff6973-d55b-4252-821e-4b44ae677299}\InprocServer32]

"Class"="Microsoft.Workflow.DebugEngine.ControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{68ff6973-d55b-4252-821e-4b44ae677299}\InprocServer32\9.0.0.0]

"Class"="Microsoft.Workflow.DebugEngine.ControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{68ff6973-d55b-4252-821e-4b44ae677299}\ProgId]

@="Microsoft.Workflow.DebugEngine.ControllerConduit.9.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}]

@="Microsoft.Workflow.DebugEngine.ControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\InprocServer32]

"Class"="Microsoft.Workflow.DebugEngine.ControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\InprocServer32\10.0.0.0]

"Class"="Microsoft.Workflow.DebugEngine.ControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\ProgId]

@="Microsoft.Workflow.DebugEngine.ControllerConduit.10.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1F7382B9-6B5D-4373-8880-387238072DAD}]

@="IControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2392D0C5-72EA-4215-8C66-280E1CB4344A}]

@="IControllerConduitCallback"

Searching for "Bing"

[HKEY_CURRENT_USER\Software\Microsoft\BingBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\PhoneConverters\Tokens\Chinese]

"PhoneMap"="- 0001 ! 0002 & 0003 , 0004 . 0005 ? 0006 _ 0007 + 0008 * 0009 1 000A 2 000B 3 000C 4 000D 5 000E a 000F ai 0010 an 0011 ang 0012 ao 0013 ba 0014 bai 0015 ban 0016 bang 0017 bao 0018 bei 0019 ben 001A beng 001B bi 001C bian 001D biao 001E bie 001F bin 0020 bing 0021 bo 0022 bu 0023 ca 0024 cai 0025 can 0026 cang 0027 cao 0028 ce 0029 cen 002A ceng 002B cha 002C chai 002D chan 002E chang 002F chao 0030 che 0031 chen 0032 cheng 0033 chi 0034 chong 0035 chou 0036 chu 0037 chuai 0038 chuan 0039 chuang 003A chui 003B chun 003C chuo 003D ci 003E cong 003F cou 0040 cu 0041 cuan 0042 cui 0043 cun 0044 cuo 0045 da 0046 dai 0047 dan 0048 dang 0049 dao 004A de 004B dei 004C den 004D deng 004E di 004F dia 0050 dian 0051 diao 0052 die 0053 ding 0054 diu 0055 dong 0056 dou 0057 du 0058 duan 0059 dui 005A dun 005B duo 005C e 005D ei 005E en 005F er 0060 fa 0061 fan 0062 fang 0063 fei 0064 fen 0065 feng 0066 fo 0067 fou 0068 fu 0069 ga

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]

"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl

[HKEY_LOCAL_MACHINE\SOFTWARE\Skype\Phone\UI]

"BingInstallInfo"="bing-toolbar:offered-refused,msn-homepage:offered-refused"

[HKEY_USERS\S-1-5-21-3374679522-1588394677-3506598666-1000\Software\Microsoft\BingBar]

========== folderfind ==========

Searching for "*Conduit*"

C:\Users\Kevin\AppData\LocalLow\Conduit d------ [20:26 12/07/2012]

C:\_OTL\MovedFiles\07142012_093331\C_Users\Kevin\AppData\Local\Conduit d------ [20:26 12/07/2012]

-= EOF =-

Link to post
Share on other sites

First, locate and manually delete the following folders if they are present:

C:\Program Files (x86)\Conduit

C:\Users\Kevin\AppData\LocalLow\Conduit

Second, open notepad and copy and paste next present in the quotebox below in it (don't forget to copy and paste REGEDIT4):

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Conduit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\conduitinstaller_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\conduitinstaller_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
[-HKEY_CURRENT_USER\Software\Microsoft\BingBar]

Save this as fix.reg Choose to save as *all files and place it on your desktop.

It should look like this: reg.gif

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Finally, reboot your PC.

Let me know if there is progress.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.