Jump to content

Recommended Posts

Hello, I tried running Malwarebytes and it found several threats which I removed, however Firefox still will pop up this website without me prompting despite Malwarebytes no reporting no threats. I followed the instructions and attached the two files from running dds.scr. If anyone could help me out I'd really appreciate it!

attach.txt

dds.txt

Link to post
Share on other sites

Hello Jahor and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall the following applications:

Ask Toolbar

Ask Toolbar Updater

AVG SafeGuard toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
Link to post
Share on other sites

And also I just saw not to attach the log files. Sorry about that.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.6 (08.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Mel on Thu 08/15/2013 at 10:52:00.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\iehelperv2.5.0.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0023410.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0023410.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0023410.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220222342210}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660266346610}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220222342210}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660266346610}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0023410.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0023410.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0023410.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660266346610}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660266346610}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1407BFBD-AC49-4D07-A96C-BCC3DB0F787E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{691566A9-CC31-4EE0-A6ED-9570F64A455E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6C4CFDFF-7E53-4045-A436-A8FAE44E1A1C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{691566A9-CC31-4EE0-A6ED-9570F64A455E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6C4CFDFF-7E53-4045-A436-A8FAE44E1A1C}



~~~ Files

Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"
Successfully deleted: [File] C:\Windows\syswow64\sho4067.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho44B6.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5051.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5224.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho7517.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoCE5E.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF88D.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\wecarereminder"
Successfully deleted: [Folder] "C:\Users\Mel\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\ProgramData\ask"



~~~ FireFox

Successfully deleted: [File] C:\Users\Mel\AppData\Roaming\mozilla\firefox\profiles\zh62mqi7.default\searchplugins\askcom.xml
Successfully deleted: [Folder] C:\Users\Mel\AppData\Roaming\mozilla\firefox\profiles\zh62mqi7.default\extensions\wecarereminder@bryan
Successfully deleted the following from C:\Users\Mel\AppData\Roaming\mozilla\firefox\profiles\zh62mqi7.default\prefs.js

user_pref("browser.search.order.1", "Ask.com");
user_pref("extensions.crossrider.bic", "13f72176922c1fd103d36ea761756122");
user_pref("extensions.crossriderapp23410.23410.InstallationThankYouPage", false);
user_pref("extensions.crossriderapp23410.23410.InstallationTime", 1372008704);
user_pref("extensions.crossriderapp23410.23410.active", true);
user_pref("extensions.crossriderapp23410.23410.addressbar", "");
user_pref("extensions.crossriderapp23410.23410.addressbarenhanced", "");
user_pref("extensions.crossriderapp23410.23410.asyncdb_dbWasSet", true);
user_pref("extensions.crossriderapp23410.23410.asyncinternaldb_dbWasSet", true);
user_pref("extensions.crossriderapp23410.23410.backgroundjs", "\n\n\n");
user_pref("extensions.crossriderapp23410.23410.backgroundver", 3);
user_pref("extensions.crossriderapp23410.23410.can_run_bg_code", true);
user_pref("extensions.crossriderapp23410.23410.certdomaininstaller", "");
user_pref("extensions.crossriderapp23410.23410.changeprevious", false);
user_pref("extensions.crossriderapp23410.23410.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
user_pref("extensions.crossriderapp23410.23410.cookie.InstallationTime.value", "1372008704");
user_pref("extensions.crossriderapp23410.23410.description", "Dimmer for YouTube removes annoyances and enhances your YouTube viewing experience.");
user_pref("extensions.crossriderapp23410.23410.domain", "");
user_pref("extensions.crossriderapp23410.23410.enablesearch", false);
user_pref("extensions.crossriderapp23410.23410.homepage", "");
user_pref("extensions.crossriderapp23410.23410.iframe", false);
user_pref("extensions.crossriderapp23410.23410.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
user_pref("extensions.crossriderapp23410.23410.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3Anull%2C%22installer_verifier%22%3Anull%7D");
user_pref("extensions.crossriderapp23410.23410.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
user_pref("extensions.crossriderapp23410.23410.internaldb.Resources_appVer.value", "36");
user_pref("extensions.crossriderapp23410.23410.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
user_pref("extensions.crossriderapp23410.23410.internaldb.Resources_lastVersion.value", "2");
user_pref("extensions.crossriderapp23410.23410.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
user_pref("extensions.crossriderapp23410.23410.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.crossriderapp23410.23410.internaldb.Resources_nextCheck.expiration", "Thu Aug 15 2013 15:38:49 GMT-0500 (Central Standard Time)");
user_pref("extensions.crossriderapp23410.23410.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.crossriderapp23410.23410.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
user_pref("extensions.crossriderapp23410.23410.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.crossriderapp23410.23410.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
user_pref("extensions.crossriderapp23410.23410.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
user_pref("extensions.crossriderapp23410.23410.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Daylight Time)");
user_pref("extensions.crossriderapp23410.23410.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3Anull%2C%22installer_verifier%22%3Anull%7D
user_pref("extensions.crossriderapp23410.23410.js", "\n\nappAPI.ready(function($)\n{\n    if (domain == 'content.bstcdn.com' || domain == 'media.bstcdn.com') return; // Avoid rec
user_pref("extensions.crossriderapp23410.23410.manifesturl", "");
user_pref("extensions.crossriderapp23410.23410.name", "Dimmer for YouTube");
user_pref("extensions.crossriderapp23410.23410.newtab", "");
user_pref("extensions.crossriderapp23410.23410.opensearch", "");
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return ap
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_1.name", "base");
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_1.ver", 6);
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelect
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_13.name", "CrossriderAppUtils");
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_13.ver", 3);
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_14.ver", 3);
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_16.name", "FFAppAPIWrapper");
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_16.ver", 7);

user_pref("extensions.crossriderapp23410.23410.plugins.plugin_17.name", "jQuery");
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_17.ver", 4);
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.d
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_21.name", "debug");
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_21.ver", 4);
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=fun
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_22.name", "resources");
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_22.ver", 4);
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferre
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_28.name", "initializer");
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_28.ver", 3);
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"unde
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_4.name", "jquery_1_7_1");
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_4.ver", 4);
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_47.name", "resources_background");
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_47.ver", 3);
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);}
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_64.name", "appApiMessage");
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_64.ver", 2);
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var d={WRONG_STRICT_VALUE:\"Parameter %PA
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_72.name", "appApiValidation");
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_72.ver", 3);
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAge
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_78.ver", 3);
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===t
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_98.name", "omniCommands");
user_pref("extensions.crossriderapp23410.23410.plugins.plugin_98.ver", 2);
user_pref("extensions.crossriderapp23410.23410.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98");
user_pref("extensions.crossriderapp23410.23410.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,28");
user_pref("extensions.crossriderapp23410.23410.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");

user_pref("extensions.crossriderapp23410.23410.pluginsversion", 5);
user_pref("extensions.crossriderapp23410.23410.publisher", "Ronald Bell");
user_pref("extensions.crossriderapp23410.23410.searchstatus", 0);
user_pref("extensions.crossriderapp23410.23410.setnewtab", false);
user_pref("extensions.crossriderapp23410.23410.thankyou", "");
user_pref("extensions.crossriderapp23410.23410.updateinterval", 360);
user_pref("extensions.crossriderapp23410.23410.ver", 36);
user_pref("extensions.crossriderapp23410.apps", "23410");
user_pref("extensions.crossriderapp23410.bic", "13f72176922c1fd103d36ea761756122");
user_pref("extensions.crossriderapp23410.cid", 23410);
user_pref("extensions.crossriderapp23410.firstrun", false);
user_pref("extensions.crossriderapp23410.hadappinstalled", true);
user_pref("extensions.crossriderapp23410.installationdate", 1372008704);
user_pref("extensions.crossriderapp23410.lastcheck", 22942959);
user_pref("extensions.crossriderapp23410.lastcheckitem", 22943029);
user_pref("extensions.crossriderapp23410.modetype", "production");
user_pref("extensions.crossriderapp23410.reportInstall", true);
user_pref("extensions.crossriderapp23410.statsDailyCounter", 180);
Emptied folder: C:\Users\Mel\AppData\Roaming\mozilla\firefox\profiles\zh62mqi7.default\minidumps [40 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/15/2013 at 10:58:32.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v2.306 - Logfile created 08/15/2013 at 10:59:51
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Mel - MBAUDHUIN11
# Boot Mode : Normal
# Running from : C:\Users\Mel\Desktop\AdwCleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Mel\AppData\Local\Temp\Uninstall.exe

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v23.0 (en-US)

File : C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\prefs.js

Deleted : user_pref("extensions.crossriderapp23410.23410.InstallationThankYouPage", false);
Deleted : user_pref("extensions.crossriderapp23410.23410.InstallationTime", 1376582376);
Deleted : user_pref("extensions.crossriderapp23410.23410.active", true);
Deleted : user_pref("extensions.crossriderapp23410.23410.addressbar", "");
Deleted : user_pref("extensions.crossriderapp23410.23410.addressbarenhanced", "");
Deleted : user_pref("extensions.crossriderapp23410.23410.asyncdb_dbWasSet", true);
Deleted : user_pref("extensions.crossriderapp23410.23410.asyncinternaldb_dbWasSet", true);
Deleted : user_pref("extensions.crossriderapp23410.23410.backgroundjs", "\n\n\n");
Deleted : user_pref("extensions.crossriderapp23410.23410.backgroundver", 3);
Deleted : user_pref("extensions.crossriderapp23410.23410.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp23410.23410.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp23410.23410.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp23410.23410.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp23410.23410.cookie.InstallationTime.value", "1376582376");
Deleted : user_pref("extensions.crossriderapp23410.23410.description", "Dimmer for YouTube removes annoyances [...]
Deleted : user_pref("extensions.crossriderapp23410.23410.domain", "");
Deleted : user_pref("extensions.crossriderapp23410.23410.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp23410.23410.homepage", "");
Deleted : user_pref("extensions.crossriderapp23410.23410.iframe", false);
Deleted : user_pref("extensions.crossriderapp23410.23410.internaldb.InstallerIdentifiers.expiration", "Fri Feb[...]
Deleted : user_pref("extensions.crossriderapp23410.23410.internaldb.InstallerIdentifiers.value", "%7B%22instal[...]
Deleted : user_pref("extensions.crossriderapp23410.23410.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp23410.23410.internaldb.Resources_appVer.value", "36");
Deleted : user_pref("extensions.crossriderapp23410.23410.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
Deleted : user_pref("extensions.crossriderapp23410.23410.internaldb.Resources_lastVersion.value", "2");
Deleted : user_pref("extensions.crossriderapp23410.23410.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp23410.23410.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp23410.23410.internaldb.Resources_nextCheck.expiration", "Thu Aug [...]
Deleted : user_pref("extensions.crossriderapp23410.23410.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp23410.23410.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp23410.23410.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp23410.23410.internaldb.installer.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp23410.23410.internaldb.installer.value", "%7B%22InstallerIdentifi[...]
Deleted : user_pref("extensions.crossriderapp23410.23410.js", "\n\nappAPI.ready(function($)\n{\n    if (domain ==[...]
Deleted : user_pref("extensions.crossriderapp23410.23410.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp23410.23410.name", "Dimmer for YouTube");
Deleted : user_pref("extensions.crossriderapp23410.23410.newtab", "");
Deleted : user_pref("extensions.crossriderapp23410.23410.opensearch", "");
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_1.ver", 6);
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_13.code", "(function(a){a.selectedText[...]
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_13.ver", 3);
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_14.ver", 3);
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_16.ver", 7);
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_17.ver", 4);
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_21.ver", 4);
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_22.ver", 4);
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_28.ver", 3);
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_4.ver", 4);
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_47.ver", 3);
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_64.code", "(function(){var j=\"__CR_EM[...]
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_64.ver", 2);
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_72.ver", 3);
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_78.name", "CrossriderInfo");
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_78.ver", 3);
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_98.code", "(function(){var b=\"cr_\"+a[...]
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_98.name", "omniCommands");
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins.plugin_98.ver", 2);
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98");
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,2[...]
Deleted : user_pref("extensions.crossriderapp23410.23410.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");

Deleted : user_pref("extensions.crossriderapp23410.23410.pluginsversion", 5);
Deleted : user_pref("extensions.crossriderapp23410.23410.publisher", "Ronald Bell");
Deleted : user_pref("extensions.crossriderapp23410.23410.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp23410.23410.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp23410.23410.thankyou", "");
Deleted : user_pref("extensions.crossriderapp23410.23410.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp23410.23410.ver", 36);
Deleted : user_pref("extensions.crossriderapp23410.apps", "23410");
Deleted : user_pref("extensions.crossriderapp23410.bic", "14082b41addfc35a883b17d57ea9de3f");
Deleted : user_pref("extensions.crossriderapp23410.cid", 23410);
Deleted : user_pref("extensions.crossriderapp23410.firstrun", false);
Deleted : user_pref("extensions.crossriderapp23410.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp23410.installationdate", 1376582376);
Deleted : user_pref("extensions.crossriderapp23410.lastcheck", 22943040);
Deleted : user_pref("extensions.crossriderapp23410.lastcheckitem", 22943040);
Deleted : user_pref("extensions.crossriderapp23410.modetype", "production");
Deleted : user_pref("extensions.crossriderapp23410.reportInstall", true);
Deleted : user_pref("extensions.crossriderapp23410.statsDailyCounter", 1);

*************************

AdwCleaner[s1].txt - [11655 octets] - [15/08/2013 10:59:52]

########## EOF - C:\AdwCleaner[s1].txt - [11716 octets] ##########
 

Link to post
Share on other sites

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites

OTL logfile created on: 8/15/2013 11:26:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mel\Desktop\otl
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 48.64% Memory free
7.60 Gb Paging File | 4.96 Gb Available in Paging File | 65.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.78 Gb Total Space | 164.54 Gb Free Space | 58.40% Space Free | Partition Type: NTFS
Drive D: | 16.02 Gb Total Space | 2.31 Gb Free Space | 14.42% Space Free | Partition Type: NTFS
 
Computer Name: MBAUDHUIN11 | User Name: Mel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/08/15 23:25:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mel\Desktop\otl\OTL.exe
PRC - [2013/08/08 08:43:30 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/06/21 18:35:02 | 027,995,640 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mel\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/06/13 10:58:09 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/02/05 10:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012/02/15 13:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/05/21 03:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/13 11:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 11:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/08/08 08:43:30 | 003,534,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/07/21 17:48:15 | 002,052,096 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/07/21 17:48:15 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/07/14 17:18:09 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dll
MOD - [2013/07/14 17:17:34 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/06/13 10:58:09 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013/04/15 17:56:17 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2013/03/13 15:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Mel\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/12/12 00:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/11/13 18:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Mel\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/10/05 05:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/10/05 05:53:24 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 18:58:12 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/05/19 12:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/05/19 12:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/05/19 12:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/17 17:54:20 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/08/08 08:43:30 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/13 10:58:10 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/05 10:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/02/15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/05/21 03:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/13 11:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/09/24 23:01:12 | 000,107,048 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2012/09/24 23:00:36 | 000,077,184 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2012/09/24 23:00:00 | 000,173,504 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2012/07/05 10:18:14 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2012/05/21 11:48:01 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/20 09:03:33 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012/01/08 17:05:25 | 000,096,376 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR210.SYS -- (SMR210)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/19 20:35:04 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/05/31 14:46:50 | 000,333,928 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/13 11:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/03 09:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/22 20:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/22 20:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/22 20:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/22 20:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 21:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/09/22 20:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{2BB459AD-96D1-41DB-8341-6B7ECA0EF910}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{691566A9-CC31-4EE0-A6ED-9570F64A455E}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6C4CFDFF-7E53-4045-A436-A8FAE44E1A1C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{AA73BA75-000B-49C7-9EFC-2699942F54FE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{2BB459AD-96D1-41DB-8341-6B7ECA0EF910}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{AA73BA75-000B-49C7-9EFC-2699942F54FE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1075073737-4268588676-2016920292-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-1075073737-4268588676-2016920292-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-1075073737-4268588676-2016920292-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1075073737-4268588676-2016920292-1000\..\SearchScopes\{2BB459AD-96D1-41DB-8341-6B7ECA0EF910}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1075073737-4268588676-2016920292-1000\..\SearchScopes\{8E0C2E18-48A4-4079-B8D9-08993BF328BD}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1075073737-4268588676-2016920292-1000\..\SearchScopes\{AA73BA75-000B-49C7-9EFC-2699942F54FE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-1075073737-4268588676-2016920292-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1075073737-4268588676-2016920292-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: extension23410%40extension23410.com:0.91.36
FF - prefs.js..extensions.enabledAddons: %7B22C7F6C6-8D67-4534-92B5-529A0EC09405%7D:6.8.0.1096
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.0.1802959\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension [2013/06/13 09:21:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2013/06/13 09:23:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/08 08:43:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/08 08:43:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/05/11 21:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mel\AppData\Roaming\Mozilla\Extensions
[2013/08/15 10:57:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions
[2013/06/27 10:22:50 | 000,000,000 | ---D | M] ("Dimmer for YouTube") -- C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com
[2013/06/27 10:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com\chrome
[2013/06/27 10:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com\defaults
[2013/06/27 10:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com\locale
[2013/06/27 10:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com\skin
[2013/06/27 10:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com\chrome\content\extensionCode
[2013/07/31 10:48:46 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/08/08 08:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/08 08:43:19 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/08 08:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/08 08:43:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/13 09:23:14 | 000,000,000 | ---D | M] (Trend Micro NSC Firefox Extension) -- C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20004\FXEXT\FIREFOXEXTENSION
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Mel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1075073737-4268588676-2016920292-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B072D3E5-B537-4E08-B4C9-3B385F6BC988}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3891d5f6-63ab-11e1-ada0-85c4d027c89e}\Shell - "" = AutoRun
O33 - MountPoints2\{3891d5f6-63ab-11e1-ada0-85c4d027c89e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/15 23:26:00 | 000,000,000 | ---D | C] -- C:\Users\Mel\Desktop\otl
[2013/08/15 10:51:55 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/13 18:04:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/08/13 18:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/08/12 19:53:00 | 000,000,000 | ---D | C] -- C:\Users\Mel\AppData\Roaming\Malwarebytes
[2013/08/12 19:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/12 19:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/12 19:52:43 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/08/12 19:52:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/12 19:52:32 | 000,000,000 | ---D | C] -- C:\Users\Mel\AppData\Local\Programs
[2013/08/08 08:43:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/07/20 08:27:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/15 23:22:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/15 21:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/15 11:18:38 | 000,023,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/15 11:18:38 | 000,023,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/15 11:01:55 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/15 10:52:20 | 000,666,633 | ---- | M] () -- C:\Users\Mel\Desktop\AdwCleaner.exe
[2013/08/15 10:47:12 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMel.job
[2013/08/15 09:45:15 | 000,870,158 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/15 09:45:15 | 000,718,928 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/15 09:45:15 | 000,138,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/12 19:52:49 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
 
========== Files Created - No Company Name ==========
 
[2013/08/15 10:52:20 | 000,666,633 | ---- | C] () -- C:\Users\Mel\Desktop\AdwCleaner.exe
[2013/08/12 19:52:49 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/20 14:07:53 | 000,000,570 | ---- | C] () -- C:\Users\Mel\AppData\Roaming\jahuwaldt.Digitizer.props
[2012/06/14 13:50:55 | 000,000,600 | ---- | C] () -- C:\Users\Mel\AppData\Roaming\winscp.rnd
[2012/05/24 09:15:56 | 000,233,525 | ---- | C] () -- C:\Windows\SysWow64\isutil.dll
[2012/05/24 09:15:55 | 000,000,271 | ---- | C] () -- C:\Windows\apptune.ini
[2012/03/14 13:08:31 | 000,000,987 | ---- | C] () -- C:\Users\Mel\.Xauthority
[2012/01/27 11:32:09 | 000,000,600 | ---- | C] () -- C:\Users\Mel\AppData\Local\PUTTY.RND
[2012/01/08 17:05:39 | 000,000,748 | ---- | C] () -- C:\Users\Mel\AppData\Roaming\SMRBackup210.dat
[2012/01/03 14:36:36 | 000,012,800 | ---- | C] () -- C:\Windows\DCEBoot64.exe
[2011/11/17 14:17:21 | 000,000,121 | ---- | C] () -- C:\Users\Mel\csd_licence.dat
[2011/05/11 21:49:19 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/09/26 22:21:03 | 000,000,000 | ---D | M] -- C:\Users\Mel\AppData\Roaming\Advanced Chemistry Development
[2013/05/09 15:13:09 | 000,000,000 | ---D | M] -- C:\Users\Mel\AppData\Roaming\Audacity
[2012/11/28 00:31:54 | 000,000,000 | ---D | M] -- C:\Users\Mel\AppData\Roaming\Blender Foundation
[2011/11/12 12:38:15 | 000,000,000 | ---D | M] -- C:\Users\Mel\AppData\Roaming\CCDC
[2013/08/15 15:10:14 | 000,000,000 | ---D | M] -- C:\Users\Mel\AppData\Roaming\Dropbox
[2011/09/25 19:13:51 | 000,000,000 | ---D | M] -- C:\Users\Mel\AppData\Roaming\SoftGrid Client
[2013/07/17 15:27:00 | 000,000,000 | ---D | M] -- C:\Users\Mel\AppData\Roaming\SyncTunesDesktop
[2013/03/29 16:48:34 | 000,000,000 | ---D | M] -- C:\Users\Mel\AppData\Roaming\texstudio
[2011/05/15 20:27:06 | 000,000,000 | ---D | M] -- C:\Users\Mel\AppData\Roaming\TP
[2011/06/02 23:07:54 | 000,000,000 | ---D | M] -- C:\Users\Mel\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 

< End of report >
 

 

OTL Extras logfile created on: 8/15/2013 11:26:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mel\Desktop\otl
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 48.64% Memory free
7.60 Gb Paging File | 4.96 Gb Available in Paging File | 65.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.78 Gb Total Space | 164.54 Gb Free Space | 58.40% Space Free | Partition Type: NTFS
Drive D: | 16.02 Gb Total Space | 2.31 Gb Free Space | 14.42% Space Free | Partition Type: NTFS
 
Computer Name: MBAUDHUIN11 | User Name: Mel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1075073737-4268588676-2016920292-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06BDADD3-A081-4FE3-8671-AE2C2734B4B7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1235862F-EA3E-4E68-8302-501D2ADCDAA0}" = rport=445 | protocol=6 | dir=out | app=system |
"{12CD4247-5D7E-487C-9649-CCF8E17209CA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FA9687A-F0B3-4C80-A64E-92C3D61C7C52}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{47C6B467-5798-43D3-92DF-B1AF6639A8DA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{56654662-AF32-41F1-9CC2-1D171D443195}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{569AAA31-997E-41C5-8B3A-369C4CB17DAB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{596250F9-15C0-45FE-B9A0-0AD07F57348A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5E3EE393-0AFB-460D-8114-C2B8B5B60E64}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{63E261D0-F767-4267-BEE5-9CDC64C842C2}" = lport=138 | protocol=17 | dir=in | app=system |
"{724980F7-3CD9-4250-950F-FBD1187DE002}" = rport=10243 | protocol=6 | dir=out | app=system |
"{75965039-F247-41D1-B3E6-7CE3DE496707}" = lport=139 | protocol=6 | dir=in | app=system |
"{7C5494E2-A567-4056-B362-DFB2808DA389}" = lport=137 | protocol=17 | dir=in | app=system |
"{8637B547-3FB1-4091-8638-93832CBB9506}" = lport=2869 | protocol=6 | dir=in | app=system |
"{91DBB39C-186A-43DB-8510-0F19991563B0}" = rport=139 | protocol=6 | dir=out | app=system |
"{934C8764-7C28-4448-8CB7-8A24E395C311}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{94034794-6651-4544-BCB7-66C055ECF250}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{97B6558A-0B27-4B51-B0E7-8B1EB3902FF3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A36B3ED-0097-4C69-8BAF-9AFC518737D6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA7118B7-1933-42C1-97CF-ACB94936AEDB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AF289DFE-416D-451B-97BC-941CF9AEECF8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D4EA1ECC-CE5B-402C-BBC7-B8CC9D3E01C7}" = rport=137 | protocol=17 | dir=out | app=system |
"{D7B28EC6-26BB-4E5A-983F-9B2363ED5D1B}" = rport=138 | protocol=17 | dir=out | app=system |
"{E38F0DE8-DFB2-450B-8B80-1629A7E2B2D1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FA20F492-B32E-4076-B280-C820B2F22328}" = lport=445 | protocol=6 | dir=in | app=system |
"{FBDE8A1E-639B-4D9A-98A3-7E931F722F70}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09E336DC-06CC-497E-8A69-D3B0A90E727E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0AABBC9A-9775-48D8-A84D-ED1E5E48CD77}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\math.exe |
"{0FC60B5F-07E7-4098-85D6-15C1C5CC6520}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathematica.exe |
"{11CFA687-0E83-461A-AE44-7B0596E5CA03}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathkernel.exe |
"{17C54433-52EE-4A58-AD90-F35F24B9FAFC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{20DEE802-BCED-4B3E-9158-3EE668B04764}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{2D130C8E-D523-4754-B561-406F59C167AE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{31F3D0E9-6748-46B9-BA2B-CEB33DF29EE9}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathkernel.exe |
"{340D1B06-7495-46E6-94FE-24B46073007F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{42BACB05-CB6B-49FC-B4DA-49218B2C3FD7}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{439543A5-29AA-40C0-BC02-B4C674B26EBB}" = protocol=6 | dir=out | app=system |
"{466AFBD6-F043-431C-8A8B-837A51A6F703}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4800FAEF-0C42-4B82-B5C9-39CC827A82B5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4F8C8074-A764-4273-90AA-421FF9D299CA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{50E5C03A-CC65-42CE-ACFE-CA62A5574F51}" = dir=in | app=c:\program files (x86)\the bit studio\synctunes desktop\synctunes.exe |
"{53FC6BB5-2ECF-44AD-96E4-9866CD7D679E}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\math.exe |
"{5F82327F-C875-404C-AFA9-9132B02F7D57}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{615EFDCE-B9B3-4E48-8C03-A11CC57AC732}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{62925FE5-CB86-404C-A5D7-6366C5A35520}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{62D2CF46-8521-4049-BF08-8406685F59CC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{650DCD98-612F-4480-9FBE-F30AF27EB7ED}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{68E09C05-AB15-473B-A7AC-8A44BEFCAA09}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B84D86D-109D-43B3-8692-1C1610BCFA44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6BE116F1-E8F4-450D-A015-06B3646CD5F6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7BA1BC4C-C39B-41EC-AB2F-3C6416D77577}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8091681B-BFE7-4DDA-A96B-AF803343CBA6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{8BBD552C-BFC7-4C85-B351-02BABDAC4833}" = protocol=6 | dir=in | app=c:\users\mel\appdata\roaming\dropbox\bin\dropbox.exe |
"{8DCD1C2B-2BE5-4A8B-A275-AD65974938B4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8EFC17FA-88AC-4EBF-BC71-1E829AA14B12}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{912C23A7-D1B4-4893-BA16-EEEEAD92E8A5}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{9339AD3F-04A5-4C8E-BFEC-0B4B2D35E7D4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{983896DF-D9DC-4ACF-ADB3-5BDE0FBC16F6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9D2A6209-72FD-4EC7-9739-11A1BEC5DA1B}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{A3EFBFD9-962E-412F-8FCA-7BE0386020FE}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{A6139E53-37D6-477F-8124-03E7EA757A49}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B02EC8DF-4CEC-4343-9E18-7150CD87BC2E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B176F370-A172-43C6-8DBE-204EA7FD54C1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B97DB68F-6EBD-4941-8716-209960A123E4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BABD1691-9BC3-4BC1-9ED6-25FF685C53B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BBA15FC0-718B-41D6-B448-161E5820A503}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CCE9FD66-63CA-4551-BF32-F5182E6458E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D9654705-A750-4CA3-AC8D-129AA7B149E6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DB5D807D-EF79-4FB7-8F34-19FDF4774E51}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DDAE4BE5-2F4D-4AD6-8557-17A4B518D974}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\8.0\mathematica.exe |
"{DF403C78-5A03-437B-8B94-24339CBA98BD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DFC55986-13B7-426E-8703-545E919E02CC}" = protocol=17 | dir=in | app=c:\users\mel\appdata\roaming\dropbox\bin\dropbox.exe |
"{E5C90AAC-0CD4-4968-8D91-9DB86E157252}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EEA33CD5-9F45-4C4D-91C1-1193EBB868B1}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{F73AD644-8F13-4896-8CDB-EC40C09C78D1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FE027894-0B5B-43C6-87B8-840BCC42166C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0BE6BEAC-99C6-4FBD-9AC5-4FC426DB35A1}C:\program files (x86)\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe |
"TCP Query User{16067BA0-9F52-4451-B82A-17E0E8999653}C:\program files (x86)\nx client for windows\bin\nxssh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nx client for windows\bin\nxssh.exe |
"TCP Query User{30A6762F-F6C5-4F88-840F-C78BEA8A6135}C:\program files (x86)\nx client for windows\nxclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nx client for windows\nxclient.exe |
"TCP Query User{83168B32-6D8C-4719-B710-902C6CF9E46D}C:\program files (x86)\nx client for windows\bin\nxssh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nx client for windows\bin\nxssh.exe |
"TCP Query User{96D35559-385A-4174-AB38-E36C27564070}C:\program files (x86)\nx client for windows\nxclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nx client for windows\nxclient.exe |
"TCP Query User{DE48696C-189F-4600-B3BF-1540CECAABCC}C:\program files (x86)\xming\xming.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xming\xming.exe |
"TCP Query User{EF12D756-21CC-4DC2-9E41-AFD167B39C60}C:\program files (x86)\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe |
"TCP Query User{FFC55E34-6A74-437C-95CD-EA658C305DBC}C:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe" = protocol=6 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe |
"UDP Query User{1837A5EC-E1E8-4962-85E3-17586CCE4E53}C:\program files (x86)\nx client for windows\nxclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nx client for windows\nxclient.exe |
"UDP Query User{206E40F4-3EF0-49EB-BCC0-688F44A38266}C:\program files (x86)\nx client for windows\bin\nxssh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nx client for windows\bin\nxssh.exe |
"UDP Query User{6E416482-EB18-4CD1-A5B4-99CF2CC6368B}C:\program files (x86)\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe |
"UDP Query User{7BEA48A7-B9EA-4011-B3B8-A7072C7C8B7B}C:\program files (x86)\xming\xming.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xming\xming.exe |
"UDP Query User{7F3B6B64-846B-479E-B85F-628B1CD7B0B0}C:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chem3d\chem3d.exe |
"UDP Query User{84B1AA13-36E9-4009-BE01-13CE38A5627C}C:\program files (x86)\nx client for windows\bin\nxssh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nx client for windows\bin\nxssh.exe |
"UDP Query User{9AFE00B4-A7C4-40CC-A77C-57C4D3435CA6}C:\program files (x86)\nx client for windows\nxclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nx client for windows\nxclient.exe |
"UDP Query User{C1ECC66E-7909-4AC0-8D5E-B869BF65B3C8}C:\program files (x86)\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java 6 Update 20 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium 2012
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD868C71-6CCF-42E2-B90D-0504AB0036FE}" = 64 Bit HP CIO Components Installer
"A-WIN-Extras 8.0.0 1802959_is1" = Mathematica Extras 8.0 (1802959)
"Blender" = Blender
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MiKTeX 2.9" = MiKTeX 2.9
"M-WIN-P 8.0.0 1803528_is1" = Wolfram Mathematica 8 (M-WIN-P 8.0.0 1803528)
"STATNOVAPDF_is1" = STATNOVAPDF (novaPDF Professional Server 5.4  printer)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A42832-B21A-4296-B5F4-D296D0BC4A3E}" = HP Quick Launch
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3AB4E8CB-3321-4D43-8A59-885338A6EBF9}" = STATISTICA 8.0.725.0 CS
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A14B3B7-5D71-4C3F-967B-50D6A42BF7F7}" = Synctunes Desktop
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{5C2F3077-DBF4-4931-8186-26A6161B29C3}" = CambridgeSoft ChemDraw ActiveX Enterprise Constant 12.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{685A89CB-DF27-42D6-A623-34F40DBBFFB2}" = Origin90
"{69ABD67D-5C2E-4724-B519-695DEF3EC23B}" = HP Documentation
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8C363CB9-9F31-4349-8491-762C42D3FDFB}" = CambridgeSoft Desktop Inventory 12.0
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{975C8028-51D8-44A9-9585-82E9810FE96A}" = hp LaserJet 1000
"{987F1753-1F42-4DF2-A5EA-0CCB777F3EB0}" = ASPCA Reminder by We-Care.com v4.0.19.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A1E1083D-249D-483C-AD92-CDCFA230A4C7}" = STATISTICA CambridgeSoft Integration
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (CSSQL05)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D06EF6C2-62D8-4308-897E-B20FE81712B4}" = CambridgeSoft ChemBioOffice Ultra 2010
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
"{E145D9BE-D521-4527-A85D-2B2D47725506}" = CambridgeSoft ChemScript 12.0
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client
"{ECE4289B-68C8-4D30-9C65-84CC2052CCFF}" = CambridgeSoft BioAssay 12.0
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F596E368-2A1D-4896-AB37-C81BFA4DD011}" = CambridgeSoft ENotebook 12.02
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"ACDLabs in C__ACDFREE12_" = ACD/Labs Software in C:\ACDFREE12\
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 2.0
"Dimmer for Youtube" = Dimmer for Youtube
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mercury 2.4" = Mercury
"MestReNova LITE" = MestReNova LITE 5.2.5-5780
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 23.0 (x86 en-US)" = Mozilla Firefox 23.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My HP Game Console" = HP Game Console
"nxclient_is1" = NX Client for Windows 3.5.0-7
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PuTTY_is1" = PuTTY version 0.62
"RMG" = RMG 3.3
"TeXstudio_is1" = TeXstudio 2.3
"VLC media player" = VideoLAN VLC media player 0.8.6f
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.8
"WT087328" = Blackhawk Striker 2
"WT087335" = Build-a-lot 2
"WT087342" = Dora's Carnival Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087373" = Jewel Quest 3
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087513" = Virtual Villagers - The Secret City
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"Xming_is1" = Xming-mesa 6.9.0.31
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1075073737-4268588676-2016920292-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/15/2013 6:35:01 PM | Computer Name = mbaudhuin11 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1123
 
Error - 8/15/2013 10:16:41 PM | Computer Name = mbaudhuin11 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 8/15/2013 10:16:41 PM | Computer Name = mbaudhuin11 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13301628
 
Error - 8/15/2013 10:16:41 PM | Computer Name = mbaudhuin11 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13301628
 
Error - 8/15/2013 10:16:43 PM | Computer Name = mbaudhuin11 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 8/15/2013 10:16:43 PM | Computer Name = mbaudhuin11 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13303266
 
Error - 8/15/2013 10:16:43 PM | Computer Name = mbaudhuin11 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13303266
 
Error - 8/15/2013 10:16:44 PM | Computer Name = mbaudhuin11 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 8/15/2013 10:16:44 PM | Computer Name = mbaudhuin11 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13304327
 
Error - 8/15/2013 10:16:44 PM | Computer Name = mbaudhuin11 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13304327
 
[ Hewlett-Packard Events ]
Error - 9/12/2012 9:39:46 AM | Computer Name = mbaudhuin11 | Source = HPSF.exe | ID = 4000
Description =
 
Error - 9/12/2012 9:39:47 AM | Computer Name = mbaudhuin11 | Source = HPSF.exe | ID = 4000
Description =
 
Error - 10/11/2012 12:32:49 PM | Computer Name = mbaudhuin11 | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087  Server stack trace:      at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
 methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
 message)    Exception rethrown at [0]  Message: The server did not provide a meaningful
 reply; this might be caused by a contract mismatch, a premature session shutdown
 or an internal server error.  StackTrace:  Server stack trace:      at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs, TimeSpan timeout)     at System.ServiceModel.Channels.ServiceChannel.Call(String
 action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
 outs)     at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
 methodCall, ProxyOperationRuntime operation)     at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
 message)    Exception rethrown at [0]:      at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
 reqMsg, IMessage retMsg)     at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
 msgData, Int32 type)     at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

   at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate()  Source: mscorlib

Name:
 HPSF.exe  Version: 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
 Framework\HPSF.exe  Format: en-US  RAM: 3893  Ram Utilization: 30  TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
 System.Runtime.Remoting.Messaging.IMessage)  
 
Error - 10/11/2012 12:39:19 PM | Computer Name = mbaudhuin11 | Source = HPSF.exe | ID = 4000
Description =
 
Error - 10/11/2012 12:39:19 PM | Computer Name = mbaudhuin11 | Source = HPSF.exe | ID = 4000
Description =
 
Error - 10/11/2012 12:39:19 PM | Computer Name = mbaudhuin11 | Source = HPSF.exe | ID = 4000
Description =
 
Error - 10/11/2012 12:39:19 PM | Computer Name = mbaudhuin11 | Source = HPSF.exe | ID = 4000
Description =
 
Error - 10/11/2012 12:39:37 PM | Computer Name = mbaudhuin11 | Source = HPSF.exe | ID = 4000
Description =
 
Error - 11/30/2012 6:29:27 PM | Computer Name = mbaudhuin11 | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3893
Ram
 Utilization: 40  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

 
Error - 11/30/2012 7:29:46 PM | Computer Name = mbaudhuin11 | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3893
Ram
 Utilization: 30  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

 
[ HP Software Framework Events ]
Error - 9/6/2012 12:16:12 PM | Computer Name = mbaudhuin11 | Source = CaslWmi | ID = 5
Description = 2012/09/06 11:16:12.240|00001498|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 9/6/2012 12:17:43 PM | Computer Name = mbaudhuin11 | Source = CaslWmi | ID = 5
Description = 2012/09/06 11:17:43.546|00001134|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 9/12/2012 9:45:17 AM | Computer Name = mbaudhuin11 | Source = CaslWmi | ID = 5
Description = 2012/09/12 08:45:17.634|000016F4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 9/13/2012 12:12:44 PM | Computer Name = mbaudhuin11 | Source = CaslWmi | ID = 5
Description = 2012/09/13 11:12:44.797|00001C78|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 9/20/2012 2:52:40 PM | Computer Name = mbaudhuin11 | Source = CaslWmi | ID = 5
Description = 2012/09/20 13:52:40.402|00001864|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 9/27/2012 11:31:18 AM | Computer Name = mbaudhuin11 | Source = CaslWmi | ID = 5
Description = 2012/09/27 10:31:18.633|00000098|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10/4/2012 12:04:40 PM | Computer Name = mbaudhuin11 | Source = CaslWmi | ID = 5
Description = 2012/10/04 11:04:40.279|00000C24|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10/11/2012 12:32:49 PM | Computer Name = mbaudhuin11 | Source = CaslWmi | ID = 5
Description = 2012/10/11 11:32:49.508|00001ECC|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10/11/2012 12:39:05 PM | Computer Name = mbaudhuin11 | Source = CaslWmi | ID = 5
Description = 2012/10/11 11:39:05.265|00000A28|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 11/1/2012 1:39:59 PM | Computer Name = mbaudhuin11 | Source = CaslWmi | ID = 5
Description = 2012/11/01 12:39:59.791|00000EC4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
[ HP Wireless Assistant Events ]
Error - 5/11/2011 9:47:08 PM | Computer Name = mbaudhuin11 | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
 (Exception from HRESULT: 0x800706BA)    at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     at System.Management.ManagementScope.InitializeGuts(Object
 o)     at System.Management.ManagementScope.Initialize()     at System.Management.ManagementObject.Initialize(Boolean
 getObject)     at System.Management.ManagementBaseObject.get_Properties()     at System.Management.ManagementBaseObject.GetPropertyValue(String
 propertyName)     at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 5/11/2011 9:47:18 PM | Computer Name = mbaudhuin11 | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
 (Exception from HRESULT: 0x800706BA)    at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     at System.Management.ManagementScope.InitializeGuts(Object
 o)     at System.Management.ManagementScope.Initialize()     at System.Management.ManagementObject.Initialize(Boolean
 getObject)     at System.Management.ManagementBaseObject.get_Properties()     at System.Management.ManagementBaseObject.GetPropertyValue(String
 propertyName)     at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 5/11/2011 9:47:29 PM | Computer Name = mbaudhuin11 | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
 (Exception from HRESULT: 0x800706BA)    at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     at System.Management.ManagementScope.InitializeGuts(Object
 o)     at System.Management.ManagementScope.Initialize()     at System.Management.ManagementObject.Initialize(Boolean
 getObject)     at System.Management.ManagementBaseObject.get_Properties()     at System.Management.ManagementBaseObject.GetPropertyValue(String
 propertyName)     at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 1/20/2012 10:07:20 AM | Computer Name = mbaudhuin11 | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597    at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
 radioList)     at HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 2/4/2012 12:53:59 AM | Computer Name = mbaudhuin11 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Unexpected error     at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName)

   at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1 radios)    
 at HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 3/1/2012 10:34:42 AM | Computer Name = mbaudhuin11 | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.  
  at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)
 
Error - 3/3/2012 11:55:26 AM | Computer Name = mbaudhuin11 | Source = HP WA Service | ID = 0
Description = System.Management.ManagementException Unexpected error     at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
 errorCode)     at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

   at HPPA_Service.CurrentConfiguration.FindDevice(String hostPath, String portName)

   at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1 radios)    
 at HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 7/30/2012 5:42:23 PM | Computer Name = mbaudhuin11 | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
 message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))    at
 System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
 IntPtr errorInfo)     at System.Management.ManagementScope.InitializeGuts(Object
o)     at System.Management.ManagementScope.Initialize()     at System.Management.ManagementObjectSearcher.Initialize()

   at System.Management.ManagementObjectSearcher.Get()     at HPPA_Service.CurrentConfiguration.FindDevice(String
 hostPath, String portName)     at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1
 radios)     at HPPA_Service.CurrentConfiguration.ReloadRadioList()
 
Error - 7/10/2013 5:00:09 PM | Computer Name = mbaudhuin11 | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.  
  at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)
 
Error - 7/14/2013 6:11:45 PM | Computer Name = mbaudhuin11 | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.  
  at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)
 
 
< End of report >
 

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    IE:64bit: - HKLM\..\SearchScopes\{6C4CFDFF-7E53-4045-A436-A8FAE44E1A1C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

    FF - prefs.js..extensions.enabledAddons: extension23410%40extension23410.com:0.91.36

    [2013/06/27 10:22:50 | 000,000,000 | ---D | M] ("Dimmer for YouTube") -- C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com

    [2013/06/27 10:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com\chrome

    [2013/06/27 10:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com\defaults

    [2013/06/27 10:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com\locale

    [2013/06/27 10:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com\skin

    [2013/06/27 10:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com\chrome\content\extensionCode

    :files

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

    [clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
Link to post
Share on other sites

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6C4CFDFF-7E53-4045-A436-A8FAE44E1A1C}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C4CFDFF-7E53-4045-A436-A8FAE44E1A1C}\ not found.
Prefs.js: extension23410%40extension23410.com:0.91.36 removed from extensions.enabledAddons
C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com\skin folder moved successfully.
C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com\locale\en-US folder moved successfully.
C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com\locale folder moved successfully.
C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com\defaults\preferences folder moved successfully.
C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com\defaults folder moved successfully.
C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com\chrome\content\extensionCode folder moved successfully.
C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com\chrome\content\core folder moved successfully.
C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com\chrome\content\api folder moved successfully.
C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com\chrome\content folder moved successfully.
C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com\chrome folder moved successfully.
C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com folder moved successfully.
Folder C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com\chrome\ not found.
Folder C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com\defaults\ not found.
Folder C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com\locale\ not found.
Folder C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com\skin\ not found.
Folder C:\Users\Mel\AppData\Roaming\Mozilla\Firefox\Profiles\zh62mqi7.default\extensions\extension23410@extension23410.com\chrome\content\extensionCode\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Mel\Desktop\otl\cmd.bat deleted successfully.
C:\Users\Mel\Desktop\otl\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 119715 bytes
->Temporary Internet Files folder emptied: 50245 bytes
->FireFox cache emptied: 30344904 bytes
->Flash cache emptied: 611 bytes
 
User: Mel
->Temp folder emptied: 12955529 bytes
->Temporary Internet Files folder emptied: 2219524 bytes
->Java cache emptied: 6321990 bytes
->FireFox cache emptied: 136494293 bytes
->Flash cache emptied: 4158 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74148675 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42331328 bytes
RecycleBin emptied: 1904485 bytes
 
Total Files Cleaned = 293.00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 08162013_074243

Files\Folders moved on Reboot...
File\Folder C:\Users\Mel\AppData\Local\Temp\OICE_712DCFC2-626A-43D5-B7BB-641776230420.0\A240F32D. not found!
File\Folder C:\Users\Mel\AppData\Local\Temp\OICE_246D884B-C382-46DF-A522-6EDF47D25C24.0\47BA1790. not found!
File\Folder C:\Users\Mel\AppData\Local\Temp\OICE_0231D47A-A592-417A-98D9-36C7E5087502.0\1E8B109D. not found!
C:\Users\Mel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Mel\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

Link to post
Share on other sites

About your low perfomance, take a look here:

http://forums.malwarebytes.org/index.php?showtopic=81990

Step 1

Please run OTL and click on CleanUp

Step 2

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.