Jump to content

Browser Hijacker - YourBestSearch.net


Recommended Posts

My computer has been infected by this hijacker. The symptoms involved are search results redirecting to a blank page (yourbestsearch.net). I found both my Chrome and Mozilla browsers to be infected.

After at least an hour of research and numerous malwarebytes scans, I was 1) able to remove the malware from my Chrome browser, however only by creating a new browser profile (I assume this means that the malware is still in my computer); 2) unable to remove the malware from my Mozilla browser; 3) unable to even identify any related threats through the malwarebytes scans.

In addition to the scans, I of course toyed around in Windows' program uninstaller where I found nothing related, and I went through the extensions/add-ons in both of my browsers, again finding nothing related.

The closest thing to a solution I found through research was this shady site which claims to know the particular corrupted files involved: http://blog.teesuppo...h-net-hijacker/

^ I searched for all of those files and found nothing. I don't know why I'm even mentioning this.

Outside of Malwarebytes scans, I used CCleaner's main scan as well as its registry fix function. Still nothing.

Any idea how to combat this? If the solution is very technical, please try to explain it to me in layman's terms. I don't know much about malware or registry stuff. Thanks!

Link to post
Share on other sites

Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Kevin...

Link to post
Share on other sites

The symptoms seem to have been fixed after running that and reboot. Thanks! Any additional steps?

The content of the logfile:

# AdwCleaner v2.110 - Logfile created 02/05/2013 at 04:11:10

# Updated 03/02/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Collin - PC

# Boot Mode : Normal

# Running from : C:\Users\Collin\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : WajamUpdater

***** [Files / Folders] *****

Deleted on reboot : C:\Users\Collin\AppData\Roaming\Mozilla\Firefox\Profiles\ws4xnb7w.default\extensions\OneClickDownload@OneClickDownload.com.xpi

File Deleted : C:\user.js

File Deleted : C:\Users\Collin\AppData\Roaming\Mozilla\Firefox\Profiles\ws4xnb7w.default\searchplugins\Askcom.xml

File Deleted : C:\Users\Collin\AppData\Roaming\Mozilla\Firefox\Profiles\ws4xnb7w.default\searchplugins\funmoods.xml

File Deleted : C:\Users\Collin\AppData\Roaming\Mozilla\Firefox\Profiles\ws4xnb7w.default\searchplugins\WebSearch.xml

Folder Deleted : C:\Program Files (x86)\1ClickDownload

Folder Deleted : C:\Program Files (x86)\Smartdl

Folder Deleted : C:\Program Files (x86)\Wajam

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\ProgramData\Partner

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Folder Deleted : C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco

Folder Deleted : C:\Users\Collin\AppData\Local\Wajam

Folder Deleted : C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam

Folder Deleted : C:\Users\Collin\AppData\Roaming\OpenCandy

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\contin~1\sprote~1.dll

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\softqu~1\sprote~1.dll

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKCU\Software\Alexa Internet

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\SProtector

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Wajam

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO

Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1

Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader

Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1

Key Deleted : HKLM\Software\Funmoods

Key Deleted : HKLM\Software\Iminent

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

Key Deleted : HKLM\Software\Wajam

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Key Deleted : HKLM\SOFTWARE\Software

Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.soft-quick.info/ --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page Restore] = hxxp://start.funmoods.com/?f=1&a=make --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=make --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.soft-quick.info/ --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Collin\AppData\Roaming\Mozilla\Firefox\Profiles\ws4xnb7w.default\prefs.js

C:\Users\Collin\AppData\Roaming\Mozilla\Firefox\Profiles\ws4xnb7w.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.default.homepage.check", false);

Deleted : user_pref("aol_toolbar.default.search.check", false);

Deleted : user_pref("browser.newtabpage.pinned", "[{\"url\":\"hxxp://www.reddit.com/\",\"title\":\"reddit: the[...]

Deleted : user_pref("browser.search.defaultenginename", "WebSearch");

Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");

Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.soft-quick.info/?l=1&q=");

Deleted : user_pref("browser.search.order.1", "WebSearch");

Deleted : user_pref("browser.search.order.1,S", "WebSearch");

Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");

Deleted : user_pref("extensions.507ba87920c95.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Deleted : user_pref("extensions.funmoods_i.aflt", "make");

Deleted : user_pref("extensions.funmoods_i.dfltLng", "");

Deleted : user_pref("extensions.funmoods_i.dfltSrch", true);

Deleted : user_pref("extensions.funmoods_i.dnsErr", true);

Deleted : user_pref("extensions.funmoods_i.excTlbr", false);

Deleted : user_pref("extensions.funmoods_i.hmpg", true);

Deleted : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=make");

Deleted : user_pref("extensions.funmoods_i.id", "a0766cc90000000000001c659d20eed7");

Deleted : user_pref("extensions.funmoods_i.instlDay", "15451");

Deleted : user_pref("extensions.funmoods_i.instlRef", "");

Deleted : user_pref("extensions.funmoods_i.newTab", true);

Deleted : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=make");

Deleted : user_pref("extensions.funmoods_i.prdct", "funmoods");

Deleted : user_pref("extensions.funmoods_i.prtnrId", "funmoods");

Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");

Deleted : user_pref("extensions.funmoods_i.srchPrvdr", "Search");

Deleted : user_pref("extensions.funmoods_i.tlbrId", "base");

Deleted : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=make&q="[...]

Deleted : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");

Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1623:02:57");

Deleted : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");

Deleted : user_pref("extensions.smarterwiki.search_surfcanyon", false);

Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [10220 octets] - [05/02/2013 04:11:10]

########## EOF - C:\AdwCleaner[s1].txt - [10281 octets] ##########

Link to post
Share on other sites

Depends what issues/concerns you have, let me know how your system is responding.

Run the following, is purely diagnostic scan:

Download OTL from any of the following links and save to your desktop.

http://itxassociates.com/OT-Tools/OTL.com

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.scr

Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Click Run Scan and let the program run uninterrupted.
  • When the scan is complete, two text files will be created on your Desktop.
  • OTL.Txt <- this one will be opened
  • Extras.txt <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

Kevin

Link to post
Share on other sites

OTL.Txt:

OTL logfile created on: 2/5/2013 4:58:26 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Collin\Desktop\Desktop\Cleaners

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 51.24% Memory free

5.73 Gb Paging File | 3.82 Gb Available in Paging File | 66.65% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 286.31 Gb Total Space | 53.76 Gb Free Space | 18.78% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Collin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/05 04:56:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Collin\Desktop\Desktop\Cleaners\OTL.com

PRC - [2013/01/28 15:22:50 | 000,551,264 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

PRC - [2013/01/25 21:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2013/01/24 21:48:50 | 000,583,456 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe

PRC - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/11/15 18:38:12 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe

PRC - [2012/10/23 17:58:52 | 000,120,728 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

PRC - [2012/10/23 17:58:40 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

PRC - [2012/08/17 20:38:34 | 000,128,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\klwtblfs.exe

PRC - [2012/05/31 13:52:17 | 001,906,072 | ---- | M] (LogMeIn, Inc.) -- C:\Users\Collin\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended_srv.exe

PRC - [2012/05/31 13:52:17 | 001,906,072 | ---- | M] (LogMeIn, Inc.) -- C:\Users\Collin\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended.exe

PRC - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/05 01:29:17 | 000,057,344 | ---- | M] () -- C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll

MOD - [2013/01/25 21:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll

MOD - [2013/01/25 21:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll

MOD - [2013/01/25 21:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll

MOD - [2013/01/25 21:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll

MOD - [2013/01/25 21:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll

MOD - [2012/10/23 17:58:40 | 000,694,168 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

MOD - [2012/08/17 20:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

========== Services (SafeList) ==========

SRV:64bit: - [2010/02/25 21:00:32 | 000,252,928 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV:64bit: - [2010/02/23 19:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)

SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2009/11/06 00:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/02/01 21:14:04 | 000,566,192 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysNative\lxcicoms.exe -- (lxci_device)

SRV - [2013/01/28 15:22:50 | 000,551,264 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)

SRV - [2013/01/24 21:48:50 | 000,583,456 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)

SRV - [2013/01/20 12:10:58 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/12/21 03:33:46 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/11/15 18:38:12 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)

SRV - [2012/10/23 17:58:52 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)

SRV - [2012/09/06 19:17:02 | 002,487,208 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Users\Collin\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe -- (LMIRescue_8e4424a5-1abc-4002-a647-14255879951f)

SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/05/31 13:52:17 | 001,906,072 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Users\Collin\AppData\Local\LogMeIn Rescue Unattended\LMIR0001.tmp\unattended_srv.exe -- (LMIRescueUA_954974)

SRV - [2011/09/28 01:28:27 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/09/02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)

SRV - [2010/11/29 13:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007/02/01 21:13:46 | 000,537,520 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\SysWOW64\lxcicoms.exe -- (lxci_device)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/15 18:39:26 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)

DRV:64bit: - [2012/11/15 18:39:25 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)

DRV:64bit: - [2012/10/09 23:48:11 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)

DRV:64bit: - [2012/10/09 23:48:10 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)

DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/08/13 15:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)

DRV:64bit: - [2012/08/02 14:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)

DRV:64bit: - [2012/06/19 16:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)

DRV:64bit: - [2012/06/11 11:56:34 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)

DRV:64bit: - [2012/06/08 16:09:12 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)

DRV:64bit: - [2012/06/08 16:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/01/25 14:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)

DRV:64bit: - [2011/11/25 00:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)

DRV:64bit: - [2011/11/08 13:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)

DRV:64bit: - [2011/10/05 08:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)

DRV:64bit: - [2011/04/20 08:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/04/28 02:32:20 | 000,932,384 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (rtl8192Ce)

DRV:64bit: - [2010/03/31 01:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2010/03/24 15:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/02/20 10:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/02/10 17:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2010/02/08 23:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/10 14:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)

DRV:64bit: - [2009/06/22 19:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2009/06/15 15:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)

DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/01/29 18:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{6B6A7AB4-AA26-4FFF-A813-6D7025470CAC}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND'>http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{76A02695-E0B4-4853-A438-9C16BCD883DD}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3851909856-3628812938-79543554-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND'>http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND

IE - HKU\S-1-5-21-3851909856-3628812938-79543554-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-3851909856-3628812938-79543554-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-3851909856-3628812938-79543554-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com

IE - HKU\S-1-5-21-3851909856-3628812938-79543554-1001\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3851909856-3628812938-79543554-1001\..\SearchScopes\{35C91071-25E1-4DD6-9257-94BF929E4363}: "URL" = http://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}

IE - HKU\S-1-5-21-3851909856-3628812938-79543554-1001\..\SearchScopes\{520BCE90-F659-44CE-834F-DF78AE6C78D6}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=C49676FB-D67C-4675-88C8-E845CED3FF2A&apn_sauid=89932113-E40D-42E9-AC44-DE3699EB330D

IE - HKU\S-1-5-21-3851909856-3628812938-79543554-1001\..\SearchScopes\{76A02695-E0B4-4853-A438-9C16BCD883DD}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND_enUS405

IE - HKU\S-1-5-21-3851909856-3628812938-79543554-1001\..\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}: "URL" = http://www.amazon.com/websearch/ref=bit_bds-p18_serp_ie_us_display?ie=UTF8&tag=bds-p18-serp-us-ie-20&tagbase=bds-p18&tbrId=v1_abb-channel-18_835568ecce4a4403beaa6c8d85e4e66d_18_38_20121218_US_ie_ds_OC1&query={searchTerms}

IE - HKU\S-1-5-21-3851909856-3628812938-79543554-1001\..\SearchScopes\{CDA2A2E2-D58C-4194-98FC-86818327579A}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND

IE - HKU\S-1-5-21-3851909856-3628812938-79543554-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3851909856-3628812938-79543554-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"

FF - prefs.js..browser.search.defaultthis.engineName: ""

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledAddons: googledictionary%40toptip.ca:5.13

FF - prefs.js..extensions.enabledAddons: optout%40google.com:1.5

FF - prefs.js..extensions.enabledAddons: smarterwiki%40wikiatic.com:5.0.9

FF - prefs.js..extensions.enabledAddons: content_blocker%40kaspersky.com:13.0.1.4250

FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.2

FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1

FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.3.0

FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.3.7

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: zigboom@ymail.com:1.3.1

FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&q="

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Collin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Collin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Collin\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Collin\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/12/17 19:24:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012/12/20 07:11:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012/12/20 07:11:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012/12/20 07:11:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/05 01:34:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/05 01:34:56 | 000,000,000 | ---D | M]

[2010/11/01 21:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Collin\AppData\Roaming\Mozilla\Extensions

[2013/02/05 01:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Collin\AppData\Roaming\Mozilla\Firefox\Profiles\ws4xnb7w.default\extensions

[2012/12/25 11:32:57 | 000,234,999 | ---- | M] () (No name found) -- C:\Users\Collin\AppData\Roaming\Mozilla\Firefox\Profiles\ws4xnb7w.default\extensions\artur.dubovoy@gmail.com.xpi

[2012/11/26 10:52:37 | 000,050,177 | ---- | M] () (No name found) -- C:\Users\Collin\AppData\Roaming\Mozilla\Firefox\Profiles\ws4xnb7w.default\extensions\googledictionary@toptip.ca.xpi

[2013/01/30 20:19:41 | 000,204,940 | ---- | M] () (No name found) -- C:\Users\Collin\AppData\Roaming\Mozilla\Firefox\Profiles\ws4xnb7w.default\extensions\OneClickDownload@OneClickDownload.com.xpi

[2012/04/20 19:13:37 | 000,008,363 | ---- | M] () (No name found) -- C:\Users\Collin\AppData\Roaming\Mozilla\Firefox\Profiles\ws4xnb7w.default\extensions\optout@google.com.xpi

[2012/12/01 23:09:02 | 000,363,832 | ---- | M] () (No name found) -- C:\Users\Collin\AppData\Roaming\Mozilla\Firefox\Profiles\ws4xnb7w.default\extensions\smarterwiki@wikiatic.com.xpi

[2013/01/31 21:32:17 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Collin\AppData\Roaming\Mozilla\Firefox\Profiles\ws4xnb7w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012/12/17 19:34:31 | 000,002,838 | ---- | M] () -- C:\Users\Collin\AppData\Roaming\Mozilla\Firefox\Profiles\ws4xnb7w.default\searchplugins\amazon-distro.xml

[2012/10/09 22:56:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/02/05 14:03:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2010/11/25 23:17:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2012/06/24 18:43:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2012/08/31 12:42:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2012/12/20 07:11:06 | 000,000,000 | ---D | M] (Content Blocker) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY ANTI-VIRUS 2013\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM

[2013/01/20 12:10:58 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/09/08 22:54:03 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/10/12 02:43:07 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage:

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll

CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll

CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll

CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll

CHR - plugin: Wajam (Enabled) = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Collin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Collin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll

CHR - plugin: Java Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Collin\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: Adblock Plus = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\

CHR - Extension: Kaspersky URL Advisor = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\

CHR - Extension: AdBlock = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\

CHR - Extension: Dictionary Instant = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hngaklbjlbjhmoilkegninbmpfigheol\1.0.22_0\

CHR - Extension: Virtual Keyboard = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\

CHR - Extension: Freemake Video Converter = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\

CHR - Extension: FastestChrome - Browse Faster = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.0.3_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-3851909856-3628812938-79543554-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3851909856-3628812938-79543554-1001..\Run: [MusicManager] C:\Users\Collin\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

O4 - Startup: C:\Users\Mcx1-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-3851909856-3628812938-79543554-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found

O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.11.2)

O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.11.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48A45BEC-8B61-413C-8F50-54715E983AC0}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{556F68E7-F792-4BC2-B651-5301A60A69D4}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6014A85F-F3E1-43E1-A4EF-49E3CDB4D2B9}: DhcpNameServer = 167.206.254.1 167.206.254.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC71292F-4390-4960-BAAF-844D88408A32}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{cb904a41-5ea2-11e2-82f0-c80aa9f966e3}\Shell - "" = AutoRun

O33 - MountPoints2\{cb904a41-5ea2-11e2-82f0-c80aa9f966e3}\Shell\AutoRun\command - "" = E:\MotorolaDeviceManagerSetup.exe -a

O33 - MountPoints2\{f8dc21c9-94ad-11e0-abf1-c80aa9f966e3}\Shell - "" = AutoRun

O33 - MountPoints2\{f8dc21c9-94ad-11e0-abf1-c80aa9f966e3}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/05 03:37:44 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Local\{0233435E-B1C7-4905-939E-B871CD8046BA}

[2013/02/05 01:36:13 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe

[2013/02/05 01:35:59 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe

[2013/02/05 01:35:59 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe

[2013/02/05 01:35:59 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll

[2013/02/05 01:35:53 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2013/02/05 01:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2013/02/05 01:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2013/02/05 00:16:16 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Local\{DFCD66BE-CB4F-42AE-A6D3-E634BBBD94E9}

[2013/01/24 12:09:33 | 000,015,360 | ---- | C] (June Fabrics Technology Inc.) -- C:\windows\SysNative\drivers\pneteth.sys

[2013/01/24 12:09:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android

[2013/01/24 12:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PdaNet for Android

[2013/01/24 07:51:20 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Local\{837FC60E-C546-437F-93CC-89E7EA85EC8D}

[2013/01/18 18:30:04 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe

[2013/01/18 18:30:04 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe

[2013/01/18 18:30:04 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll

[2013/01/17 03:51:48 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry

[2013/01/17 03:51:48 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Roaming\Gmote

[2013/01/17 03:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GmoteServer

[2013/01/17 03:51:33 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GmoteServer

[2013/01/17 03:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GmoteServer

[2013/01/17 03:12:43 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager

[2013/01/15 04:26:07 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Local\Splashtop

[2013/01/15 04:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop

[2013/01/15 04:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote

[2013/01/15 04:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Splashtop

[2013/01/15 04:21:30 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Local\{43C1E69E-6361-4F0D-B3B6-2659FC8E2853}

[2013/01/15 01:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola

[2013/01/15 01:36:45 | 000,000,000 | ---D | C] -- C:\Temp

[2013/01/15 01:36:45 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Roaming\Motorola Mobility

[2013/01/15 01:36:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap

[2013/01/15 01:36:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola Mobility

[2013/01/15 01:36:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola

[2013/01/15 01:34:05 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc

[2013/01/15 01:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared

[2013/01/15 01:32:53 | 000,000,000 | ---D | C] -- C:\Users\Collin\AppData\Roaming\Motorola

[2013/01/15 01:31:16 | 000,000,000 | ---D | C] -- C:\Users\Collin\Desktop\Droid

[2013/01/14 21:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Cloud Software LTD

[2013/01/14 21:04:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftQuick

[2013/01/14 21:03:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ContinueToSave

[2013/01/14 21:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\continuetosave

[2013/01/14 20:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2013/01/09 18:17:57 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll

[2013/01/09 18:17:57 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll

[2013/01/09 18:17:40 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll

[2013/01/09 18:17:39 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll

[2013/01/09 18:17:28 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs

[2013/01/09 18:17:28 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs

[2013/01/09 18:17:28 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs

[2013/01/09 18:17:28 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs

[2013/01/09 18:17:28 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs

[2013/01/09 18:17:28 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs

[2013/01/09 18:17:28 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs

[2013/01/09 18:17:28 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs

[2013/01/09 18:17:28 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs

[2013/01/09 18:17:28 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs

[2013/01/09 18:17:27 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll

[2013/01/09 18:17:27 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll

[2013/01/09 18:17:27 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll

[2013/01/09 18:17:27 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll

[2013/01/09 18:17:27 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs

[2013/01/09 18:17:27 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs

[2013/01/09 18:17:27 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs

[2013/01/09 18:17:27 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs

[2013/01/09 18:17:27 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs

[2013/01/09 18:17:27 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs

[2013/01/09 18:17:27 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs

[2013/01/09 18:17:27 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs

[2013/01/09 18:17:27 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs

[2013/01/09 18:17:27 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs

[2013/01/09 18:17:26 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs

[2013/01/09 18:17:26 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs

[2013/01/09 18:17:26 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs

[2013/01/09 18:17:26 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs

[2013/01/09 18:17:26 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs

[2013/01/09 18:17:26 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs

[2013/01/09 18:17:25 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs

[2013/01/09 18:17:25 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs

[2013/01/09 18:16:58 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll

[2013/01/09 18:16:58 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll

[2013/01/09 18:16:57 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll

[2013/01/09 18:16:57 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe

[2013/01/09 18:16:57 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll

[2013/01/09 18:16:57 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll

[2013/01/09 18:16:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll

[2013/01/09 18:16:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll

[2013/01/09 18:16:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll

[2013/01/09 18:16:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll

[2013/01/09 18:16:56 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2013/01/09 18:16:56 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2013/01/09 18:16:56 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2013/01/09 18:16:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2013/01/09 18:16:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/01/09 18:16:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2013/01/09 18:16:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2013/01/09 18:16:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2013/01/09 18:16:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2013/01/09 18:16:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2013/01/09 18:16:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/01/09 18:16:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2013/01/09 18:16:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2013/01/09 18:16:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2013/01/09 18:16:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2013/01/09 18:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/01/09 18:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/01/09 18:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2013/01/09 18:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/01/09 18:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2013/01/09 18:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2013/01/09 18:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2013/01/09 18:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2013/01/09 18:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2013/01/09 18:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2013/01/09 18:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2013/01/09 18:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2013/01/09 18:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2013/01/09 18:16:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2013/01/09 18:16:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2013/01/09 18:16:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/01/09 18:16:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2013/01/09 18:16:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2013/01/09 18:16:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2013/01/09 18:16:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2013/01/09 18:16:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2013/01/09 18:16:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2013/01/09 18:16:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2013/01/09 18:16:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2013/01/09 18:16:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe

[2013/01/09 18:16:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2013/01/09 18:16:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2013/01/09 18:16:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2013/01/09 18:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2013/01/09 18:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013/01/09 18:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2013/01/09 18:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2013/01/09 18:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2013/01/09 18:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2013/01/09 18:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2013/01/09 18:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2013/01/09 18:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2013/01/09 18:16:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2013/01/09 18:16:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe

[2013/01/09 18:16:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2013/01/09 18:16:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2013/01/09 18:16:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2013/01/09 18:16:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2013/01/09 18:16:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe

[2013/01/09 18:16:40 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe

[2013/01/07 17:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2013/01/07 17:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2013/01/07 17:34:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2013/01/07 17:34:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2013/01/07 17:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[38 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/05 04:57:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/02/05 04:23:19 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/02/05 04:23:19 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/02/05 04:17:03 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3851909856-3628812938-79543554-1001UA.job

[2013/02/05 04:16:01 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/02/05 04:14:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2013/02/05 04:14:07 | 2307,280,896 | -HS- | M] () -- C:\hiberfil.sys

[2013/02/05 04:11:32 | 000,000,194 | ---- | M] () -- C:\windows\DeleteOnReboot.bat

[2013/02/05 03:17:01 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3851909856-3628812938-79543554-1001Core.job

[2013/02/05 01:35:55 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll

[2013/02/05 01:35:55 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll

[2013/02/05 01:35:55 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe

[2013/02/05 01:35:55 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe

[2013/02/05 01:35:55 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe

[2013/02/05 01:35:55 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll

[2013/02/05 00:46:35 | 000,000,162 | ---- | M] () -- C:\windows\reimage.ini

[2013/02/02 14:09:20 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2013/02/02 14:09:20 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2013/02/02 14:09:20 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2013/01/24 12:09:34 | 000,001,124 | ---- | M] () -- C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk

[2013/01/24 12:03:39 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf

[2013/01/15 01:37:31 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf

[2013/01/15 01:37:24 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf

[2013/01/15 01:36:29 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf

[2013/01/15 01:36:29 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf

[2013/01/15 01:35:51 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf

[2013/01/12 03:30:18 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll

[2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe

[2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe

[2013/01/09 21:51:38 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

[2013/01/09 21:51:38 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/01/09 21:31:38 | 000,440,416 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[38 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/05 04:11:20 | 000,000,194 | ---- | C] () -- C:\windows\DeleteOnReboot.bat

[2013/02/05 00:45:53 | 000,000,162 | ---- | C] () -- C:\windows\reimage.ini

[2013/01/24 12:09:34 | 000,001,124 | ---- | C] () -- C:\Users\Collin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk

[2013/01/24 12:03:39 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf

[2013/01/15 01:37:31 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf

[2013/01/15 01:37:24 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf

[2013/01/15 01:36:29 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf

[2013/01/15 01:36:29 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf

[2013/01/15 01:35:51 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf

[2012/05/29 18:22:47 | 000,007,624 | ---- | C] () -- C:\Users\Collin\AppData\Local\Resmon.ResmonCfg

[2011/11/07 02:34:39 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat

[2011/09/27 01:53:39 | 000,413,696 | ---- | C] ( ) -- C:\windows\SysWow64\lxciinpa.dll

[2011/09/27 01:53:39 | 000,385,024 | ---- | C] () -- C:\windows\SysWow64\lxcicomx.dll

[2011/09/27 01:53:39 | 000,274,432 | ---- | C] () -- C:\windows\SysWow64\lxciinst.dll

[2011/09/27 01:53:38 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\lxcipmui.dll

[2011/09/27 01:53:38 | 000,397,312 | ---- | C] ( ) -- C:\windows\SysWow64\lxciiesc.dll

[2011/09/27 01:53:37 | 001,224,704 | ---- | C] ( ) -- C:\windows\SysWow64\lxciserv.dll

[2011/09/27 01:53:37 | 000,991,232 | ---- | C] ( ) -- C:\windows\SysWow64\lxciusb1.dll

[2011/09/27 01:53:37 | 000,585,728 | ---- | C] ( ) -- C:\windows\SysWow64\lxcilmpm.dll

[2011/09/27 01:53:37 | 000,181,168 | ---- | C] ( ) -- C:\windows\SysWow64\lxcippls.exe

[2011/09/27 01:53:37 | 000,163,840 | ---- | C] ( ) -- C:\windows\SysWow64\lxciprox.dll

[2011/09/27 01:53:37 | 000,094,208 | ---- | C] ( ) -- C:\windows\SysWow64\lxcipplc.dll

[2011/09/27 01:53:36 | 000,696,320 | ---- | C] ( ) -- C:\windows\SysWow64\lxcihbn3.dll

[2011/09/27 01:53:36 | 000,684,032 | ---- | C] ( ) -- C:\windows\SysWow64\lxcicomc.dll

[2011/09/27 01:53:36 | 000,537,520 | ---- | C] ( ) -- C:\windows\SysWow64\lxcicoms.exe

[2011/09/27 01:53:36 | 000,421,888 | ---- | C] ( ) -- C:\windows\SysWow64\lxcicomm.dll

[2011/09/27 01:53:36 | 000,385,968 | ---- | C] ( ) -- C:\windows\SysWow64\lxciih.exe

[2011/09/27 01:53:35 | 000,381,872 | ---- | C] ( ) -- C:\windows\SysWow64\lxcicfg.exe

[2011/09/04 02:59:55 | 000,062,464 | ---- | C] () -- C:\Users\Collin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/08/14 15:08:57 | 000,000,000 | ---- | C] () -- C:\Users\Collin\AppData\Local\{55E9B29A-E112-4906-9790-B5CA915F498F}

[2011/02/05 16:25:55 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/11/23 19:53:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/01/29 05:43:03 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Amazon

[2011/07/15 10:24:06 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\AnvSoft

[2012/06/09 13:59:28 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\DAEMON Tools Pro

[2012/12/03 10:53:09 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\EAC

[2013/02/04 22:55:19 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Gmote

[2011/02/04 00:01:18 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\ICAClient

[2013/01/15 01:32:53 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Motorola

[2013/01/15 01:36:45 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Motorola Mobility

[2011/12/30 17:05:04 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\PMS

[2011/10/01 18:39:06 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Rainmeter

[2012/11/05 19:33:58 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\SoftGrid Client

[2012/04/15 23:23:12 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Stellarium

[2012/08/11 22:03:29 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\SystemRequirementsLab

[2010/11/01 15:01:31 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Toshiba

[2010/11/30 19:47:42 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\TP

[2012/05/29 17:07:26 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\TS3Client

[2012/04/11 02:44:44 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\ts3overlay

[2013/02/05 00:57:42 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\uTorrent

[2010/10/31 20:14:15 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\WinBatch

[2011/04/30 03:09:36 | 000,000,000 | ---D | M] -- C:\Users\Collin\AppData\Roaming\Windows Live Writer

[2013/01/29 23:04:55 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Motorola Mobility

[2011/02/19 03:20:25 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\SoftGrid Client

[2010/12/02 01:00:53 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Toshiba

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:63238B95

< End of report >

Link to post
Share on other sites

Extras.Txt:

OTL Extras logfile created on: 2/5/2013 4:58:26 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Collin\Desktop\Desktop\Cleaners

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 51.24% Memory free

5.73 Gb Paging File | 3.82 Gb Available in Paging File | 66.65% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 286.31 Gb Total Space | 53.76 Gb Free Space | 18.78% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Collin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3851909856-3628812938-79543554-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{002B6DEF-77A5-469C-BC05-3FEB33630C78}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{00FE950D-BA26-4F1A-B2E0-A0D526E44116}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{091F7EC0-6E74-46F6-99BB-310CF923161E}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{0CC31667-3BD8-4578-9CB9-93E52BA80366}" = rport=445 | protocol=6 | dir=out | app=system |

"{0CE6D71E-3FAE-48AD-B32E-9B7116C5EDEB}" = lport=3390 | protocol=6 | dir=in | app=system |

"{130EBA3E-4602-4B5B-A16A-F8DADD699A48}" = rport=137 | protocol=17 | dir=out | app=system |

"{19C0E039-A80D-4E49-B47C-B97D7C546B47}" = lport=2869 | protocol=6 | dir=in | app=system |

"{1B5EB1DF-6071-4E4D-8D6D-DC687CB1DE1C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1C84EF5B-2002-45C1-8F03-73DA4B32F800}" = lport=2869 | protocol=6 | dir=in | app=system |

"{1F756062-4051-406F-9696-7D8C02884965}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{27574E2F-BFF9-4D66-94D9-40C076867C22}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{28797C09-737D-4C28-AFB9-6FF45B349B69}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{2CFDD22F-2822-415B-BF04-DD231AAFF2E2}" = rport=139 | protocol=6 | dir=out | app=system |

"{2DD288CD-69F1-4175-8BF1-12E15EED37A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{32144361-7DEE-4752-8211-2E45E309872A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{34AFB3CB-FDF7-427F-9BE4-E9262AFD1991}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{3557A842-5302-4A6B-985D-081EC1D84D08}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{37163D51-815F-4E65-8B86-8A28D0F0B4B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{4433ABC3-7A9C-4085-9471-BDA66C0ECDEE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{4B983B11-73B4-4208-840E-F8233189EF94}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4D4D8F9C-53F7-45F3-A35D-7D5FBCC23A76}" = lport=10244 | protocol=6 | dir=in | app=system |

"{51B4644A-A317-458C-87AE-872A00C2684A}" = lport=3390 | protocol=6 | dir=in | app=system |

"{59B10723-5BBB-4F25-95CF-18392CABE556}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{59DA8CAB-5C21-42E7-9DA3-7C850F91A4F0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{5BD64FD0-7118-4BBB-B5C8-E06B2A1F9FD4}" = lport=10244 | protocol=6 | dir=in | app=system |

"{6A747B18-DA54-4A54-81B9-7BF6D358FD66}" = rport=138 | protocol=17 | dir=out | app=system |

"{73F2BD7B-F1B5-45FF-B39E-7082D6E15985}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7F2A7BBE-1515-485F-9BCE-8E1A5B54B755}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{8947C495-C26F-471E-BBC0-E80CC8379A1B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{9438CA31-E97C-4283-91C6-F41EC8ADCA15}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{94D446AE-A23C-4A90-88C0-8C5F5CA4DFB4}" = lport=137 | protocol=17 | dir=in | app=system |

"{9603C8D6-9C95-499B-8680-0CEF73E6F1DA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{9B8AE087-A660-4310-813B-C410ECC496AA}" = lport=2869 | protocol=6 | dir=in | app=system |

"{9BB22B95-37E7-4B49-83B9-1262EFF2A04F}" = lport=445 | protocol=6 | dir=in | app=system |

"{9CEC0891-62C0-4176-83F6-B4D7D0984FCE}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{A15D728E-95C0-46B5-B3FE-F3662E86400B}" = rport=10243 | protocol=6 | dir=out | app=system |

"{A1B717C2-5154-4864-9493-C82C8172ED1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A44FA5F0-7B8E-473C-B750-1EBEAF5947A3}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A697C317-9E5E-4A4C-A036-98E04863928A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{AB0317E6-7E60-4E2A-9B4D-A290972293F4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{AC251A12-B65B-475F-A1C5-6F25091C5F4E}" = lport=139 | protocol=6 | dir=in | app=system |

"{B2D74D8B-C7B6-4DD8-A7AD-828E1D7E1A5C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{B6620E69-147E-4C5B-A83A-B765F9775BBC}" = lport=138 | protocol=17 | dir=in | app=system |

"{C0C523B7-36FF-45FE-950D-C7C157F10409}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{CC8E3E2B-41A6-4AF3-9678-B026ED37C48D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D43BB994-3070-4862-A8E2-FD9BD9066A6D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{DB5B0BEE-A840-48E8-A730-605AFCDDBD1C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{DFEA1407-A323-4F2E-B0B9-AFDC6FE18F2D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E732A20E-0D9A-4BE8-9AEF-80DD42C64A3F}" = lport=10243 | protocol=6 | dir=in | app=system |

"{E91D7EDA-18C8-4BB2-A508-E1E753EDBD89}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{EB938306-431E-4999-992E-5A8AC1E79C8A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{ED901E1F-C572-4F30-9D6B-93A5AFF971A6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0291D58A-1003-4F34-837D-DFD74061CCF8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{046D1504-9A2E-478A-ACB6-F0AAFDF86F6C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{06550F7F-6561-47C5-A4FA-418E3077B93D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{1883B8B6-0092-472A-B091-D6F0C9867FBC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{1BDF2697-A4A8-457A-885D-C76CE982704E}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |

"{1E1F8841-DD34-4B9F-8969-361CF1634144}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{272FC1FF-A07D-4E97-AB76-8EAC6B4348A3}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{2CEC0ED8-019D-46BE-B90B-6AE3639889A1}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |

"{2E7C2076-9044-4A38-A574-1EE9F6A547FE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |

"{31353784-A157-4548-8304-3D08A97A01F4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{31F10C0C-F31E-4685-BACA-56BA34AD2117}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{34BCE5D1-112D-405A-BF54-41DF12140D4E}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{361CCAF6-BCF5-4754-847C-67657B5545D7}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{38BDDB92-2B43-4E50-9F8B-92F08D731F79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{3BDF2A40-88B1-48F0-8E09-E0036BF09EDD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{3BE26A1F-02A1-46A9-A956-9A38C252BEF2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{42202931-1BD4-40E2-9A74-4FC56ED4B6E3}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{45E1FF3B-BB4D-4DE5-8552-AD14970F7D04}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{466E6931-E59D-4E19-8732-0D702542FFE6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{4687950D-BCC2-4693-8FAD-7776E0DB330B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{46FDD896-DC11-491C-9760-F3BE629B126E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{476502A4-9C6F-4899-BAE8-F4271F49716C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{4C728807-25B7-454B-8678-0228AD44F11A}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{4D5FA581-582B-4D1D-AE2E-0D0E43CE080B}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |

"{64C37F44-24F0-461A-9D02-C7CEBDD1F9EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{68F150F0-AE8A-46E5-B6F4-0B783F66FAB4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{69940226-9F76-465C-875F-B80A09F788E5}" = protocol=17 | dir=in | app=c:\windows\system32\lxcicoms.exe |

"{702FA544-B635-4974-B6D7-D4D80FBDE584}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{7761083E-5661-4F2E-9344-986E4D829343}" = protocol=6 | dir=out | app=system |

"{777DF49C-B884-4CBC-977F-EFB57D38FD4A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{7C1D1BE3-1F3A-4C1B-9579-0278ED16F9C9}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii public test\diablo iii.exe |

"{87D7C64D-DE1D-47A4-9913-3AA884CCCDA7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{8EFAB062-1820-462B-8A6C-73A6594A2D0D}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{9256935E-B581-4107-88AB-5E3D94F2028A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{92D2F4B8-E22C-4BB6-90BD-AD6BFE15173A}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{936E6E05-DEDD-4B0A-B50A-E6BE9AB42F77}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{93BC8BAA-01BE-434C-80A9-91D4E05DF2E2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{99E28C30-6ADE-4D4C-8F8F-B895B507418A}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |

"{9C9BD060-1483-4D21-848B-D1206078DE0A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{A5E86B3B-7ED3-45F9-B7FD-50FFA5439C7F}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |

"{A84A2FDA-0E44-45C4-B0B4-1EA016239063}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{A92567AB-EDC7-413A-A6AE-02FCFE4C1E51}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{ACE48CE4-F596-4F44-98A7-00F9F7EB8D60}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{AD15349C-6DA2-46A1-B156-088CD84104E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{AD8E63A8-0022-4966-AD12-16489F870EC3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{B02651BF-AFEC-4EE3-8676-F24DFC120C56}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"{B1364837-3944-4B4C-A1DF-B82EF6AF829A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxcipswx.exe |

"{B2D52407-390B-495F-8D7B-518DE5C00D23}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{B3099D91-F2AB-473C-A923-6C12990A6944}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{B4B2CC32-2B57-4548-A384-6AE46B5FB5CF}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxcicoms.exe |

"{B8DFBB7D-A995-4D61-AE22-81BB22FFF7EE}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{BA90E512-014A-4276-BF26-930FF219F2E7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{BB30B910-88EC-4D04-922F-08B8687E7166}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{BD13B078-23D5-44DF-82CB-FBC9A3403579}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{BDC6DD09-8BF4-4428-89E5-4859EC2BB58B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{CBEA2CBC-B9E7-4F49-B2F4-9A33FF680B32}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{CD52E2F6-DEC4-4D9B-9D7B-00CB18A12E6C}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{D54044C2-02C3-4A04-9306-427E5CC53C95}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxcicoms.exe |

"{D5F534C4-4C21-44E1-AF8A-FC65BFCC63F7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{D997F37B-DB0A-4091-B945-1BD32B88FA6D}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |

"{DB492CF9-05BA-4AB4-9957-99E509B210FE}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxcipswx.exe |

"{E0C2C1C6-8446-4A60-90AC-4A3C5C5892A9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{E1DDFCFA-7635-4482-BF0D-7660F3A35EBE}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{E6D80646-64F9-49C9-AC7C-DFFD9993C38E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{EC87CE74-6D08-4143-9D6C-2641664835D6}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii public test\diablo iii.exe |

"{F03545BC-590A-4A36-9493-B1E9AA2EE95A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |

"{F5361829-56F1-4943-B329-753381BD7F31}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{F78DB207-12D6-4E6C-84C8-39D5765AA424}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F8B8F960-A0FC-469C-A966-AB93D15ED11B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{FAA9C4E5-E197-4A07-B750-CED71C7BA03F}" = protocol=6 | dir=in | app=c:\windows\system32\lxcicoms.exe |

"{FEC6AC74-C331-42DB-B464-A8B997552E53}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |

"TCP Query User{11BD5F98-AABB-45B4-B2A9-545AAB8C876C}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |

"TCP Query User{19A3093D-0357-4809-8D77-B4ECBED486C6}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"TCP Query User{2D55D627-037B-4349-9436-5A7CC6C1E614}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

"TCP Query User{506D69EF-3CE5-436E-AA78-49878137AA5E}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"TCP Query User{7DF63D25-C089-4071-9B18-51FC4060E476}C:\users\collin\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\collin\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |

"TCP Query User{8E61BA4A-5D1B-490F-89D3-D7038ECF4542}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe |

"TCP Query User{AB351E0C-C3C0-4441-818E-211EA6C2CBFD}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

"UDP Query User{0744C352-3844-47D8-9F14-9510AC319FDB}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |

"UDP Query User{12001F85-C248-494F-936C-03926FA01FE8}C:\users\collin\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\collin\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |

"UDP Query User{2D21D8B1-8238-49DA-922C-813CA6B9FB99}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

"UDP Query User{67EF3CDE-B183-47A5-BFC3-CE3203BF04E4}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe |

"UDP Query User{A7807B98-C91E-45DC-AB30-DA2FE1F9640F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"UDP Query User{B5FE9855-B3D2-4B10-9958-41B4B6E66712}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{E321310C-A51F-47AA-9487-7CC2BAA68152}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{26A24AE4-039D-4CA4-87B4-2F86417013FF}" = Java 7 Update 13 (64-bit)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4E7CCB76-687B-4C53-9A5E-08780AF3A551}" = Motorola Mobile Drivers Installation 5.9.0

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor

"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime

"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board

"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup

"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app

"CCleaner" = CCleaner

"CNXT_AUDIO_HDA" = Conexant HD Audio

"Lexmark 7300 Series" = Lexmark 7300 Series

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0

"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver

"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 35

"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11

"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager

"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013

"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration

"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{81DE15C9-5390-4533-81DF-2DC936C1A40C}" = Motorola Device Software Update

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer

"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}" = Toshiba Book Place

"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D952C4F9-2488-3723-84BE-1BFA907DCAC9}" = Google Talk Plugin

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"7-Zip" = 7-Zip 9.20

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15

"AutoHotkey" = AutoHotkey 1.0.48.05

"AviSynth" = AviSynth 2.5

"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11

"DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer

"Diablo III" = Diablo III

"Diablo III Public Test" = Diablo III Public Test

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Exact Audio Copy" = Exact Audio Copy 1.0beta3

"Freemake Video Converter_is1" = Freemake Video Converter version 3.1.2

"Google Chrome" = Google Chrome

"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer

"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime

"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility

"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board

"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup

"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password

"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"McAfee Security Scan" = McAfee Security Scan Plus

"Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"PdaNet_is1" = PdaNet+ for Android 4.01

"PS3 Media Server" = PS3 Media Server

"SP_a8235b05" = Search Assistant SoftQuick 1.66

"Splashtop Software Updater" = Splashtop Software Updater

"Traverso_is1" = Traverso 0.49.1

"uTorrent" = µTorrent

"VLC media player" = VLC media player 2.0.5

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3851909856-3628812938-79543554-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"MusicManager" = Music Manager

"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 2/4/2013 1:30:33 AM | Computer Name = PC | Source = SideBySide | ID = 16842827

Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program

Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.

Multiple

requestedPrivileges elements are not allowed in manifest.

Error - 2/5/2013 2:35:12 AM | Computer Name = PC | Source = MsiInstaller | ID = 11500

Description =

Error - 2/5/2013 2:59:59 AM | Computer Name = PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16457,

time stamp: 0x50a2f9e3 Faulting module name: unknown, version: 0.0.0.0, time stamp:

0x00000000 Exception code: 0xc0000096 Fault offset: 0x0412d5c0 Faulting process id:

0x1324 Faulting application start time: 0x01ce036e6464d913 Faulting application path:

C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown

Report

Id: a71aa841-6f61-11e2-9aa0-c80aa9f966e3

Error - 2/5/2013 2:59:59 AM | Computer Name = PC | Source = Application Error | ID = 1005

Description = Windows cannot access the file for one of the following reasons: there

is a problem with the network connection, the disk that the file is stored on,

or the storage drivers installed on this computer; or the disk is missing. Windows

closed the program Internet Explorer because of this error. Program: Internet Explorer

File:

The error value is listed in the Additional Data section. User Action 1. Open the

file again. This situation might be a temporary problem that corrects itself when

the program runs again. 2. If the file still cannot be accessed and - It is on the

network, your network administrator should verify that there is not a problem with

the network and that the server can be contacted. - It is on a removable disk, for

example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the

computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK,

click Start, click Run, type CMD, and then click OK. At the command prompt, type

CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from

a backup copy. 5. Determine whether other files on the same disk can be opened.

If not, the disk might be damaged. If it is a hard disk, contact your administrator

or computer hardware vendor for further assistance. Additional Data Error value: 00000000

Disk

type: 0

Error - 2/5/2013 3:00:29 AM | Computer Name = PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16457,

time stamp: 0x50a2f9e3 Faulting module name: unknown, version: 0.0.0.0, time stamp:

0x00000000 Exception code: 0xc0000096 Fault offset: 0x047b99f0 Faulting process id:

0x197c Faulting application start time: 0x01ce036e7ae09945 Faulting application path:

C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown

Report

Id: b9820030-6f61-11e2-9aa0-c80aa9f966e3

Error - 2/5/2013 3:00:29 AM | Computer Name = PC | Source = Application Error | ID = 1005

Description = Windows cannot access the file for one of the following reasons: there

is a problem with the network connection, the disk that the file is stored on,

or the storage drivers installed on this computer; or the disk is missing. Windows

closed the program Internet Explorer because of this error. Program: Internet Explorer

File:

The error value is listed in the Additional Data section. User Action 1. Open the

file again. This situation might be a temporary problem that corrects itself when

the program runs again. 2. If the file still cannot be accessed and - It is on the

network, your network administrator should verify that there is not a problem with

the network and that the server can be contacted. - It is on a removable disk, for

example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the

computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK,

click Start, click Run, type CMD, and then click OK. At the command prompt, type

CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from

a backup copy. 5. Determine whether other files on the same disk can be opened.

If not, the disk might be damaged. If it is a hard disk, contact your administrator

or computer hardware vendor for further assistance. Additional Data Error value: 00000000

Disk

type: 0

Error - 2/5/2013 3:00:38 AM | Computer Name = PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16457,

time stamp: 0x50a2f9e3 Faulting module name: unknown, version: 0.0.0.0, time stamp:

0x00000000 Exception code: 0xc0000096 Fault offset: 0x04fa9620 Faulting process id:

0xba0 Faulting application start time: 0x01ce036e7fff453c Faulting application path:

C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown

Report

Id: be963fe0-6f61-11e2-9aa0-c80aa9f966e3

Error - 2/5/2013 3:00:38 AM | Computer Name = PC | Source = Application Error | ID = 1005

Description = Windows cannot access the file for one of the following reasons: there

is a problem with the network connection, the disk that the file is stored on,

or the storage drivers installed on this computer; or the disk is missing. Windows

closed the program Internet Explorer because of this error. Program: Internet Explorer

File:

The error value is listed in the Additional Data section. User Action 1. Open the

file again. This situation might be a temporary problem that corrects itself when

the program runs again. 2. If the file still cannot be accessed and - It is on the

network, your network administrator should verify that there is not a problem with

the network and that the server can be contacted. - It is on a removable disk, for

example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the

computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK,

click Start, click Run, type CMD, and then click OK. At the command prompt, type

CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from

a backup copy. 5. Determine whether other files on the same disk can be opened.

If not, the disk might be damaged. If it is a hard disk, contact your administrator

or computer hardware vendor for further assistance. Additional Data Error value: 00000000

Disk

type: 0

Error - 2/5/2013 3:00:41 AM | Computer Name = PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16457,

time stamp: 0x50a2f9e3 Faulting module name: unknown, version: 0.0.0.0, time stamp:

0x00000000 Exception code: 0xc0000096 Fault offset: 0x03e3c850 Faulting process id:

0x1760 Faulting application start time: 0x01ce036e81f80d17 Faulting application path:

C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown

Report

Id: c0476f98-6f61-11e2-9aa0-c80aa9f966e3

Error - 2/5/2013 3:00:41 AM | Computer Name = PC | Source = Application Error | ID = 1005

Description = Windows cannot access the file for one of the following reasons: there

is a problem with the network connection, the disk that the file is stored on,

or the storage drivers installed on this computer; or the disk is missing. Windows

closed the program Internet Explorer because of this error. Program: Internet Explorer

File:

The error value is listed in the Additional Data section. User Action 1. Open the

file again. This situation might be a temporary problem that corrects itself when

the program runs again. 2. If the file still cannot be accessed and - It is on the

network, your network administrator should verify that there is not a problem with

the network and that the server can be contacted. - It is on a removable disk, for

example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the

computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK,

click Start, click Run, type CMD, and then click OK. At the command prompt, type

CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from

a backup copy. 5. Determine whether other files on the same disk can be opened.

If not, the disk might be damaged. If it is a hard disk, contact your administrator

or computer hardware vendor for further assistance. Additional Data Error value: 00000000

Disk

type: 0

[ Media Center Events ]

Error - 5/19/2012 10:33:09 AM | Computer Name = PC | Source = MCUpdate | ID = 0

Description = 10:33:03 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/19/2012 7:11:41 PM | Computer Name = PC | Source = MCUpdate | ID = 0

Description = 7:11:35 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/20/2012 7:59:17 AM | Computer Name = PC | Source = MCUpdate | ID = 0

Description = 7:59:17 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/20/2012 7:47:07 PM | Computer Name = PC | Source = MCUpdate | ID = 0

Description = 7:47:02 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/21/2012 7:51:24 AM | Computer Name = PC | Source = MCUpdate | ID = 0

Description = 7:51:24 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/21/2012 10:33:21 PM | Computer Name = PC | Source = MCUpdate | ID = 0

Description = 10:33:16 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/22/2012 7:35:50 AM | Computer Name = PC | Source = MCUpdate | ID = 0

Description = 7:35:50 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/22/2012 7:47:21 PM | Computer Name = PC | Source = MCUpdate | ID = 0

Description = 7:47:01 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/23/2012 3:17:37 AM | Computer Name = PC | Source = MCUpdate | ID = 0

Description = 3:17:37 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 5/23/2012 7:58:28 AM | Computer Name = PC | Source = MCUpdate | ID = 0

Description = 7:58:28 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

[ System Events ]

Error - 1/21/2013 10:46:39 PM | Computer Name = PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the ShellHWDetection service.

Error - 1/21/2013 11:03:57 PM | Computer Name = PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

SBRE

Error - 1/22/2013 6:27:12 PM | Computer Name = PC | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 1/22/2013 6:27:14 PM | Computer Name = PC | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 1/22/2013 6:27:14 PM | Computer Name = PC | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 1/28/2013 10:50:30 AM | Computer Name = PC | Source = BROWSER | ID = 8032

Description =

Error - 1/31/2013 8:42:53 PM | Computer Name = PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

SBRE

Error - 2/3/2013 3:58:29 AM | Computer Name = PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

SBRE

Error - 2/3/2013 1:08:24 PM | Computer Name = PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the Wlansvc service.

Error - 2/5/2013 5:14:36 AM | Computer Name = PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

SBRE

< End of report >

Link to post
Share on other sites

Re-Run otlDesktopIcon.png by double left click, Vista and Widows 7 users accept UAC alert.

  • Under the customFix.png box at the bottom, paste in the following, start with and include the colon plus OTL . :OTL

    :OTL
    IE - HKU\S-1-5-21-3851909856-3628812938-79543554-1001\..\SearchScopes\{35C91071-25E1-4DD6-9257-94BF929E4363}: "URL" = http://start.funmood...q={searchTerms}
    IE - HKU\S-1-5-21-3851909856-3628812938-79543554-1001\..\SearchScopes\{520BCE90-F659-44CE-834F-DF78AE6C78D6}: "URL" = http://websearch.ask...44-DE3699EB330D
    [2012/09/08 22:54:03 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/10/12 02:43:07 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
    CHR - plugin: Wajam (Enabled) = C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O33 - MountPoints2\{cb904a41-5ea2-11e2-82f0-c80aa9f966e3}\Shell - "" = AutoRun
    O33 - MountPoints2\{cb904a41-5ea2-11e2-82f0-c80aa9f966e3}\Shell\AutoRun\command - "" = E:\MotorolaDeviceManagerSetup.exe -a
    O33 - MountPoints2\{f8dc21c9-94ad-11e0-abf1-c80aa9f966e3}\Shell - "" = AutoRun
    O33 - MountPoints2\{f8dc21c9-94ad-11e0-abf1-c80aa9f966e3}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
    [38 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:63238B95
    :Files

    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]


  • Then click runFixbutton.png button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next,

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Post those two logs, also let me know if any issues or concerns remain...

Kevin

Link to post
Share on other sites

New :OTL log-

All processes killed

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-3851909856-3628812938-79543554-1001\Software\Microsoft\Internet Explorer\SearchScopes\{35C91071-25E1-4DD6-9257-94BF929E4363}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35C91071-25E1-4DD6-9257-94BF929E4363}\ not found.

Registry key HKEY_USERS\S-1-5-21-3851909856-3628812938-79543554-1001\Software\Microsoft\Internet Explorer\SearchScopes\{520BCE90-F659-44CE-834F-DF78AE6C78D6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{520BCE90-F659-44CE-834F-DF78AE6C78D6}\ not found.

C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml moved successfully.

C:\Program Files (x86)\Mozilla Firefox\searchplugins\twitter.xml moved successfully.

File C:\Users\Collin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.

File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.

File Protocol\Handler\livecall - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.

File Protocol\Handler\ms-help - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.

File Protocol\Handler\msnim - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.

File Protocol\Handler\skype4com - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.

File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.

File Protocol\Handler\wlmailhtml - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.

File Protocol\Handler\wlpg - No CLSID value found not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb904a41-5ea2-11e2-82f0-c80aa9f966e3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb904a41-5ea2-11e2-82f0-c80aa9f966e3}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb904a41-5ea2-11e2-82f0-c80aa9f966e3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb904a41-5ea2-11e2-82f0-c80aa9f966e3}\ not found.

File E:\MotorolaDeviceManagerSetup.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8dc21c9-94ad-11e0-abf1-c80aa9f966e3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8dc21c9-94ad-11e0-abf1-c80aa9f966e3}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8dc21c9-94ad-11e0-abf1-c80aa9f966e3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8dc21c9-94ad-11e0-abf1-c80aa9f966e3}\ not found.

File E:\TL_Bootstrap.exe not found.

C:\windows\SysWow64\sho13D1.tmp deleted successfully.

C:\windows\SysWow64\sho168C.tmp deleted successfully.

C:\windows\SysWow64\sho1EFB.tmp deleted successfully.

C:\windows\SysWow64\sho2B62.tmp deleted successfully.

C:\windows\SysWow64\sho2BC6.tmp deleted successfully.

C:\windows\SysWow64\sho2DDD.tmp deleted successfully.

C:\windows\SysWow64\sho3412.tmp deleted successfully.

C:\windows\SysWow64\sho342F.tmp deleted successfully.

C:\windows\SysWow64\sho40C2.tmp deleted successfully.

C:\windows\SysWow64\sho4568.tmp deleted successfully.

C:\windows\SysWow64\sho4E2F.tmp deleted successfully.

C:\windows\SysWow64\sho5384.tmp deleted successfully.

C:\windows\SysWow64\sho5A8B.tmp deleted successfully.

C:\windows\SysWow64\sho5C9B.tmp deleted successfully.

C:\windows\SysWow64\sho60B5.tmp deleted successfully.

C:\windows\SysWow64\sho683C.tmp deleted successfully.

C:\windows\SysWow64\sho6998.tmp deleted successfully.

C:\windows\SysWow64\sho6B3B.tmp deleted successfully.

C:\windows\SysWow64\sho7C14.tmp deleted successfully.

C:\windows\SysWow64\sho7F72.tmp deleted successfully.

C:\windows\SysWow64\sho83F0.tmp deleted successfully.

C:\windows\SysWow64\sho84BA.tmp deleted successfully.

C:\windows\SysWow64\sho89FE.tmp deleted successfully.

C:\windows\SysWow64\sho9972.tmp deleted successfully.

C:\windows\SysWow64\sho9984.tmp deleted successfully.

C:\windows\SysWow64\sho9E84.tmp deleted successfully.

C:\windows\SysWow64\shoA648.tmp deleted successfully.

C:\windows\SysWow64\shoA790.tmp deleted successfully.

C:\windows\SysWow64\shoAE47.tmp deleted successfully.

C:\windows\SysWow64\shoB2ED.tmp deleted successfully.

C:\windows\SysWow64\shoC901.tmp deleted successfully.

C:\windows\SysWow64\shoC917.tmp deleted successfully.

C:\windows\SysWow64\shoCC05.tmp deleted successfully.

C:\windows\SysWow64\shoE42A.tmp deleted successfully.

C:\windows\SysWow64\shoE7CD.tmp deleted successfully.

C:\windows\SysWow64\shoF297.tmp deleted successfully.

C:\windows\SysWow64\shoF57A.tmp deleted successfully.

C:\windows\SysWow64\shoF988.tmp deleted successfully.

C:\windows\msdownld.tmp folder deleted successfully.

ADS C:\ProgramData\TEMP:63238B95 deleted successfully.

========== FILES ==========

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Collin

->Temp folder emptied: 10894884 bytes

->Temporary Internet Files folder emptied: 367684602 bytes

->Java cache emptied: 198729321 bytes

->FireFox cache emptied: 75180248 bytes

->Google Chrome cache emptied: 36288029 bytes

->Flash cache emptied: 1397 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Guest

->Temp folder emptied: 37015331 bytes

->Temporary Internet Files folder emptied: 81385346 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 48815793 bytes

->Google Chrome cache emptied: 364696798 bytes

->Flash cache emptied: 13233 bytes

User: Mcx1-PC

->Temp folder emptied: 1252870 bytes

->Temporary Internet Files folder emptied: 908616333 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 53002 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,032.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 02052013_063323

Files\Folders moved on Reboot...

C:\Users\Collin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Users\Collin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{93D43445-33B5-4448-832E-0FAFE161486E}.tmp not found!

File\Folder C:\Users\Collin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9D11E7BD-BD5A-4DAE-8F32-EA4FD2F45C8E}.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Security Check log-

Results of screen317's Security Check version 0.99.57

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Kaspersky Anti-Virus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Java 6 Update 35

Java 7 Update 11

Adobe Flash Player 11.5.502.146

Adobe Reader XI

Mozilla Firefox (18.0.1)

Google Chrome 24.0.1312.56

Google Chrome 24.0.1312.57

````````Process Check: objlist.exe by Laurent````````

Kaspersky Lab Kaspersky Anti-Virus 2013 avp.exe

Kaspersky Lab Kaspersky Anti-Virus 2013 klwtblfs.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Go start > control panel > Uninstall a Program. Remove the following outdated version of Java Java™ 6 Update 35

Next,

Uninstall adwcleaner.exe

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

Next,

  • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
  • Double click OTC_Icon.jpg icon to start the program.
    If you are using Vista or Windows 7 accept UAC
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • This will remove tools we have used and itself.

Any tools/logs remaining on the Desktop can be deleted.

What is the status of your system, any remaining issues or concerns?

Kevin

Link to post
Share on other sites

You`re very welcome, if no issues here are some tips to reduce the potential for malware infection in the future:

Make proper use of your antivirus and firewall

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use WinPatrol from here http://www.winpatrol.com/download.html This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained here http://www.winpatrol.com/features.html

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)

If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

FireFox http://www.mozilla.com/en-US/,

Opera http://www.opera.com/, and

Chrome http://www.google.com/chrome.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer.

These browser add-ons will help to make your browser safer:

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for Firefox and Internet Explorer.

Green to go,

Yellow for caution, and

Red to stop.

Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:

http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm

Here a couple of links by two security experts that will give some excellent tips and advice.

So how did I get infected in the first place by Tony Klein

How to prevent Malware by Miekiemoes

Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

Are you OK for this to be marked up as solved...

Take care,

Kevin

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.