krwebber53 Posted November 29, 2013 ID:759230 Share Posted November 29, 2013 DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2Run by webberk at 13:30:32 on 2013-11-29Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.5861.3651 [GMT -6:00].AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\DisplayLink Core Software\DisplayLinkManager.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exeC:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Application Updater\ApplicationUpdater.exeC:\Program Files (x86)\AVG\AVG2014\avgfws.exeC:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exeC:\Windows\system32\taskeng.exeC:\Program Files\DisplayLink Core Software\DisplayLinkUI.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files (x86)\FileZilla Server\FileZilla Server.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Seagate\Seagate_Media\Sync\MediaAggreService.exeC:\ProgramData\Premium\SaveAs\SaveAs.exeC:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exeC:\Program Files\Siber Systems\GoodSync\Gs-Server.exeC:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exeC:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exeC:\Windows\System32\igfxtray.exeC:\Program Files\Logitech\SetPointP\SetPoint.exeC:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\GPSoftware\Directory Opus\dopusrt.exeC:\Program Files (x86)\Quicken\bagent.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeC:\Users\webberk\AppData\Local\Akamai\netsession_win.exeC:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exeC:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter.exeC:\Program Files (x86)\Samsung\Kies\Kies.exeC:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeC:\Program Files (x86)\Livedrive\Livedrive.exeC:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exeC:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exeC:\Program Files (x86)\LogMeIn\x64\RaMaint.exeC:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exeC:\Program Files (x86)\Digsby\lib\digsby-app.exeC:\Users\webberk\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exeC:\Users\webberk\AppData\Local\Akamai\netsession_win.exeC:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXEC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\adobe\Acrobat 10.0\Acrobat\acrotray.exeC:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter64.exeC:\Program Files (x86)\AVG\AVG2014\avgui.exeC:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exeC:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exeC:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exeC:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exeC:\Program Files (x86)\Real\RealPlayer\Update\realsched.exeC:\Program Files (x86)\Seagate\Seagate_Media\AgrregationStatus\stxmediamenumgr.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\itunes\iTunesHelper.exeC:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exeC:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exeC:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exeC:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exeC:\Program Files (x86)\Actual Window Manager\ActualWindowManagerShellCenter64.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exeC:\Windows\SysWOW64\NLSSRV32.EXEC:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exeC:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exeC:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exeC:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k imgsvcC:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exeC:\Windows\SysWOW64\vmnat.exeC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files (x86)\LogMeIn\x64\LogMeIn.exeC:\Program Files (x86)\VMware\VMware Player\vmware-authd.exeC:\Windows\SysWOW64\vmnetdhcp.exeC:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\loggingserver.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exeC:\PROGRAM FILES (X86)\NETGEAR\STORA DESKTOP APPLICATIONS\HIPSERVAGENT\HIPSERVAGENT.EXEC:\Program Files\GPSoftware\Directory Opus\dopus.exeC:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.3\iobitappsToolbarIE.dlluURLSearchHooks: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc2.dlluURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dlluURLSearchHooks: <No Name>: {f15ff29f-85a1-43cd-9674-e5ba40016c97} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dlluURLSearchHooks: {93a3111f-4f74-4ed8-895e-d9708497629e} - <orphaned>mURLSearchHooks: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc2.dlldURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dlldURLSearchHooks: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - <orphaned>dURLSearchHooks: <No Name>: {f15ff29f-85a1-43cd-9674-e5ba40016c97} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dlldURLSearchHooks: {93a3111f-4f74-4ed8-895e-d9708497629e} - <orphaned>BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dllBHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dllBHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.3\iobitappsToolbarIE.dllBHO: Search Assistant BHO: {0631bff0-6846-48ca-982d-d62d7f376e97} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vSrcAs.dllBHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dllBHO: Toolbar BHO: {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dllBHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dllBHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dllBHO: Startpage24 Browser Helper: {BBD43808-9D13-4B0B-B023-178FD1FAE442} - C:\ProgramData\Startpage24\Plugin\link64_plugin.dllBHO: Toolbar BHO: {beea7fa9-d1f4-49a2-9b1f-6fb7a2d9bc2a} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbar.dllBHO: Search Assistant BHO: {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dllBHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dllBHO: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc2.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\java\jre7\bin\jp2ssv.dllBHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllTB: IncrediMail MediaBar 2 Toolbar: {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc2.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: VideoDownloadConverter: {48586425-6BB7-4F51-8DC6-38C88E3EBB58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dllTB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dllTB: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc2.dllTB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: DailyBibleGuide: {2a942ab7-2073-49bc-a7e1-77e93835889a} - C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\2vbar.dllTB: VideoDownloadConverter: {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dllTB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.3\iobitappsToolbarIE.dlluRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [Directory Opus Desktop Dblclk] "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclkuRun: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exeuRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeuRun: [FA82178918DCCA1C45348F45238FC204F7277D5F._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=serviceuRun: [Akamai NetSession Interface] "C:\Users\webberk\AppData\Local\Akamai\netsession_win.exe"uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStartuRun: [Actual Window Manager] c:\program files (x86)\actual window manager\actualwindowmanagercenter.exeuRun: [ActualWindowManagerCenter.exe] c:\program files (x86)\actual window manager\actualwindowmanagercenter.exeuRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preloaduRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exeuRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeuRun: [Livedrive] "C:\Program Files (x86)\Livedrive\Livedrive.exe" /setupuRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startupuRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_uimRun: [VideoDownloadConverter Search Scope Monitor] "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /hmRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLYmRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exemRun: [DiscWizardMonitor.exe] "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exemRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osbootmRun: [FreeAgentTheaterTrayIcon] "C:\Program Files (x86)\Seagate\Seagate_Media\AgrregationStatus\StxMediaMenuMgr.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"dRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"dRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStartStartupFolder: C:\Users\webberk\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Digsby.lnk - C:\Program Files (x86)\Digsby\digsby.exeStartupFolder: C:\Users\webberk\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\webberk\AppData\Roaming\Dropbox\bin\Dropbox.exeStartupFolder: C:\Users\webberk\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: EnableShellExecuteHooks = dword:1mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlIE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htmIE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htmIE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htmIE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htmIE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.htmlIE: RoboForm Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.htmlIE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\microsoft office\Office12\ONBttnIE.dllIE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllIE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllIE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dllIE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.htmlLSP: %windir%\system32\vsocklib.dll.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = 207.203.159.23 205.172.132.23TCP: Interfaces\{6BAB9BC1-F74C-4B1F-9E36-170D3EE9BE46} : NameServer = 205.152.144.23,205.152.37.23TCP: Interfaces\{6BAB9BC1-F74C-4B1F-9E36-170D3EE9BE46} : DHCPNameServer = 207.203.159.23 205.172.132.23Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dllHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dllHandler: startpage24 - {879506D7-73DF-8D45-BBDD-123467926D12} - C:\ProgramData\Startpage24\Plugin\link64_plugin.dllHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.3\ViProtocol.dllSSODL: WebCheck - <orphaned>SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dllSTS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dllSEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllSEH: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dllmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dllx64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dllx64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dllx64-BHO: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - <orphaned>x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: BrowserHelper Class: {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files (x86)\Livedrive\ExplorerExtensions.dllx64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dllx64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.3\iobitappsToolbarIE64.dllx64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGamingx64-Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startupx64-Run: [seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dllx64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dllx64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dllx64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>x64-Handler: startpage24 - {879506D7-73DF-8D45-BBDD-123467926D12} - <orphaned>x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dllx64-Notify: igfxcui - igfxdev.dllx64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllx64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dllx64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dllx64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dllx64-SEH: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll.================= FIREFOX ===================.FF - ProfilePath - C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - BingFF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dllFF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\npsitesafety.dllFF - plugin: C:\Program Files (x86)\DailyBibleGuide\bar\1.bin\NP2vStub.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dllFF - plugin: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dllFF - plugin: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dllFF - plugin: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dllFF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dllFF - plugin: C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dllFF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dllFF - plugin: C:\ProgramData\Startpage24\Plugin\firefox\plugins\nplink64.dllFF - plugin: C:\ProgramData\Startpage24\Plugin\nplink64chrome.dllFF - plugin: C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dllFF - plugin: C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\extensions\LogMeInClient@logmein.com\plugins\npLMI64.dllFF - plugin: C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dllFF - plugin: C:\Windows\SysWOW64\npdeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dllFF - ExtSQL: 2013-10-10 04:55; ascsurfingprotection@iobit.com; C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\extensions\ascsurfingprotection@iobit.comFF - ExtSQL: !HIDDEN! 2012-07-21 08:56; 2vffxtbr@DailyBibleGuide.com; C:\Program Files (x86)\DailyBibleGuide\bar\1.binFF - ExtSQL: !HIDDEN! 2012-10-24 09:12; 4zffxtbr@VideoDownloadConverter_4z.com; C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.binFF - ExtSQL: !HIDDEN! 2012-11-26 22:38; infoatoms@infoatoms.com; C:\Program Files (x86)\mozilla firefox\extensions\infoatoms@infoatoms.com.---- FIREFOX POLICIES ----FF - user.js: yahoo.ytff.general.dontshowhpoffer - trueFF - user.js: network.http.pipelining.maxrequests - 8FF - user.js: network.http.request.max-start-delay - 0FF - user.js: network.http.max-connections - 48FF - user.js: network.http.max-connections-per-server - 16FF - user.js: network.http.max-persistent-connections-per-proxy - 16FF - user.js: network.http.max-persistent-connections-per-server - 8FF - user.js: browser.turbo.enabled - trueFF - user.js: browser.display.show_image_placeholders - trueFF - user.js: browser.chrome.favicons - falseFF - user.js: browser.urlbar.autocomplete.enabled - trueFF - user.js: browser.cache.memory.capacity - 65536FF - user.js: content.notify.ontimer - trueFF - user.js: content.interrupt.parsing - trueFF - user.js: content.max.tokenizing.time - 2250000FF - user.js: content.switch.threshold - 750000FF - user.js: plugin.expose_full_path - trueFF - user.js: ui.submenuDelay - 0FF - user.js: extentions.webcake.installId - 1da09ee7-d43f-4628-98db-bf4ad1f56847FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc.============= SERVICES / DRIVERS ===============.R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]R0 dlkmdldr;dlkmdldr;C:\Windows\System32\drivers\dlkmdldr.sys [2013-11-15 15664]R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-10-10 17720]R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2013-5-16 210016]R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2013-5-16 141920]R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-6-5 70296]R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 57144]R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-26 46368]R1 CbFs;CbFs;C:\Windows\System32\drivers\cbfs.sys [2012-9-4 191960]R1 cbfs3;cbfs3;C:\Windows\System32\drivers\cbfs3.sys [2013-3-27 352008]R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-24 574272]R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-11-27 807800]R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2013-9-24 1358944]R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-6-5 87400]R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2013-10-7 9281840]R2 FreeAgentTheater Service;Seagate Media;C:\Program Files (x86)\Seagate\Seagate_Media\Sync\MediaAggreService.exe [2012-12-20 237248]R2 GsServer;GoodSync Server;C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [2013-5-21 5825168]R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-2-4 821592]R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-10-1 376144]R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2008-8-11 16056]R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2009-12-7 72216]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-7 701512]R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-4-6 25824]R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-7-31 137528]R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2011-12-20 68896]R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2013-4-24 483864]R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-10-2 65657]R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-11-3 8704]R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-6-30 1191408]R2 VideoDownloadConverter_4zService;VideoDownloadConverterService;C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe [2012-10-24 42504]R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]R2 vToolbarUpdater17.1.3;vToolbarUpdater17.1.3;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [2013-11-20 1643696]R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]R3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.4.51572.0.sys [2013-10-8 46384]R3 dlkmd;dlkmd;C:\Windows\System32\drivers\dlkmd.sys [2013-11-15 388912]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-1-3 70168]R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-7 25928]R3 SndTAudio;SndTAudio;C:\Windows\System32\drivers\SndTAudio.sys [2011-1-19 33336]S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 LivedriveVSSService;Livedrive VSS Service;C:\Program Files (x86)\Livedrive\VSSService.exe [2013-7-29 210584]S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-7 418376]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-20 103576]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2009-12-1 61280]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\windows live\Family Safety\fsssvc.exe [2009-8-5 704864]S3 GSService;GSService;C:\Windows\SysWOW64\GSService.exe [2013-2-13 403832]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-18 111616]S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]S3 SMServer;SMServer;C:\Windows\SysWOW64\snmvtsvc.exe [2011-1-19 245760]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-8-20 204568]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]S3 STSService;STSService;C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe [2010-4-12 344064]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-5 59392]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-20 1255736]S4 DailyBibleGuideService;DailyBibleGuideService;C:\PROGRA~2\DAILYB~2\bar\1.bin\2vbarsvc.exe [2012-7-21 42504]S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464].=============== File Associations ===============.ShellExec: Sidebar.exe: open=C:\Program Files (x86)\Windows Sidebar\Sidebar.exe.=============== Created Last 30 ================.2013-11-28 15:44:01 -------- d-----w- C:\Program Files (x86)\IObit Apps Toolbar2013-11-28 15:44:01 -------- d-----w- C:\Program Files (x86)\Application Updater2013-11-15 15:47:15 388912 ----a-w- C:\Windows\System32\drivers\dlkmd.sys2013-11-15 15:47:15 15664 ----a-w- C:\Windows\System32\drivers\dlkmdldr.sys2013-11-15 15:06:12 1930752 ----a-w- C:\Windows\System32\authui.dll2013-11-15 15:06:11 197120 ----a-w- C:\Windows\System32\credui.dll2013-11-15 15:06:11 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll2013-11-15 15:06:11 1796096 ----a-w- C:\Windows\SysWow64\authui.dll2013-11-15 15:06:11 168960 ----a-w- C:\Windows\SysWow64\credui.dll2013-11-15 15:06:11 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll2013-11-13 22:41:14 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-11-10 04:56:40 -------- d-----w- C:\Signs22013-11-06 03:55:48 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys2013-11-05 03:52:42 240920 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys2013-11-04 16:23:49 -------- d-----w- C:\ProgramData\Oracle2013-11-04 16:23:25 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-11-01 05:00:18 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys2013-11-01 04:49:46 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys.==================== Find3M ====================.2013-11-22 14:20:28 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-11-22 14:20:28 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-11-20 15:57:23 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys2013-10-31 13:40:24 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll2013-10-31 13:40:23 92488 ----a-w- C:\Windows\System32\LMIinit.dll2013-10-31 13:40:23 35656 ----a-w- C:\Windows\System32\LMIport.dll2013-10-25 04:25:58 194872 ----a-w- C:\Windows\System32\drivers\avgidsha.sys2013-10-20 13:59:03 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL2013-10-10 19:35:10 9584 ----a-w- C:\Windows\SysWow64\ractrlkeyhook.dll2013-10-10 17:00:13 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll2013-10-10 17:00:13 259584 ----a-w- C:\Windows\System32\WebClnt.dll2013-10-10 17:00:13 205824 ----a-w- C:\Windows\SysWow64\WebClnt.dll2013-10-10 17:00:13 140800 ----a-w- C:\Windows\System32\drivers\mrxdav.sys2013-10-10 17:00:13 102400 ----a-w- C:\Windows\System32\davclnt.dll2013-10-10 16:58:46 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-10-10 16:58:45 327168 ----a-w- C:\Windows\System32\mswsock.dll2013-10-10 16:58:45 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll2013-10-10 16:58:20 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys2013-10-08 20:02:12 46384 ----a-w- C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.4.51572.0.sys2013-10-08 20:02:10 947200 ----a-w- C:\Windows\System32\DisplayLinkUsbCo64_7.4.51572.0.dll2013-10-07 10:43:24 1227056 ----a-w- C:\Windows\System32\dlumd9.dll2013-10-07 10:43:24 1227056 ----a-w- C:\Windows\System32\dlumd64.dll2013-10-07 10:43:24 1227056 ----a-w- C:\Windows\System32\dlumd11.dll2013-10-07 10:43:24 1227056 ----a-w- C:\Windows\System32\dlumd10.dll2013-10-07 10:43:22 1010480 ----a-w- C:\Windows\SysWow64\dlumd9.dll2013-10-07 10:43:22 1010480 ----a-w- C:\Windows\SysWow64\dlumd32.dll2013-10-07 10:43:22 1010480 ----a-w- C:\Windows\SysWow64\dlumd11.dll2013-10-07 10:43:22 1010480 ----a-w- C:\Windows\SysWow64\dlumd10.dll2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll2013-10-01 06:52:08 123704 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys2013-09-26 14:44:54 57144 ----a-w- C:\Windows\System32\drivers\avgfwd6a.sys2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe2013-09-15 18:20:22 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll2013-09-15 18:20:22 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll2013-09-10 06:43:02 31544 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2012-01-10 20:36:38 4763456 ----a-w- C:\Program Files (x86)\procexp.exe.============= FINISH: 13:30:53.15 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2Install Date: 11/30/2009 2:09:53 PMSystem Uptime: 11/29/2013 11:55:31 AM (2 hours ago).Motherboard: LENOVO | | LENOVOProcessor: Intel® Core2 Duo CPU E6750 @ 2.66GHz | LGA 775 | 2667/333mhz.==== Disk Partitions =========================.A: is RemovableC: is FIXED (NTFS) - 898 GiB total, 726.848 GiB free.D: is CDROM ()E: is FIXED (NTFS) - 2794 GiB total, 2568.517 GiB free.L: is FIXED (NTFS) - 898 GiB total, 726.848 GiB free..==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Intel® 82566DM-2 Gigabit Network ConnectionDevice ID: PCI\VEN_8086&DEV_10BD&SUBSYS_303817AA&REV_02\3&18D45AA6&0&C8Manufacturer: IntelName: Intel® 82566DM-2 Gigabit Network ConnectionPNP Device ID: PCI\VEN_8086&DEV_10BD&SUBSYS_303817AA&REV_02\3&18D45AA6&0&C8Service: e1express.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Cisco Systems VPN Adapter for 64-bit WindowsDevice ID: ROOT\NET\0000Manufacturer: Cisco SystemsName: Cisco Systems VPN Adapter for 64-bit WindowsPNP Device ID: ROOT\NET\0000Service: CVirtA.Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}Description: HID-compliant mouseDevice ID: HID\VID_046D&PID_C52B&MI_01&COL01\7&79E838D&0&0000Manufacturer: MicrosoftName: HID-compliant mousePNP Device ID: HID\VID_046D&PID_C52B&MI_01&COL01\7&79E838D&0&0000Service: mouhid.==== System Restore Points ===================.RP656: 10/20/2013 1:31:04 PM - Scheduled CheckpointRP657: 10/28/2013 12:00:11 AM - Scheduled CheckpointRP658: 11/4/2013 10:21:24 AM - Installed Java 7 Update 45RP659: 11/5/2013 2:17:40 PM - Installed ClienteleRP660: 11/13/2013 6:55:38 PM - Scheduled CheckpointRP661: 11/15/2013 9:03:53 AM - Windows Modules InstallerRP662: 11/15/2013 9:31:22 AM - Windows UpdateRP663: 11/18/2013 9:37:31 AM - Windows UpdateRP664: 11/25/2013 7:19:37 PM - Scheduled Checkpoint.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)7-Zip 9.20 (x64 edition)Actual Window Manager 7.5.1ACUCOBOL-GT Thin Client 8.1.2ACUCOBOL-GT Thin Client 8.1.3ACUCOBOL-GT Thin Client 9.1.2Adobe Acrobat X ProAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XI (11.0.05)Advanced SystemCare 6Agent Ransack 2010 (64-bit)Akamai NetSession InterfaceAndroid SDK ToolsAnswerWorks 5.0 English RuntimeAnyDVDAnyMedia Player 3.4.0Apple Application SupportApple Mobile Device SupportApple Software UpdateASPCA Reminder by We-Care.com v4.1.22.1Aspi InstallerAudacity 2.0.3Audible Download ManagerAura DVD Copy 1.3.2Aura DVD Ripper for iPod 1.3.5Aura DVD Ripper Professional 1.3.9Aura Flash to Video Converter 1.1.0Aura Software Manager 1.0.3Aura Video Converter 1.6.0Aura Video Converter Professional 1.3.9Aura Video Editor 1.0.8Aura YouTube Downloader 1.0.8Auslogics Duplicate File FinderAVG 2014AVG SafeGuard toolbarAVS Audio Converter 7AVS Audio Editor 7.1AVS Audio Recorder version 4.0AVS Cover Editor 2.0.1.3AVS Disc Creator 5AVS Document Converter 2.2.3AVS DVD Copy 4.1.2.283AVS Image Converter 2.2.2.218AVS Media Player 4.1.9.95AVS Photo EditorAVS Registry Cleaner version 2.2AVS Ringtone Maker version 1.6AVS Screen Capture version 2.0.1AVS Update Manager 1.0AVS Video Converter 8AVS Video Editor 6AVS Video Recorder 2.5AVS Video ReMaker 4.1.1.144AVS4YOU Software Navigator 1.4Belarc Advisor 7.2Bible Search ProBibleCodesPredictionsSetup version 1.0BibleReaderBing BarBing Maps 3DBonjourCCH Small Firm Services (xulRunner)CCleanerCD to WAV and MP3 RipperCisco ConnectCisco Systems VPN Client 5.0.07.0290Cisco WebEx MeetingsCitrix Presentation Server ClientClient32ClienteleCloneDVD2CommandTRADECompare and Merge 2.3ContinueToSaveContinueToSave 1.74Coupon Printer for WindowsDailyBibleGuide ToolbarDesktop Icon Position Saver (64-bit)DigsbyDIRECTV2PC Playback AdvisorDisplayLink Core SoftwareDisplayLink GraphicsDisplayLink iPad SoftwareDropboxDVD-Cloner V9.70 Build 1115e-Sworde-Sword Bible Screen SaverEDI File EditorEpicor Clientele Loader 7.3.6 CtelwineRegEvernote v. 5.0.2extend® Version 8.1.2extend® Version 9.1.2Extreme TranslatorExtreme Translator TemplatesFBackup 4ffdshow [rev 2527] [2008-12-19]FileZilla Client 3.6.0.2FileZilla ServerFixCleanerFolderSizes 4Free CD Ripper 3.1Free Download Manager 3.9.2Free YouTube Downloader 3.5.134FreeScreenSharingGetFoldersize 2.3.2GoldWave v5.06GoodSyncGoogle ChromeGoogle Earth Plug-inGoogle Toolbar for Internet ExplorerGoogle Update HelperGoToAssist CorporateGoToMeeting 4.5.0.457GPSoftware Directory OpusH&R Block Alabama 2009H&R Block Alabama 2011H&R Block Alabama 2012H&R Block Business 2009 (Remove Only)H&R Block Business 2010 (Remove Only)H&R Block Business 2011 (Remove Only)H&R Block Premium + Efile + State 2009H&R Block Premium + Efile + State 2010H&R Block Premium + Efile + State 2011H&R Block Premium + Efile + State 2012Hardware HelperHebrew English Transliterated BibleHipaaEdiViewerHotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2135068)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2160831)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2278944)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2293451)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2303365)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2376419)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2387011)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2401992)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2402012)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2402815)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2425130)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2434700)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2736182)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2890573)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB983504)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB983537)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB983578)Hotfix for Microsoft Visual Studio LightSwitch 2011 - ENU (KB2603917)Hotfix for Microsoft Visual Studio LightSwitch 2011 - ENU (KB2890573)HP Color LaserJet 2600 seriesiCloudImgBurnIncrediMailIncrediMail 2.0IncrediMail MediaBar 2 ToolbarIntel® Graphics Media Accelerator DriverIntel® Network Connections DriversInternet Explorer Toolbar 4.9 by SweetPacksIObit Apps Toolbar v8.3IObit Malware FighterIpswitch WS_FTP 12iSEEK AnswerWorks English RuntimeiTunesJava 7 Update 17 (64-bit)Java 7 Update 45Java Auto UpdaterJava SE Development Kit 7 Update 11Java SE Development Kit 7 Update 17 (64-bit)Java 6 Update 35Java SE Development Kit 6 Update 21Junk Mail filter updateJustCloud K-Lite Mega Codec Pack 9.7.0Lernout & Hauspie TruVoice American English TTS EngineLiaison EDI NotepadLinksys VPN ClientLivedriveLogitech SetPoint 6.32LogMeInMalwarebytes Anti-Malware version 1.75.0.1300MBT DesktopMBT LightWave Trading PlatformMcAfee Security Scan PlusMediaInfo 0.7.62Memeo Instant BackupMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft .NET Framework 4 Multi-Targeting PackMicrosoft Application Error ReportingMicrosoft Choice GuardMicrosoft Help Viewer 1.1Microsoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office Live Add-in 1.5Microsoft Office Live Meeting 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Ultimate 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft Silverlight 4 SDKMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft SQL Server 2008 (64-bit)Microsoft SQL Server 2008 BrowserMicrosoft SQL Server 2008 Common FilesMicrosoft SQL Server 2008 Database Engine ServicesMicrosoft SQL Server 2008 Database Engine SharedMicrosoft SQL Server 2008 Native ClientMicrosoft SQL Server 2008 R2 Management ObjectsMicrosoft SQL Server 2008 RsFx DriverMicrosoft SQL Server 2008 Setup Support Files Microsoft SQL Server Compact 3.5 SP2 ENUMicrosoft SQL Server Compact 3.5 SP2 x64 ENUMicrosoft SQL Server System CLR TypesMicrosoft SQL Server VSS WriterMicrosoft Sync Framework Runtime Native v1.0 (x86)Microsoft Sync Framework Services Native v1.0 (x86)Microsoft Team Foundation Server 2010 Object Model - ENUMicrosoft Team Foundation Server 2010 Object Model (VSLS) - ENUMicrosoft Team Foundation Server 2010 Object Model for Lightswitch 2011 - ENUMicrosoft Visual C# 2008 Express EditionMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219Microsoft Visual F# 2.0 RuntimeMicrosoft Visual Studio LightSwitch 2011 - ENUMicrosoft Visual Studio LightSwitch 2011 Deployment PrerequisitesMicrosoft Visual Studio Macro ToolsMobileMe Control PanelMobileNoterMotoCastMotorola Device ManagerMotorola Device Software UpdateMOTOROLA MEDIA LINKMotorola Mobile Drivers Installation 6.2.0Movavi Video Suite 10Movavi YouTube Converter 3Mozilla Firefox 20.0.1 (x86 en-US)Mozilla Maintenance ServiceMozilla Thunderbird 17.0.3 (x86 en-US)MSVCRTMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB2758694)MyFreeCodecNASA World Wind 1.4Notepad++OptimizerProPaint.NET v3.5.8PC Inspector File RecoveryPdf995 (installed by H&R Block)PdfEdit995 (installed by H&R Block)PDFKey ProPhoto Notifier and Animation CreatorPlayMemories HomePocketBible NET Bible (NET)Quicken 2010Quicken 2013QuickTimeRealDownloaderRealNetworks - Microsoft Visual C++ 2008 RuntimeRealNetworks - Microsoft Visual C++ 2010 RuntimeRealPlayerRealUpgrade 1.1Recover PDF Password 3.0.118RoboForm 7-9-2-5 (All Users)SafariSamsung KiesSamsung Story Album ViewerSAMSUNG USB Driver for Mobile PhonesSaveAsSeagate DashboardSeagate DiscWizardSeagate Media SoftwareSearch Assistant SimpleSpeedy 1.74SeaTools for WindowsSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition Security Update for Microsoft Visual Studio LightSwitch 2011 - ENU (KB2645410)Security Update for Microsoft Visual Studio Macro Tools (KB2669970)Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit)Shared C Run-time for x64Smart Defrag 2Snagit 10SoundTaxi 4.0.0SoundTaxi Media Suite 4.0.0SouthWare PDF CreatorSql Server Customer Experience Improvement ProgramSSH Secure ShellStardock Fences 2Startpage24Stellarium 0.11.2Stora Desktop ApplicationsSybase Adaptive Server Enterprise SuiteTanach PlusTaxCut Business 2008 (Remove Only)TaxCut Premium + State + Efile 2008The ScripturestheWordTune SweeperTuneCab Online 3.4.0TuneCab Online Extras 3.4.2TuneSyncU/SQL Client (4.30.0000) Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Updater By SweetPacks 2.0.0.586Verizon V CAST Media ManagerVideo Download Converter version 1.0.0.0VideoDownloadConverter ToolbarVisual Studio 2010 Prerequisites - EnglishVisual Studio 2010 x64 RedistributablesVisual Studio 2012 x64 RedistributablesVisual Studio 2012 x86 RedistributablesVMware PlayerVNC Enterprise Edition E4.5.3VNC Mirror Driver 1.8.0VNC Printer Driver 1.6.0WCF RIA Services V1.0 SP1Web Deployment ToolWebCake 3.00Windows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live MailWindows Live MessengerWindows Live Movie MakerWindows Live Photo GalleryWindows Live SyncWindows Live Upload ToolWindows Live WriterWinPcap 4.1.3WinStars 2.0WinZip 15.5Wireshark 1.8.5 (64-bit)WiseFixer 3.2WizeFeed 2.1.5Wizetrade® CommoditiesWizetrade® OptionsWizetrade® StocksWoLoSoft SuperEdi 4.3.2Xilisoft HD Video Converter 6XtendXvid 1.1.3 final uninstallXXClone ver 2.01.2bYahoo! MessengerYahoo! Software UpdateYahoo! Toolbar.==== Event Viewer Messages From Past Week ========.11/29/2013 12:02:16 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.11/29/2013 12:00:15 PM, Error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).11/29/2013 11:56:41 AM, Error: Service Control Manager [7000] - The Aspi32 service failed to start due to the following error: This driver has been blocked from loading11/29/2013 11:56:41 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\Aspi32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.11/26/2013 6:58:23 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.11/26/2013 6:02:21 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.11/26/2013 6:01:08 PM, Error: Service Control Manager [7022] - The VMware USB Arbitration Service service hung on starting.11/26/2013 11:00:39 AM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the avgwd service.11/25/2013 11:08:40 AM, Error: Schannel [36888] - The following fatal alert was generated: 43. The internal error state is 252.11/23/2013 1:29:44 AM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the WSearch service.11/22/2013 8:15:13 AM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 6 service terminated unexpectedly. It has done this 1 time(s)..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted November 30, 2013 ID:759371 Share Posted November 30, 2013 Hello krwebber53! My name is Borislav and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Step 1 Please uninstall the following applications: AVG SafeGuard toolbar ContinueToSave ContinueToSave 1.74 Coupon Printer for Windows DailyBibleGuide Toolbar IncrediMail MediaBar 2 Toolbar Internet Explorer Toolbar 4.9 by SweetPacks IObit Apps Toolbar v8.3 IObit Malware Fighter OptimizerPro Updater By SweetPacks 2.0.0.586 WebCake 3.00 Step 2 Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Step 3 Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Clean.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well.Step 4Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately. In your next reply, post the following log files:Junkware Removal Tool logAdwCleaner logMalwarebytes' Anti-Malware log Link to post Share on other sites More sharing options...
krwebber53 Posted December 3, 2013 Author ID:760399 Share Posted December 3, 2013 AdwCleaner.exe did produce a file and displayed it in Notepad, but I do not find the file in C:\I did find a file AdwCleaner[s0].txt in C:\AdwCleaner folder and copied it at the end of this post.Here is JRT.txt~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.8 (11.05.2013:1)OS: Windows 7 Professional x64Ran by webberk on Tue 12/03/2013 at 10:05:11.48~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] videodownloadconverter_4zservice Successfully deleted: [service] videodownloadconverter_4zservice ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\videodownloadconverter search scope monitorSuccessfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\babyglossSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\babyoptfileSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\sweetim_urlsearchhook.toolbarurlsearchhookSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistpluginSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\bho.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\extension.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\iehelperv2.5.0.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\nctaudiocdgrabber2.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\priam_bho.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exeSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylonSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\fixcleanerSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\imSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstallerSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer proSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonicSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetimSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wajamSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wecarereminderSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossriderSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\i want thisSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegongSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settingsSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotectorSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2799653475-1206912365-1311522834-1001\Software\sweetimSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\fixcleanerSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.comSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminstallerSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetimSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\updater by sweetpacksSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wajamSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocolSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapiSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.dynamicbarbuttonSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.dynamicbarbutton.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.feedmanagerSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.feedmanager.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.htmlmenuSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.htmlmenu.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.htmlpanelSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.htmlpanel.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.multiplebuttonSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.multiplebutton.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.pseudotransparentpluginSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.pseudotransparentplugin.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.radioSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.radio.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.radiosettingsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.radiosettings.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.scriptbuttonSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.scriptbutton.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.settingspluginSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.settingsplugin.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.thirdpartyinstallerSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.thirdpartyinstaller.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.urlalertbuttonSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.urlalertbutton.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.xmlsessionpluginSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\videodownloadconverter_4z.xmlsessionplugin.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocololeSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\babylon_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\babylon_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\i want this_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\i want this_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\optimizerpro_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\babylon.exeSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\videodownloadconverter_4zbar uninstallSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotectorSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2724386Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askchecker_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askchecker_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wsconduit__166_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wsconduit__166_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_avs-video-to-go_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_avs-video-to-go_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\askchecker_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\askchecker_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\wsconduit__166_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\wsconduit__166_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_avs-video-to-go_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_avs-video-to-go_RASMANCSSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} ~~~ Files Successfully deleted: [File] "C:\Windows\syswow64\conduitengine.tmp" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\pc optimizer pro"Failed to delete: [Folder] "C:\ProgramData\premium"Successfully deleted: [Folder] "C:\ProgramData\saveas"Successfully deleted: [Folder] "C:\ProgramData\softsafe"Successfully deleted: [Folder] "C:\Users\webberk\AppData\Roaming\fixcleaner"Successfully deleted: [Folder] "C:\Users\webberk\AppData\Roaming\optimizer pro"Successfully deleted: [Folder] "C:\Users\webberk\AppData\Roaming\webcake"Successfully deleted: [Folder] "C:\Users\webberk\appdata\local\conduit"Successfully deleted: [Folder] "C:\Users\webberk\appdata\local\cre"Successfully deleted: [Folder] "C:\Users\webberk\appdata\local\swvupdater"Successfully deleted: [Folder] "C:\Users\webberk\appdata\local\visi_coupon"Successfully deleted: [Folder] "C:\Users\webberk\appdata\local\wajam"Successfully deleted: [Folder] "C:\Users\webberk\appdata\locallow\conduit"Successfully deleted: [Folder] "C:\Users\webberk\appdata\locallow\pricegong"Successfully deleted: [Folder] "C:\Users\webberk\appdata\locallow\sweetim"Successfully deleted: [Folder] "C:\Users\webberk\appdata\locallow\videodownloadconverter_4z"Successfully deleted: [Folder] "C:\Program Files (x86)\babylon"Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"Successfully deleted: [Folder] "C:\Program Files (x86)\dailybibleguide"Successfully deleted: [Folder] "C:\Program Files (x86)\driver-soft"Successfully deleted: [Folder] "C:\Program Files (x86)\fixcleaner"Successfully deleted: [Folder] "C:\Program Files (x86)\free youtube downloader"Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"Successfully deleted: [Folder] "C:\Program Files (x86)\saveas"Successfully deleted: [Folder] "C:\Program Files (x86)\simplespeedy"Successfully deleted: [Folder] "C:\Program Files (x86)\sweetim"Successfully deleted: [Folder] "C:\Program Files (x86)\video download converter"Successfully deleted: [Folder] "C:\Program Files (x86)\videodownloadconverter_4z"Failed to delete: [Folder] "C:\Program Files (x86)\Common Files\spigot"Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro"Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\we-care reminder"Successfully deleted: [Folder] "C:\Users\webberk\AppData\Roaming\microsoft\windows\start menu\programs\wajam"Successfully deleted: [Folder] "C:\ai_recyclebin"Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"Successfully deleted: [Folder] "C:\Windows\syswow64\wnlt" ~~~ FireFox Successfully deleted: [File] C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\user.jsSuccessfully deleted: [File] C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpiSuccessfully deleted: [File] C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\searchplugins\mystart search.xmlSuccessfully deleted: [File] C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\searchplugins\sweetim.xmlSuccessfully deleted: [File] C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\searchplugins\websearch.xmlSuccessfully deleted: [Folder] C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\fctbSuccessfully deleted: [Folder] C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\extensions\engine@conduit.comSuccessfully deleted: [Folder] C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\extensions\crossriderapp2258@crossrider.comSuccessfully deleted: [Folder] C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\extensions\2vffxtbr@dailybibleguide.comSuccessfully deleted: [Folder] C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\extensions\4zffxtbr@videodownloadconverter_4z.comSuccessfully deleted: [Folder] C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\extensions\plugin@getwebcake.comSuccessfully deleted: [Folder] C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\extensions\stagedSuccessfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\4zffxtbr@videodownloadconverter_4z.comSuccessfully deleted the following from C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\prefs.js user_pref("CT2724386.CT2724407.CommunityChanged", true);user_pref("CT2724386.CT2724431.CommunityChanged", true);user_pref("CT2724386.CT2727162.CommunityChanged", true);user_pref("CT2724386.CT2727622.CommunityChanged", true);user_pref("CT2724386.CT2727646.CommunityChanged", true);user_pref("CT2724386.CT2727678.CommunityChanged", true);user_pref("CT2724386.CT2727750.CommunityChanged", true);user_pref("CT2724386.CTID", "ct2724386");user_pref("CT2724386.CommunitiesChangesLastCheckTime", "Mon Mar 28 2011 10:04:59 GMT-0500 (Central Daylight Time)");user_pref("CT2724386.CommunityChanged", true);user_pref("CT2724386.CurrentServerDate", "29-3-2011");user_pref("CT2724386.DialogsAlignMode", "LTR");user_pref("CT2724386.DownloadReferralCookieData", "");user_pref("CT2724386.FirstServerDate", "28-3-2011");user_pref("CT2724386.FirstTime", true);user_pref("CT2724386.FirstTimeFF3", true);user_pref("CT2724386.FirstTimeSettingsDone", true);user_pref("CT2724386.FixPageNotFoundErrors", true);user_pref("CT2724386.GroupingLastCheckTime", "Mon Mar 28 2011 21:04:06 GMT-0500 (Central Daylight Time)");user_pref("CT2724386.GroupingLastErrorCode", "");user_pref("CT2724386.GroupingLastResponse", true);user_pref("CT2724386.GroupingLastServerUpdateTime", "129453855667800000");user_pref("CT2724386.GroupingServerCheckInterval", 1440);user_pref("CT2724386.Initialize", true);user_pref("CT2724386.InitializeCommonPrefs", true);user_pref("CT2724386.InstallationAndCookieDataSentCount", 3);user_pref("CT2724386.InstallationId", "IncrediMail_MediaBar_2.exe");user_pref("CT2724386.InstallationType", "ConduitIntegration");user_pref("CT2724386.InstalledDate", "Mon Mar 28 2011 09:04:07 GMT-0500 (Central Daylight Time)");user_pref("CT2724386.IsGrouping", true);user_pref("CT2724386.IsMulticommunity", false);user_pref("CT2724386.IsOpenThankYouPage", false);user_pref("CT2724386.IsOpenUninstallPage", true);user_pref("CT2724386.LanguagePackLastCheckTime", "Mon Mar 28 2011 09:04:14 GMT-0500 (Central Daylight Time)");user_pref("CT2724386.LanguagePackReloadIntervalMM", 1440);user_pref("CT2724386.LastLogin_2.7.2.0", "Tue Mar 29 2011 09:04:37 GMT-0500 (Central Daylight Time)");user_pref("CT2724386.LatestVersion", "3.3.3.2");user_pref("CT2724386.Locale", "en");user_pref("CT2724386.LoginCache", 4);user_pref("CT2724386.MCDetectTooltipHeight", "83");user_pref("CT2724386.MCDetectTooltipWidth", "295");user_pref("CT2724386.RadioIsPodcast", false);user_pref("CT2724386.RadioMediaID", "21080102");user_pref("CT2724386.RadioMediaType", "Media Player");user_pref("CT2724386.RadioMenuSelectedID", "EBRadioMenu_CT272438621080102");user_pref("CT2724386.RadioStationName", "Mix%201620%20Am");user_pref("CT2724386.SearchFromAddressBarIsInit", true);user_pref("CT2724386.SearchInNewTabEnabled", true);user_pref("CT2724386.SearchInNewTabIntervalMM", 1440);user_pref("CT2724386.SearchProtectorToolbarDisabled", true);user_pref("CT2724386.SettingsCheckIntervalMin", 120);user_pref("CT2724386.SettingsLastCheckTime", "Mon Mar 28 2011 09:04:04 GMT-0500 (Central Daylight Time)");user_pref("CT2724386.SettingsLastUpdate", "1300904766");user_pref("CT2724386.ThirdPartyComponentsInterval", 504);user_pref("CT2724386.ThirdPartyComponentsLastCheck", "Mon Mar 28 2011 09:04:03 GMT-0500 (Central Daylight Time)");user_pref("CT2724386.ThirdPartyComponentsLastUpdate", "1246786978");user_pref("CT2724386.ToolbarDisabled", true);user_pref("CT2724386.UserID", "UN80016074927960551");user_pref("CT2724386.WeatherNetwork", "");user_pref("CT2724386.WeatherPollDate", "Tue Mar 29 2011 10:05:15 GMT-0500 (Central Daylight Time)");user_pref("CT2724386.WeatherUnit", "C");user_pref("CT2724386.clientLogIsEnabled", true);user_pref("CT2724386.ct2724386.DialogsAlignMode", "LTR");user_pref("CT2724386.ct2724386.FirstTimeSettingsDone", true);user_pref("CT2724386.ct2724386.GroupingInvalidateCache", false);user_pref("CT2724386.ct2724386.GroupingLastCheckTime", "Tue Mar 29 2011 09:04:09 GMT-0500 (Central Daylight Time)");user_pref("CT2724386.ct2724386.GroupingLastErrorCode", "");user_pref("CT2724386.ct2724386.GroupingLastResponse", true);user_pref("CT2724386.ct2724386.GroupingLastServerUpdateTime", "129453855667800000");user_pref("CT2724386.ct2724386.InvalidateCache", false);user_pref("CT2724386.ct2724386.LanguagePackLastCheckTime", "Mon Mar 28 2011 09:04:35 GMT-0500 (Central Daylight Time)");user_pref("CT2724386.ct2724386.Locale", "en");user_pref("CT2724386.ct2724386.RadioLastCheckTime", "Tue Mar 29 2011 09:04:53 GMT-0500 (Central Daylight Time)");user_pref("CT2724386.ct2724386.RadioLastUpdateIPServer", "3");user_pref("CT2724386.ct2724386.RadioLastUpdateServer", "129249036863500000");user_pref("CT2724386.ct2724386.SearchInNewTabLastCheckTime", "Tue Mar 29 2011 09:04:38 GMT-0500 (Central Daylight Time)");user_pref("CT2724386.ct2724386.SettingsCheckIntervalMin", 120);user_pref("CT2724386.ct2724386.SettingsLastCheckTime", "Mon Mar 28 2011 09:04:08 GMT-0500 (Central Daylight Time)");user_pref("CT2724386.ct2724386.SettingsLastUpdate", "1300904766");user_pref("CT2724386.ct2724386.ThirdPartyComponentsLastCheck", "Mon Mar 28 2011 09:04:08 GMT-0500 (Central Daylight Time)");user_pref("CT2724386.ct2724386.ThirdPartyComponentsLastUpdate", "1246786978");user_pref("CT2724386.myStuffEnabled", true);user_pref("CT2724386.myStuffPublihserMinWidth", 400);user_pref("CT2724386.myStuffServiceIntervalMM", 1440);user_pref("CommunityToolbar.EngineHiddenByUser", true);user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");user_pref("CommunityToolbar.IsEngineShown", false);user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");user_pref("CommunityToolbar.ToolbarsList", "CT2724386,ConduitEngine");user_pref("CommunityToolbar.ToolbarsList2", "CT2724386");user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu May 05 2011 08:54:59 GMT-0500 (Central Daylight Time)");user_pref("CommunityToolbar.alert.alertInfoInterval", 60);user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue May 17 2011 11:13:45 GMT-0500 (Central Daylight Time)");user_pref("CommunityToolbar.alert.locale", "");user_pref("CommunityToolbar.alert.loginIntervalMin", 0);user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue May 17 2011 10:13:38 GMT-0500 (Central Daylight Time)");user_pref("CommunityToolbar.alert.loginLastUpdateTime", "");user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);user_pref("CommunityToolbar.alert.showTrayIcon", false);user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);user_pref("CommunityToolbar.alert.userId", "74e31f20-15d3-493d-a6c3-9d829af4067e");user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Mar 29 2011 09:04:15 GMT-0500 (Central Daylight Time)");user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sun May 15 2011 08:55:12 GMT-0500 (Central Daylight Time)");user_pref("ConduitEngine.CTID", "ConduitEngine");user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun May 08 2011 08:54:57 GMT-0500 (Central Daylight Time)");user_pref("ConduitEngine.FirstServerDate", "05/05/2011 16");user_pref("ConduitEngine.FirstTime", true);user_pref("ConduitEngine.FirstTimeFF3", true);user_pref("ConduitEngine.HasUserGlobalKeys", true);user_pref("ConduitEngine.Initialize", true);user_pref("ConduitEngine.InitializeCommonPrefs", true);user_pref("ConduitEngine.InstalledDate", "Thu May 05 2011 08:54:58 GMT-0500 (Central Daylight Time)");user_pref("ConduitEngine.IsMulticommunity", false);user_pref("ConduitEngine.IsOpenThankYouPage", false);user_pref("ConduitEngine.IsOpenUninstallPage", true);user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue May 10 2011 08:55:04 GMT-0500 (Central Daylight Time)");user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue May 10 2011 08:55:04 GMT-0500 (Central Daylight Time)");user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);user_pref("ConduitEngine.SettingsLastCheckTime", "Tue May 10 2011 08:55:02 GMT-0500 (Central Daylight Time)");user_pref("ConduitEngine.UserID", "UN30833192118588890");user_pref("ConduitEngine.componentAlertEnabled", false);user_pref("ConduitEngine.engineLocale", "en-US");user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue May 10 2011 08:54:58 GMT-0500 (Central Daylight Time)");user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue May 10 2011 08:55:05 GMT-0500 (Central Daylight Time)");user_pref("ConduitEngine.initDone", true);user_pref("ConduitEngine.isAppTrackingManagerOn", true);user_pref("ConduitEngine.usagesFlag", 2);user_pref("aol_toolbar.default.homepage.check", false);user_pref("aol_toolbar.default.search.check", false);user_pref("browser.search.defaultenginename,S", "WebSearch");user_pref("browser.search.order.1", "WebSearch");user_pref("browser.search.order.1,S", "WebSearch");user_pref("browser.search.selectedEngine,S", "WebSearch");user_pref("extensions.50ec7f819e1cb.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatiouser_pref("extensions.50eeee4553ac0.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatiouser_pref("extensions.BabylonToolbar.prtkDS", 0);user_pref("extensions.BabylonToolbar.prtkHmpg", 0);user_pref("extensions.crossrider.bic", "137412ff4f39c74ca835bd1b992bad3e");user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", true);user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1336764547);user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.searchUserConifrmation", false);user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setHomepage", false);user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setNewTab", false);user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setSearch", false);user_pref("extensions.crossriderapp2258.2258.active", true);user_pref("extensions.crossriderapp2258.2258.addressbar", "");user_pref("extensions.crossriderapp2258.2258.addressbarenhanced", "");user_pref("extensions.crossriderapp2258.2258.affid", "0");user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n//\n");user_pref("extensions.crossriderapp2258.2258.backgroundver", 51);user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");user_pref("extensions.crossriderapp2258.2258.changeprevious", false);user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1336764547");user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.value", "%7B%22source_id%22%3A%2222241%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%2222241%26subid%3Duser_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1336764547");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_arbitrary_code.expiration", "Thu May 30 2013 10:35:59 GMT-0500 (Central Daylight Time)");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_arbitrary_code.value", "%22var%20start_time%3D1368590400%3C%3DMath.floor%28new%20Date/1E3%29%3F378693E4%3A1368504E3%3Buser_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.expiration", "Thu May 30 2013 10:35:59 GMT-0500 (Central Daylight Time)");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_cf_ab_cap1.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_cf_ab_cap1.value", "%22lbcmmpmjjaockhkcofljpakjcbmjmgla%2Cankoaclbfmdocnmjbokdkohpehjjinen%22");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_cf_bu1.value", "1360856520");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.expiration", "Thu Jun 06 2013 10:10:44 GMT-0500 (Central Daylight Time)");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_country_code.value", "%22US%22");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1369927908");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_currenttime.value", "%221368543727%22");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_delay.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_delay.value", "24");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_disclosure.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_disclosure.value", "1367944039");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_list.expiration", "Thu May 30 2013 16:10:46 GMT-0500 (Central Daylight Time)");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_ib_list.value", "%7B%2232456a9136582027c21cd93a74f21b22%22%3A%7B%22p%22%3A%22/%22%7D%2C%2210b846b88e1b816925858abd9e10user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%2222241%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%2222241%26suuser_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2222241%22");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_pc_20120828.value", "1346783678139");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%221145%22");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2235781%22");user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");user_pref("extensions.crossriderapp2258.2258.cookie.dbtest.value", "1346783677221");user_pref("extensions.crossriderapp2258.2258.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");user_pref("extensions.crossriderapp2258.2258.cookie.lastrequest.value", "%7B%22path%22%3A%22/epd/epdEUinit.aspx%22%2C%22host%22%3A%22supportline.microfocus.com%22%2C%22scheme%user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");user_pref("extensions.crossriderapp2258.2258.domain", "");user_pref("extensions.crossriderapp2258.2258.emailsig", "");user_pref("extensions.crossriderapp2258.2258.enablesearch", false);user_pref("extensions.crossriderapp2258.2258.exposesites", "");user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");user_pref("extensions.crossriderapp2258.2258.group", 0);user_pref("extensions.crossriderapp2258.2258.homepage", "");user_pref("extensions.crossriderapp2258.2258.iframe", false);user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22159A334243B74FF9ADC770810E96F074IE%22%2C%22installer_verifieruser_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_appVer.value", "144");user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_lastVersion.value", "0");user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_meta.value", "%7B%7D");user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.expiration", "Thu May 30 2013 16:10:43 GMT-0500 (Central Daylight Time)");user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_nextCheck.value", "true");user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0600 (Central Standard Time)");user_pref("extensions.crossriderapp2258.2258.internaldb.Resources_queue.value", "%7B%7D");user_pref("extensions.crossriderapp2258.2258.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:21,baseCDN:\"couser_pref("extensions.crossriderapp2258.2258.manifesturl", "");user_pref("extensions.crossriderapp2258.2258.name", "I Want This");user_pref("extensions.crossriderapp2258.2258.newtab", "");user_pref("extensions.crossriderapp2258.2258.opensearch", "");user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(b){if(void 0===this||null===this)throw nuser_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.name", "GPL Plugin (Loader)");user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000014.ver", 15);user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(b)user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.name", "GPL Background (BG)");user_pref("extensions.crossriderapp2258.2258.plugins.plugin_1000015.ver", 38);user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelectiouser_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 3);user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 3);user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 7);user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 4);user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.name", "resources_background");user_pref("extensions.crossriderapp2258.2258.plugins.plugin_47.ver", 3);user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};vuser_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.name", "appApiMessage");user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.ver", 2);user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var k={};var f=appAPI.appInfo.name;var l=fuuser_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.name", "appApiValidation");user_pref("extensions.crossriderapp2258.2258.plugins.plugin_72.ver", 3);user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgentuser_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.name", "CrossriderInfo");user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.ver", 3);user_pref("extensions.crossriderapp2258.2258.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===truuser_pref("extensions.crossriderapp2258.2258.plugins.plugin_98.name", "omniCommands");user_pref("extensions.crossriderapp2258.2258.plugins.plugin_98.ver", 2);user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "14,78,16,64,47,72,98,1000015");user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,78,13,16,64,72,98,1000014");user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_5", "14,78,13,16,64,47,72");user_pref("extensions.crossriderapp2258.2258.pluginsversion", 69);user_pref("extensions.crossriderapp2258.2258.premium", true);user_pref("extensions.crossriderapp2258.2258.publisher", "Innovative Apps");user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);user_pref("extensions.crossriderapp2258.2258.setnewtab", false);user_pref("extensions.crossriderapp2258.2258.settingsurl", "");user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);user_pref("extensions.crossriderapp2258.2258.ver", 144);user_pref("extensions.crossriderapp2258.adsOldValue", -1);user_pref("extensions.crossriderapp2258.apps", "2258");user_pref("extensions.crossriderapp2258.bic", "137412ff4f39c74ca835bd1b992bad3e");user_pref("extensions.crossriderapp2258.cid", 2258);user_pref("extensions.crossriderapp2258.firstrun", false);user_pref("extensions.crossriderapp2258.hadappinstalled", true);user_pref("extensions.crossriderapp2258.installationdate", 1336828491);user_pref("extensions.crossriderapp2258.lastcheck", 22832111);user_pref("extensions.crossriderapp2258.lastcheckitem", 22832132);user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1342757421206");user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1342757421202");user_pref("extensions.crossriderapp2258.modetype", "production");user_pref("extensions.crossriderapp2258.statsDailyCounter", 14);user_pref("extensions.toolbar.mindspark._2vMembers_.hp.user.defined", true);user_pref("extensions.toolbar.mindspark._2vMembers_.initialized", true);user_pref("extensions.toolbar.mindspark._2vMembers_.installation.contextKey", "");user_pref("extensions.toolbar.mindspark._2vMembers_.installation.installDate", "2012072308");user_pref("extensions.toolbar.mindspark._2vMembers_.installation.partnerId", "XMxdm034YYus");user_pref("extensions.toolbar.mindspark._2vMembers_.installation.partnerSubId", "");user_pref("extensions.toolbar.mindspark._2vMembers_.installation.success", true);user_pref("extensions.toolbar.mindspark._2vMembers_.installation.toolbarId", "815D076D-87E7-43F2-8C37-1E0570ABA176");user_pref("extensions.toolbar.mindspark._2vMembers_.lastActivePing", "1369926631187");user_pref("extensions.toolbar.mindspark._2vMembers_.options.defaultSearch", false);user_pref("extensions.toolbar.mindspark._2vMembers_.options.homePageEnabled", false);user_pref("extensions.toolbar.mindspark._2vMembers_.options.keywordEnabled", false);user_pref("extensions.toolbar.mindspark._2vMembers_.options.tabEnabled", false);user_pref("extensions.toolbar.mindspark._2vMembers_.weather.location", "30301");user_pref("extensions.toolbar.mindspark.lastInstalled", "dailybibleguide@mindspark.com");user_pref("freecause003e1c8febd6f07475514b31c0f547ec.AutoSearchEventData", "auto%20search");user_pref("freecause003e1c8febd6f07475514b31c0f547ec.ClearCacheDate", 25);user_pref("freecause003e1c8febd6f07475514b31c0f547ec.DNSCatch", false);user_pref("freecause003e1c8febd6f07475514b31c0f547ec.DisplayEULA", true);user_pref("freecause003e1c8febd6f07475514b31c0f547ec.DnsCatchEventData", "dns%20catch");user_pref("freecause003e1c8febd6f07475514b31c0f547ec.EBOMode", true);user_pref("freecause003e1c8febd6f07475514b31c0f547ec.FirstLaunchShown", true);user_pref("freecause003e1c8febd6f07475514b31c0f547ec.InstallDomain", "freecause.com");user_pref("freecause003e1c8febd6f07475514b31c0f547ec.InstallType", "standard");user_pref("freecause003e1c8febd6f07475514b31c0f547ec.LoadLayoutDate.100770", 25);user_pref("freecause003e1c8febd6f07475514b31c0f547ec.NewTabSearchEventData", "tab%20search");user_pref("freecause003e1c8febd6f07475514b31c0f547ec.ShowRecommendedOptions", true);user_pref("freecause003e1c8febd6f07475514b31c0f547ec.StateReportDate", "1343228190825");user_pref("freecause003e1c8febd6f07475514b31c0f547ec.TopRightSearchEventData", "top%20right%20search");user_pref("freecause003e1c8febd6f07475514b31c0f547ec.beforeInstallSaved", true);user_pref("freecause003e1c8febd6f07475514b31c0f547ec.beforeinstall.homepage", "hxxp%3A//mystart.incredimail.com%3Fa%3D1uwspE0znNK");user_pref("freecause003e1c8febd6f07475514b31c0f547ec.beforeinstall.search", "Secure%20Search");user_pref("freecause003e1c8febd6f07475514b31c0f547ec.customNewTab", false);user_pref("freecause003e1c8febd6f07475514b31c0f547ec.helpUsImprove", true);user_pref("freecause003e1c8febd6f07475514b31c0f547ec.hideOthers", true);user_pref("freecause003e1c8febd6f07475514b31c0f547ec.partnerauth", false);user_pref("freecause003e1c8febd6f07475514b31c0f547ec.processAddrBar", false);user_pref("freecause003e1c8febd6f07475514b31c0f547ec.restoreSearch", false);user_pref("freecause003e1c8febd6f07475514b31c0f547ec.runcmd.", "bb_acct_status_1343231674");user_pref("freecause003e1c8febd6f07475514b31c0f547ec.searchHistory", true);user_pref("freecause003e1c8febd6f07475514b31c0f547ec.session", "17E2E8BC2E615F0244984A94C835B00BBC70588D1A5682DCB67A82A54F6C0DA4A7EB419A12641248D14B3D957F2572E692C06E9416C73C8user_pref("freecause003e1c8febd6f07475514b31c0f547ec.showFirstLaunchOptions", false);user_pref("freecause003e1c8febd6f07475514b31c0f547ec.tb_lang", "en");user_pref("freecause003e1c8febd6f07475514b31c0f547ec.tool_id", "100770");user_pref("freecause003e1c8febd6f07475514b31c0f547ec.user_id", "111493086");user_pref("freecause003e1c8febd6f07475514b31c0f547ec.user_key", "469f77b980ea12f60bb6e5fbd1f09a2fe310545a");user_pref("freecause003e1c8febd6f07475514b31c0f547ec.user_layouts", "100770");user_pref("freecause003e1c8febd6f07475514b31c0f547ec.user_lnames", "fcreward.100770.b");user_pref("freecause003e1c8febd6f07475514b31c0f547ec.xml_service_url", "6bb94bbf55fe2f255901a560824a6ebe");user_pref("freecause003e1c8febd6f07475514b31c0f547ec.yahooSearch", false);user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "WebSearch");user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch");user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");user_pref("sweetim.toolbar.searchguard.enable", "");Emptied folder: C:\Users\webberk\AppData\Roaming\mozilla\firefox\profiles\knmvngqb.default\minidumps [8 files] ~~~ Chrome Successfully deleted: [Folder] C:\Users\webberk\appdata\local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjpSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 12/03/2013 at 10:20:19.53End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Here is mbam-log-2013-12-03Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2013.12.03.05 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16428webberk :: LENOVO64 [administrator] Protection: Enabled 12/3/2013 10:47:49 AMmbam-log-2013-12-03 (10-47-49).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 64922Time elapsed: 9 minute(s), 24 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) FILE AdwCleaner# AdwCleaner v3.014 - Report created 03/12/2013 at 10:33:27# Updated 01/12/2013 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : webberk - LENOVO64# Running from : C:\Users\webberk\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\PremiumFolder Deleted : C:\ProgramData\coenitinnuuetoosiaveFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codecFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\coenitinnuuetoosiaveFolder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbarFolder Deleted : C:\Program Files (x86)\Common Files\AVG Secure SearchFolder Deleted : C:\Program Files (x86)\Common Files\SpigotFolder Deleted : C:\Users\webberk\AppData\Local\AVG SafeGuard toolbarFolder Deleted : C:\Users\webberk\AppData\Local\PackageAwareFolder Deleted : C:\Users\admin\AppData\Local\visi_couponFolder Deleted : C:\Users\admin\AppData\LocalLow\ConduitFolder Deleted : C:\Users\admin\AppData\LocalLow\IncrediMail_MediaBar_2Folder Deleted : C:\Users\admin\AppData\LocalLow\VideoDownloadConverter_4zFolder Deleted : C:\Users\Administrator\AppData\Local\visi_couponFolder Deleted : C:\Users\Administrator\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2Folder Deleted : C:\Users\Administrator\AppData\LocalLow\PriceGongFolder Deleted : C:\Users\Administrator\AppData\LocalLow\VideoDownloadConverter_4zFolder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\ConduitFolder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\ConduitEngineFolder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\CT2724386Folder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}Folder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\g45ga@qxkwa.comFolder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\50ec7f819e11e@50ec7f819e157.comFolder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\50eeee4553a13@50eeee4553a4c.comFolder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\ascsurfingprotection@iobit.comFolder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\DeviceDetection@logitech.comFolder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\LogMeInClient@logmein.comFolder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}Folder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}Folder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}Folder Deleted : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}-trashFile Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon.lnkFile Deleted : C:\Windows\System32\roboot64.exeFile Deleted : C:\Users\webberk\AppData\Local\Temp\Uninstall.exeFile Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\safeguard-secure-search.xmlFile Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xmlFile Deleted : C:\Users\webberk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorageFile Deleted : C:\Users\webberk\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journalFile Deleted : C:\Windows\System32\Tasks\LaunchAppFile Deleted : C:\Windows\System32\Tasks\PC Optimizer Pro Updates ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocjKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpoojKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkkKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocppKey Deleted : HKLM\SOFTWARE\Classes\.bglKey Deleted : HKLM\SOFTWARE\Classes\.bofKey Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLLKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCSValue Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/PluginKey Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdaterKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_156f8a5fKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_ccfde35cKey Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A1260C1-2964-453F-B0BA-FA429472EB5F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{363D5C92-10DC-4287-93E5-1832EECC48EC}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B41BE90-F731-4137-AFF3-2CA951E7F0D9}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D429207-4689-492D-A0E5-CDC5DFBB5005}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4128C64D-F0DD-4811-9405-D22294E8151F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66292684-B2C2-4C7C-B3D2-BF446E30744C}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69407823-3494-4400-8D49-612549E8F4EE}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6BFF4BCB-7A73-45A7-AC4C-389A34E1D1EF}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84B7B98F-E018-4DBB-AB4C-4DDD3DFCB5FB}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FCA5302-6D6D-4645-BF99-D43CF76CE474}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A86782D8-7B41-452F-A217-1854F72DBA54}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C547C6C2-561B-4169-A2A5-20BA771CA93B}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD385519-22E7-4BE2-8A8D-35C66DF4858E}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED345812-2722-4DCA-9976-D01832DB44EE}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF48DBA6-5DD8-4D10-9EB0-0FA968502E66}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79332472-47F3-4E32-B07F-CF8DF4C58499}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FB0E8A09-F08C-44CF-9E15-97ADAC016248}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C547C6C2-561B-4169-A2A5-20BA771CA93B}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C547C6C2-561B-4169-A2A5-20BA771CA93B}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C1B9042-3D32-49A1-916B-0AA3A9CDDFD6}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A86782D8-7B41-452F-A217-1854F72DBA54}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D9083CE-8758-4704-BA57-3C891D7452BD}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D429207-4689-492D-A0E5-CDC5DFBB5005}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{48586425-6BB7-4F51-8DC6-38C88E3EBB58}]Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{93A3111F-4F74-4ED8-895E-D9708497629E}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3595550-5007-4AEB-BB04-D00E62E836A8}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F0786343-938E-456B-8798-DE7EEC08F820}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\Myfree CodecKey Deleted : HKCU\Software\AppDataLow\Software\VideoDownloadConverter_4zKey Deleted : HKLM\Software\AVG Security ToolbarKey Deleted : HKLM\Software\InfoAtomsKey Deleted : HKLM\Software\Myfree CodecKey Deleted : HKLM\Software\VideoDownloadConverter_4zKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodecKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}Key Deleted : [x64] HKLM\SOFTWARE\Tarma InstallerKey Deleted : [x64] HKLM\SOFTWARE\Updater By SweetpacksKey Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerProKey Deleted : HKLM\Software\Classes\Installer\Features\5EC33E4FBA7A86F47A7E0FAA48FED2E9Key Deleted : HKLM\Software\Classes\Installer\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9 ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v20.0.1 (en-US) [ File : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\prefs.js ] Line Deleted : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n//\n");Line Deleted : user_pref("extensions.crossriderapp2258.2258.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:21,baseCDN:\"contentcache-a.akamaihd.net[...]Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigator[...]Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&type[...]Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return(![...]Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!==\"undefined\"){(functi[...]Line Deleted : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===true){unsafeWindow.appAPI=ap[...]Line Deleted : user_pref("extensions.enabledAddons", "2vffxtbr%40DailyBibleGuide.com:5.3.1.13538,ascsurfingprotection%40iobit.com:1.0,crossriderapp2258%40crossrider.com:0.91.143,DeviceDetection%40logitech.com:1.23.0[...] -\\ Google Chrome v31.0.1650.57 [ File : C:\Users\webberk\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [20346 octets] - [03/12/2013 10:31:34]AdwCleaner[s0].txt - [20098 octets] - [03/12/2013 10:33:27] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [20159 octets] ########## Link to post Share on other sites More sharing options...
Maniac Posted December 3, 2013 ID:760446 Share Posted December 3, 2013 Thanks for your information! I will fix this in my instructions. Well done! Step 1 Download TFC to your desktopOpen the file and close any other windows.It will close all programs itself when run, make sure to let it run uninterrupted.Click the Start button to begin the process. The program should not take long to finish its jobOnce its finished it should reboot your machine, if not, do this yourself to ensure a complete cleanStep 2 Please scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your Desktop.Double click on the to download the ESET Smart Installer. icon on your Desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under Scan Settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button. Link to post Share on other sites More sharing options...
krwebber53 Posted December 5, 2013 Author ID:760849 Share Posted December 5, 2013 Looks like that fixed the problem. Thanks for your help. Apprecia$ion coming your way. Here is the last scan results FYI.C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\ldrtbInc2.dll a variant of Win32/Toolbar.Conduit.P application C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\tbInc2.dll a variant of Win32/Toolbar.Conduit.B application C:\AdwCleaner\Quarantine\C\Users\admin\AppData\LocalLow\IncrediMail_MediaBar_2\ldrtbInc2.dll.vir a variant of Win32/Toolbar.Conduit.P application cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\Users\admin\AppData\LocalLow\IncrediMail_MediaBar_2\tbInc2.dll.vir a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\ldrtbInc2.dll.vir a variant of Win32/Toolbar.Conduit.P application cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\LocalLow\IncrediMail_MediaBar_2\tbInc2.dll.vir a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\50ec7f819e11e@50ec7f819e157.com\content\bg.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\50eeee4553a13@50eeee4553a4c.com\content\bg.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantinedC:\AdwCleaner\Quarantine\C\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\Extensions\g45ga@qxkwa.com\content\bg.js.vir Win32/Adware.MultiPlug.H application cleaned by deleting - quarantinedC:\Qoobox\Quarantine\C\Program Files (x86)\I Want This\I Want This.dll.vir Win32/Toolbar.CrossRider application cleaned by deleting - quarantinedC:\Qoobox\Quarantine\C\Program Files (x86)\I Want This\I Want This.exe.vir a variant of Win32/Toolbar.CrossRider.E application cleaned by deleting - quarantinedC:\Qoobox\Quarantine\C\Program Files (x86)\I Want This\I Want ThisGui.exe.vir a variant of Win32/Toolbar.CrossRider.F application cleaned by deleting - quarantinedC:\Qoobox\Quarantine\C\Program Files (x86)\I Want This\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.E application cleaned by deleting - quarantinedC:\Users\webberk\Documents\PDFdownload (1).exe Win32/InstalleRex.E application cleaned by deleting - quarantinedC:\Users\webberk\Documents\PDFdownload.exe Win32/InstalleRex.E application cleaned by deleting - quarantinedC:\Windows\System32\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\ldrtbInc2.dll a variant of Win32/Toolbar.Conduit.P application cleaned by deleting - quarantinedC:\Windows\System32\config\systemprofile\AppData\LocalLow\IncrediMail_MediaBar_2\tbInc2.dll a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantinedE:\Downloads\ActualWindowsUpgrade.exe Win32/InstalleRex.E application cleaned by deleting - quarantinedE:\Downloads\cbsidlm-cbsi134-Starry_Night_Backyard_ESD-SEO-10066547.exe a variant of Win32/CNETInstaller.B application cleaned by deleting - quarantinedE:\Downloads\cbsidlm-tr1_13-Kindle_for_PC-ORG-75185974.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantinedE:\Downloads\FreeYouTubeDownloaderInstaller.exe Win32/Somoto.A application cleaned by deleting - quarantinedE:\Downloads\MediaInfo_GUI_0.7.62_Windows.exe Win32/OpenCandy application cleaned by deleting - quarantinedE:\Downloads\setup(1).exe Win32/InstalleRex.E application cleaned by deleting - quarantinedE:\Downloads\Setup.exe Win32/DomaIQ.L application cleaned by deleting - quarantinedE:\Downloads\SetupImgBurn_2.5.7.0.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantinedE:\Downloads\SoftonicDownloader_for_nasa-world-wind.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantinedE:\Downloads\SoftonicDownloader_for_stellarium.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantinedE:\Downloads\SoftonicDownloader_for_winstars.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantinedE:\Downloads\VideoDownloadConvert.exe Win32/AdInstaller application cleaned by deleting - quarantinedE:\Downloads\ZoGoDJtF Win32/DomaIQ.L application cleaned by deleting - quarantined Link to post Share on other sites More sharing options...
krwebber53 Posted December 5, 2013 Author ID:761013 Share Posted December 5, 2013 Looks like I spoke too soon. Original problem is back. I went all day on 12/04/2013 without the IP Block, but on 12/05/2013 at 5:21 AM it started again.Here from 12/05 protection log is the first couple of lines.2013/12/05 05:21:34 -0600 LENOVO64 webberk IP-BLOCK 162.210.192.14 (Type: outgoing, Port: 53266, Process: svchost.exe)2013/12/05 05:22:38 -0600 LENOVO64 webberk IP-BLOCK 162.210.192.14 (Type: outgoing, Port: 53273, Process: svchost.exe)I was not even using this computer at that time and yet the error started occurring. I will be away from my computer until next Monday, but before then will go back through the steps above. Any additional advice you can give is greatly appreciated.Thanks, Ken Link to post Share on other sites More sharing options...
krwebber53 Posted December 5, 2013 Author ID:761018 Share Posted December 5, 2013 You can hold off doing anything with this issue for now. I realized I had gone back to a restore point earlier in Dec in an effort to correct a device driver issue with this system. After I have gone through all the steps as before, I will post the current status. Hopefully I will have the hardware issue and this malware/virus issue taken care of by then. Whatever the outcome, I will post again next Monday. I certainly appreciate your assistance in this issue. Ken Link to post Share on other sites More sharing options...
Maniac Posted December 5, 2013 ID:761071 Share Posted December 5, 2013 Thank you, Ken! I would like to know what is the current state before send you further instructions. Let me know how are things there when you return. Thanks! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 10, 2013 Root Admin ID:762837 Share Posted December 10, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 11, 2013 Root Admin ID:763474 Share Posted December 11, 2013 Topic reopened per user request. Link to post Share on other sites More sharing options...
Maniac Posted December 11, 2013 ID:763495 Share Posted December 11, 2013 What's new there? Link to post Share on other sites More sharing options...
krwebber53 Posted December 12, 2013 Author ID:763775 Share Posted December 12, 2013 I have rerun all the utility programs - ADW, DDS JRT. All show system is clean, but I am still getting the IP Block message from MalwareBytes. Here are the last logs:AdwCleaner# AdwCleaner v3.014 - Report created 10/12/2013 at 13:27:55# Updated 01/12/2013 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : webberk - LENOVO64# Running from : C:\Users\webberk\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v20.0.1 (en-US) [ File : C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\prefs.js ] -\\ Google Chrome v31.0.1650.63 [ File : C:\Users\webberk\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [20346 octets] - [03/12/2013 10:31:34]AdwCleaner[R1].txt - [1100 octets] - [03/12/2013 11:29:38]AdwCleaner[R2].txt - [1321 octets] - [05/12/2013 11:36:12]AdwCleaner[R3].txt - [1281 octets] - [10/12/2013 13:14:22]AdwCleaner[s0].txt - [20368 octets] - [03/12/2013 10:33:27]AdwCleaner[s1].txt - [1354 octets] - [05/12/2013 11:37:39]AdwCleaner[s2].txt - [1168 octets] - [10/12/2013 13:27:55] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1228 octets] ########## Attach.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2Install Date: 11/30/2009 2:09:53 PMSystem Uptime: 12/10/2013 1:30:37 PM (0 hours ago).Motherboard: LENOVO | | LENOVOProcessor: Intel® Core2 Duo CPU E6750 @ 2.66GHz | LGA 775 | 2667/333mhz.==== Disk Partitions =========================.A: is RemovableC: is FIXED (NTFS) - 898 GiB total, 728.872 GiB free.D: is CDROM ()E: is FIXED (NTFS) - 2794 GiB total, 2575.122 GiB free.L: is FIXED (NTFS) - 898 GiB total, 728.872 GiB free.X: is NetworkDisk (NTFS) - 800 GiB total, 36.75 GiB free..==== Disabled Device Manager Items =============.Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}Description: HID-compliant mouseDevice ID: HID\VID_046D&PID_C52B&MI_01&COL01\7&79E838D&0&0000Manufacturer: MicrosoftName: HID-compliant mousePNP Device ID: HID\VID_046D&PID_C52B&MI_01&COL01\7&79E838D&0&0000Service: mouhid.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Cisco Systems VPN Adapter for 64-bit WindowsDevice ID: ROOT\NET\0000Manufacturer: Cisco SystemsName: Cisco Systems VPN Adapter for 64-bit WindowsPNP Device ID: ROOT\NET\0000Service: CVirtA.==== System Restore Points ===================.RP660: 11/13/2013 6:55:38 PM - Scheduled CheckpointRP661: 11/15/2013 9:03:53 AM - Windows Modules InstallerRP662: 11/15/2013 9:31:22 AM - Windows UpdateRP663: 11/18/2013 9:37:31 AM - Windows UpdateRP664: 11/25/2013 7:19:37 PM - Scheduled CheckpointRP665: 12/3/2013 12:00:09 AM - Scheduled CheckpointRP666: 12/3/2013 9:40:03 AM - Removed IObit Apps Toolbar v8.3.RP667: 12/3/2013 9:49:47 AM - Removed IncrediMail.RP668: 12/4/2013 12:17:12 PM - Restore Operation.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)7-Zip 9.20 (x64 edition)Actual Window Manager 8.0.3ACUCOBOL-GT Thin Client 8.1.2ACUCOBOL-GT Thin Client 8.1.3ACUCOBOL-GT Thin Client 9.1.2Adobe Acrobat X ProAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XI (11.0.05)Advanced SystemCare 6Agent Ransack 2010 (64-bit)Akamai NetSession InterfaceAndroid SDK ToolsAnswerWorks 5.0 English RuntimeAnyDVDAnyMedia Player 3.4.0Apple Application SupportApple Mobile Device SupportApple Software UpdateASPCA Reminder by We-Care.com v4.1.22.1Aspi InstallerAudacity 2.0.3Audible Download ManagerAura DVD Copy 1.3.2Aura DVD Ripper for iPod 1.3.5Aura DVD Ripper Professional 1.3.9Aura Flash to Video Converter 1.1.0Aura Software Manager 1.0.3Aura Video Converter 1.6.0Aura Video Converter Professional 1.3.9Aura Video Editor 1.0.8Aura YouTube Downloader 1.0.8Auslogics Duplicate File FinderAVG 2014AVS Audio Converter 7AVS Audio Editor 7.1AVS Audio Recorder version 4.0AVS Cover Editor 2.0.1.3AVS Disc Creator 5AVS Document Converter 2.2.3AVS DVD Copy 4.1.2.283AVS Image Converter 2.2.2.218AVS Media Player 4.1.9.95AVS Photo EditorAVS Registry Cleaner version 2.2AVS Ringtone Maker version 1.6AVS Screen Capture version 2.0.1AVS Update Manager 1.0AVS Video Converter 8AVS Video Editor 6AVS Video Recorder 2.5AVS Video ReMaker 4.1.1.144AVS4YOU Software Navigator 1.4Belarc Advisor 7.2Bible Search ProBibleCodesPredictionsSetup version 1.0BibleReaderBing BarBing Maps 3DBonjourCCH Small Firm Services (xulRunner)CCleanerCD to WAV and MP3 RipperCisco ConnectCisco Systems VPN Client 5.0.07.0290Cisco WebEx MeetingsCitrix Presentation Server ClientClient32ClienteleCloneDVD2CommandTRADECompare and Merge 2.3Desktop Icon Position Saver (64-bit)DigsbyDIRECTV2PC Playback AdvisorDisplayLink Core SoftwareDisplayLink GraphicsDisplayLink iPad SoftwareDropboxDVD-Cloner V9.70 Build 1115e-Sworde-Sword Bible Screen SaverEDI File EditorEpicor Clientele Loader 7.3.6 CtelwineRegESET Online Scanner v3Evernote v. 5.0.2extend® Version 8.1.2extend® Version 9.1.2Extreme TranslatorExtreme Translator TemplatesFBackup 4ffdshow [rev 2527] [2008-12-19]FileZilla Client 3.6.0.2FileZilla ServerFixCleanerFolderSizes 4Free CD Ripper 3.1Free Download Manager 3.9.2Free YouTube Downloader 3.5.134FreeScreenSharingGetFoldersize 2.3.2GoldWave v5.06GoodSyncGoogle ChromeGoogle Earth Plug-inGoogle Toolbar for Internet ExplorerGoogle Update HelperGoToAssist CorporateGoToMeeting 4.5.0.457GPSoftware Directory OpusH&R Block Alabama 2009H&R Block Alabama 2011H&R Block Alabama 2012H&R Block Business 2009 (Remove Only)H&R Block Business 2010 (Remove Only)H&R Block Business 2011 (Remove Only)H&R Block Premium + Efile + State 2009H&R Block Premium + Efile + State 2010H&R Block Premium + Efile + State 2011H&R Block Premium + Efile + State 2012Hardware HelperHebrew English Transliterated BibleHipaaEdiViewerHotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2135068)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2160831)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2278944)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2293451)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2303365)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2376419)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2387011)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2401992)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2402012)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2402815)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2425130)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2434700)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2736182)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB2890573)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB983504)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB983537)Hotfix for Microsoft Team Foundation Server 2010 Object Model (VSLS) - ENU (KB983578)Hotfix for Microsoft Visual Studio LightSwitch 2011 - ENU (KB2603917)Hotfix for Microsoft Visual Studio LightSwitch 2011 - ENU (KB2890573)HP Color LaserJet 2600 seriesiCloudImgBurnIntel® Graphics Media Accelerator DriverIntel® Network Connections DriversIpswitch WS_FTP 12iSEEK AnswerWorks English RuntimeiTunesJava 7 Update 17 (64-bit)Java 7 Update 45Java Auto UpdaterJava SE Development Kit 7 Update 11Java SE Development Kit 7 Update 17 (64-bit)Java 6 Update 35Java SE Development Kit 6 Update 21Junk Mail filter updateJustCloud K-Lite Mega Codec Pack 9.7.0Lernout & Hauspie TruVoice American English TTS EngineLiaison EDI NotepadLinksys VPN ClientLivedriveLogitech SetPoint 6.32LogMeInMalwarebytes Anti-Malware version 1.75.0.1300MBT DesktopMBT LightWave Trading PlatformMcAfee Security Scan PlusMediaInfo 0.7.62Memeo Instant BackupMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft .NET Framework 4 Multi-Targeting PackMicrosoft Application Error ReportingMicrosoft Choice GuardMicrosoft Help Viewer 1.1Microsoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office Live Add-in 1.5Microsoft Office Live Meeting 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Ultimate 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft Silverlight 4 SDKMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft SQL Server 2008 (64-bit)Microsoft SQL Server 2008 BrowserMicrosoft SQL Server 2008 Common FilesMicrosoft SQL Server 2008 Database Engine ServicesMicrosoft SQL Server 2008 Database Engine SharedMicrosoft SQL Server 2008 Native ClientMicrosoft SQL Server 2008 R2 Management ObjectsMicrosoft SQL Server 2008 RsFx DriverMicrosoft SQL Server 2008 Setup Support Files Microsoft SQL Server Compact 3.5 SP2 ENUMicrosoft SQL Server Compact 3.5 SP2 x64 ENUMicrosoft SQL Server System CLR TypesMicrosoft SQL Server VSS WriterMicrosoft Sync Framework Runtime Native v1.0 (x86)Microsoft Sync Framework Services Native v1.0 (x86)Microsoft Team Foundation Server 2010 Object Model - ENUMicrosoft Team Foundation Server 2010 Object Model (VSLS) - ENUMicrosoft Team Foundation Server 2010 Object Model for Lightswitch 2011 - ENUMicrosoft Visual C# 2008 Express EditionMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219Microsoft Visual F# 2.0 RuntimeMicrosoft Visual Studio LightSwitch 2011 - ENUMicrosoft Visual Studio LightSwitch 2011 Deployment PrerequisitesMicrosoft Visual Studio Macro ToolsMobileMe Control PanelMobileNoterMotoCastMotorola Device ManagerMotorola Device Software UpdateMOTOROLA MEDIA LINKMotorola Mobile Drivers Installation 6.2.0Movavi Video Suite 10Movavi YouTube Converter 3Mozilla Firefox 20.0.1 (x86 en-US)Mozilla Maintenance ServiceMozilla Thunderbird 17.0.3 (x86 en-US)MSVCRTMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB2758694)NASA World Wind 1.4Notepad++Paint.NET v3.5.8PC Inspector File RecoveryPdf995 (installed by H&R Block)PdfEdit995 (installed by H&R Block)PDFKey ProPhoto Notifier and Animation CreatorPlayMemories HomePocketBible NET Bible (NET)Quicken 2010Quicken 2013QuickTimeRealDownloaderRealNetworks - Microsoft Visual C++ 2008 RuntimeRealNetworks - Microsoft Visual C++ 2010 RuntimeRealPlayerRealUpgrade 1.1Recover PDF Password 3.0.118RoboForm 7-9-2-5 (All Users)SafariSamsung KiesSamsung Story Album ViewerSAMSUNG USB Driver for Mobile PhonesSaveAsSeagate DashboardSeagate DiscWizardSeagate Media SoftwareSeaTools for WindowsSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition Security Update for Microsoft Visual Studio LightSwitch 2011 - ENU (KB2645410)Security Update for Microsoft Visual Studio Macro Tools (KB2669970)Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit)Shared C Run-time for x64Smart Defrag 2Snagit 10SoundTaxi 4.0.0SoundTaxi Media Suite 4.0.0SouthWare PDF CreatorSql Server Customer Experience Improvement ProgramSSH Secure ShellStardock Fences 2Startpage24Stellarium 0.11.2Stora Desktop ApplicationsSybase Adaptive Server Enterprise SuiteTanach PlusTaxCut Business 2008 (Remove Only)TaxCut Premium + State + Efile 2008The ScripturestheWordTune SweeperTuneCab Online 3.4.0TuneCab Online Extras 3.4.2TuneSyncU/SQL Client (4.30.0000) Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Verizon V CAST Media ManagerVideo Download Converter version 1.0.0.0Visual Studio 2010 Prerequisites - EnglishVisual Studio 2010 x64 RedistributablesVisual Studio 2012 x64 RedistributablesVisual Studio 2012 x86 RedistributablesVMware PlayerVNC Enterprise Edition E4.5.3VNC Mirror Driver 1.8.0VNC Printer Driver 1.6.0WCF RIA Services V1.0 SP1Web Deployment ToolWindows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live MailWindows Live MessengerWindows Live Movie MakerWindows Live Photo GalleryWindows Live SyncWindows Live Upload ToolWindows Live WriterWinPcap 4.1.3WinStars 2.0WinZip 15.5Wireshark 1.8.5 (64-bit)WiseFixer 3.2WizeFeed 2.1.5Wizetrade® CommoditiesWizetrade® OptionsWizetrade® StocksWoLoSoft SuperEdi 4.3.2Xilisoft HD Video Converter 6XtendXvid 1.1.3 final uninstallXXClone ver 2.01.2bYahoo! MessengerYahoo! Software UpdateYahoo! Toolbar.==== Event Viewer Messages From Past Week ========.12/7/2013 12:53:53 AM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the WSearch service.12/5/2013 2:15:09 PM, Error: Schannel [36888] - The following fatal alert was generated: 43. The internal error state is 252.12/5/2013 12:28:45 PM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 6 service terminated unexpectedly. It has done this 1 time(s).12/10/2013 1:35:23 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.12/10/2013 1:34:48 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.12/10/2013 1:32:23 PM, Error: Service Control Manager [7000] - The vToolbarUpdater17.1.3 service failed to start due to the following error: The system cannot find the file specified.12/10/2013 1:31:40 PM, Error: Service Control Manager [7000] - The Aspi32 service failed to start due to the following error: This driver has been blocked from loading12/10/2013 1:31:40 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\Aspi32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver..==== End Of File =========================== DDSDDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2Run by webberk at 13:39:54 on 2013-12-10Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.5861.2729 [GMT -6:00].AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}.============== Running Processes ===============.C:\PROGRA~2\AVG\AVG2014\avgrsa.exeC:\Program Files (x86)\AVG\AVG2014\avgcsrva.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\DisplayLink Core Software\DisplayLinkManager.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\DisplayLink Core Software\DisplayLinkUI.exeC:\Program Files (x86)\AVG\AVG2014\avgfws.exeC:\Program Files (x86)\AVG\AVG2014\avgidsagent.exeC:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exeC:\Windows\system32\taskeng.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exeC:\Program Files (x86)\FileZilla Server\FileZilla Server.exeC:\Program Files (x86)\Seagate\Seagate_Media\Sync\MediaAggreService.exeC:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exeC:\Program Files\Siber Systems\GoodSync\Gs-Server.exeC:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exeC:\Program Files (x86)\Livedrive\VSSService.exeC:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exeC:\Program Files (x86)\LogMeIn\x64\RaMaint.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exeC:\Program Files (x86)\AVG\AVG2014\avgnsa.exeC:\Program Files (x86)\AVG\AVG2014\avgemca.exeC:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exeC:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exeC:\Windows\SysWOW64\NLSSRV32.EXEC:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exeC:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exeC:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exeC:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\SysWOW64\vmnat.exeC:\Program Files (x86)\AVG\AVG2014\avgcsrva.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\Dwm.exeC:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\LogMeIn\x64\LogMeIn.exeC:\Program Files (x86)\VMware\VMware Player\vmware-authd.exeC:\Windows\SysWOW64\vmnetdhcp.exeC:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\igfxtray.exeC:\Program Files\Logitech\SetPointP\SetPoint.exeC:\Program Files\GPSoftware\Directory Opus\dopusrt.exeC:\Program Files (x86)\Quicken\bagent.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeC:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXEC:\Users\webberk\AppData\Local\Akamai\netsession_win.exeC:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exeC:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeC:\Users\webberk\AppData\Local\Akamai\netsession_win.exeC:\Program Files (x86)\Livedrive\Livedrive.exeC:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exeC:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exeC:\Users\webberk\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\Digsby\lib\digsby-app.exeC:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\adobe\Acrobat 10.0\Acrobat\acrotray.exeC:\Program Files (x86)\AVG\AVG2014\avgui.exeC:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exeC:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exeC:\Program Files (x86)\Real\RealPlayer\Update\realsched.exeC:\Program Files (x86)\Seagate\Seagate_Media\AgrregationStatus\stxmediamenumgr.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\itunes\iTunesHelper.exeC:\Program Files (x86)\Actual Window Manager\ActualWindowManagerCenter64.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exeC:\Program Files (x86)\Actual Window Manager\ActualWindowManagerShellCenter64.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exeC:\Windows\system32\sppsvc.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Program Files\GPSoftware\Directory Opus\dopus.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uURLSearchHooks: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - <orphaned>uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dlldURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dlldURLSearchHooks: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - <orphaned>dURLSearchHooks: {93a3111f-4f74-4ed8-895e-d9708497629e} - <orphaned>BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dllBHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dllBHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dllBHO: Startpage24 Browser Helper: {BBD43808-9D13-4B0B-B023-178FD1FAE442} - C:\ProgramData\Startpage24\Plugin\link64_plugin.dllBHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\java\jre7\bin\jp2ssv.dllBHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dlluRun: [Directory Opus Desktop Dblclk] "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclkuRun: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exeuRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeuRun: [FA82178918DCCA1C45348F45238FC204F7277D5F._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=serviceuRun: [Akamai NetSession Interface] "C:\Users\webberk\AppData\Local\Akamai\netsession_win.exe"uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStartuRun: [Actual Window Manager] c:\program files (x86)\actual window manager\actualwindowmanagercenter.exeuRun: [ActualWindowManagerCenter.exe] c:\program files (x86)\actual window manager\actualwindowmanagercenter.exeuRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeuRun: [Livedrive] "C:\Program Files (x86)\Livedrive\Livedrive.exe" /setupuRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_uimRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLYmRun: [DiscWizardMonitor.exe] "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exemRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osbootmRun: [FreeAgentTheaterTrayIcon] "C:\Program Files (x86)\Seagate\Seagate_Media\AgrregationStatus\StxMediaMenuMgr.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"dRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"dRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStartStartupFolder: C:\Users\webberk\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Digsby.lnk - C:\Program Files (x86)\Digsby\digsby.exeStartupFolder: C:\Users\webberk\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\webberk\AppData\Roaming\Dropbox\bin\Dropbox.exeStartupFolder: C:\Users\webberk\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: EnableShellExecuteHooks = dword:1mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlIE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htmIE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htmIE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htmIE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htmIE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.htmlIE: RoboForm Editor - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComEditIdent.htmlIE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\microsoft office\Office12\ONBttnIE.dllIE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllIE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllIE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files (x86)\SoundTaxi\YouTubeRipper.dllIE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = 207.203.159.23 205.172.132.23TCP: Interfaces\{6BAB9BC1-F74C-4B1F-9E36-170D3EE9BE46} : NameServer = 205.152.144.23,205.152.37.23TCP: Interfaces\{6BAB9BC1-F74C-4B1F-9E36-170D3EE9BE46} : DHCPNameServer = 207.203.159.23 205.172.132.23Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dllHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dllHandler: startpage24 - {879506D7-73DF-8D45-BBDD-123467926D12} - C:\ProgramData\Startpage24\Plugin\link64_plugin.dllSSODL: WebCheck - <orphaned>SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dllSTS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dllSEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllSEH: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dllmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dllx64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dllx64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: BrowserHelper Class: {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files (x86)\Livedrive\ExplorerExtensions.dllx64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dllx64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGamingx64-Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startupx64-Run: [seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dllx64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dllx64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dllx64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>x64-Handler: startpage24 - {879506D7-73DF-8D45-BBDD-123467926D12} - <orphaned>x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dllx64-Notify: igfxcui - igfxdev.dllx64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllx64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dllx64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dllx64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dllx64-SEH: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll.================= FIREFOX ===================.FF - ProfilePath - C:\Users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - BingFF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dllFF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.3\npsitesafety.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\java\jre7\bin\dtplugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dllFF - plugin: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dllFF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dllFF - plugin: C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dllFF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dllFF - plugin: C:\ProgramData\Startpage24\Plugin\firefox\plugins\nplink64.dllFF - plugin: C:\ProgramData\Startpage24\Plugin\nplink64chrome.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dllFF - ExtSQL: 2013-12-04 14:58; ffext@startpage24; C:\ProgramData\Startpage24\Plugin\firefox.============= SERVICES / DRIVERS ===============.R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]R0 dlkmdldr;dlkmdldr;C:\Windows\System32\drivers\dlkmdldr.sys [2013-11-15 15664]R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-10-10 17720]R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2013-5-16 210016]R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2013-5-16 141920]R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-6-5 70296]R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 57144]R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-26 46368]R1 CbFs;CbFs;C:\Windows\System32\drivers\cbfs.sys [2012-9-4 191960]R1 cbfs3;cbfs3;C:\Windows\System32\drivers\cbfs3.sys [2013-3-27 352008]R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-24 574272]R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2013-9-24 1358944]R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-6-5 87400]R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2013-10-7 9281840]R2 FreeAgentTheater Service;Seagate Media;C:\Program Files (x86)\Seagate\Seagate_Media\Sync\MediaAggreService.exe [2012-12-20 237248]R2 GsServer;GoodSync Server;C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [2013-5-21 5825168]R2 LivedriveVSSService;Livedrive VSS Service;C:\Program Files (x86)\Livedrive\VSSService.exe [2013-7-29 210584]R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-10-1 376144]R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2008-8-11 16056]R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2009-12-7 72216]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-7 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-7 701512]R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-4-6 25824]R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-7-31 137528]R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2011-12-20 68896]R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2013-4-24 483864]R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-10-2 65657]R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-11-3 8704]R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-6-30 1191408]R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]R3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.4.51572.0.sys [2013-10-8 46384]R3 dlkmd;dlkmd;C:\Windows\System32\drivers\dlkmd.sys [2013-11-15 388912]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-1-3 70168]R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-7 25928]R3 SndTAudio;SndTAudio;C:\Windows\System32\drivers\SndTAudio.sys [2011-1-19 33336]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 vToolbarUpdater17.1.3;vToolbarUpdater17.1.3;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [?]S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-20 103576]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2009-12-1 61280]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\windows live\Family Safety\fsssvc.exe [2009-8-5 704864]S3 GSService;GSService;C:\Windows\SysWOW64\GSService.exe [2013-2-13 403832]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-18 111616]S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]S3 SMServer;SMServer;C:\Windows\SysWOW64\snmvtsvc.exe [2011-1-19 245760]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-8-20 204568]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]S3 STSService;STSService;C:\Program Files (x86)\SoundTaxi Media Suite\STSService.exe [2010-4-12 344064]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-4-5 59392]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-20 1255736]S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464].=============== File Associations ===============.ShellExec: Sidebar.exe: open=C:\Program Files (x86)\Windows Sidebar\Sidebar.exe.=============== Created Last 30 ================.2013-12-04 22:06:42 -------- d-----w- C:\Users\webberk\AppData\Local\DriverToolkit2013-12-04 22:06:39 -------- d-----w- C:\Program Files (x86)\DriverToolkit2013-12-04 20:26:39 -------- d-----w- C:\ProgramData\UAB2013-12-04 20:03:05 -------- d-----w- C:\ProgramData\Actual Tools2013-12-04 01:43:26 -------- d-----w- C:\Program Files (x86)\ESET2013-12-03 16:31:23 -------- d-----w- C:\AdwCleaner2013-12-03 16:05:06 -------- d-----w- C:\Windows\ERUNT2013-11-15 15:47:15 388912 ----a-w- C:\Windows\System32\drivers\dlkmd.sys2013-11-15 15:47:15 15664 ----a-w- C:\Windows\System32\drivers\dlkmdldr.sys2013-11-15 15:06:12 1930752 ----a-w- C:\Windows\System32\authui.dll2013-11-15 15:06:11 197120 ----a-w- C:\Windows\System32\credui.dll2013-11-15 15:06:11 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll2013-11-15 15:06:11 1796096 ----a-w- C:\Windows\SysWow64\authui.dll2013-11-15 15:06:11 168960 ----a-w- C:\Windows\SysWow64\credui.dll2013-11-15 15:06:11 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll2013-11-13 22:41:14 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69.==================== Find3M ====================.2013-11-22 14:20:28 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-11-22 14:20:28 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-11-20 15:57:23 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys2013-11-06 03:55:48 150808 ----a-w- C:\Windows\System32\drivers\avgdiska.sys2013-11-05 03:52:42 240920 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys2013-11-01 05:00:18 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys2013-11-01 04:49:46 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys2013-10-31 13:40:24 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll2013-10-31 13:40:23 92488 ----a-w- C:\Windows\System32\LMIinit.dll2013-10-31 13:40:23 35656 ----a-w- C:\Windows\System32\LMIport.dll2013-10-25 04:25:58 194872 ----a-w- C:\Windows\System32\drivers\avgidsha.sys2013-10-20 13:59:03 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll.000.bak2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL2013-10-10 19:35:10 9584 ----a-w- C:\Windows\SysWow64\ractrlkeyhook.dll2013-10-10 17:00:13 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll2013-10-10 17:00:13 259584 ----a-w- C:\Windows\System32\WebClnt.dll2013-10-10 17:00:13 205824 ----a-w- C:\Windows\SysWow64\WebClnt.dll2013-10-10 17:00:13 140800 ----a-w- C:\Windows\System32\drivers\mrxdav.sys2013-10-10 17:00:13 102400 ----a-w- C:\Windows\System32\davclnt.dll2013-10-10 16:58:46 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-10-10 16:58:45 327168 ----a-w- C:\Windows\System32\mswsock.dll2013-10-10 16:58:45 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll2013-10-10 16:58:20 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys2013-10-08 20:02:12 46384 ----a-w- C:\Windows\System32\drivers\DisplayLinkUsbIo_x64_7.4.51572.0.sys2013-10-08 20:02:10 947200 ----a-w- C:\Windows\System32\DisplayLinkUsbCo64_7.4.51572.0.dll2013-10-08 13:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-10-07 10:43:24 1227056 ----a-w- C:\Windows\System32\dlumd9.dll2013-10-07 10:43:24 1227056 ----a-w- C:\Windows\System32\dlumd64.dll2013-10-07 10:43:24 1227056 ----a-w- C:\Windows\System32\dlumd11.dll2013-10-07 10:43:24 1227056 ----a-w- C:\Windows\System32\dlumd10.dll2013-10-07 10:43:22 1010480 ----a-w- C:\Windows\SysWow64\dlumd9.dll2013-10-07 10:43:22 1010480 ----a-w- C:\Windows\SysWow64\dlumd32.dll2013-10-07 10:43:22 1010480 ----a-w- C:\Windows\SysWow64\dlumd11.dll2013-10-07 10:43:22 1010480 ----a-w- C:\Windows\SysWow64\dlumd10.dll2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll2013-10-01 06:52:08 123704 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys2013-09-26 14:44:54 57144 ----a-w- C:\Windows\System32\drivers\avgfwd6a.sys2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe2013-09-15 18:20:22 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll2013-09-15 18:20:22 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll2012-01-10 20:36:38 4763456 ----a-w- C:\Program Files (x86)\procexp.exe.============= FINISH: 13:41:49.59 =============== JRT~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.8 (11.05.2013:1)OS: Windows 7 Professional x64Ran by webberk on Tue 12/10/2013 at 14:38:57.32~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 12/10/2013 at 14:50:51.55End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
Maniac Posted December 13, 2013 ID:764023 Share Posted December 13, 2013 Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here Please visit this webpage and read the ComboFix User's Guide:Once you've read the article and are ready to use the program you can download it directly from the link below.Important! - Please make sure you save combofix to your desktop and do not run it from your browserDirect download link for: ComboFix.exePlease make sure you disable your security applications before running ComboFix.Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.Please copy/paste the contents or attach that log file to your next reply.If needed the file can be located here: C:\combofix.txtNOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer. Link to post Share on other sites More sharing options...
krwebber53 Posted December 14, 2013 Author ID:764270 Share Posted December 14, 2013 When I clicked on the link to " ComboFix usage, Questions, Help? - Look here " I received this message.http://www.bleepingcomputer.com/forums/topic273628.html Sorry, we couldn't find that! [#404]Sorry, we could not locate the page you are requesting to view. Please click here to return to the community indexNeed Help?Click here to log inOur help documentationContact the community administrator I have downloaded ComboFix.exe to my desktop and read through the ComboFix Users Guide. Should I go ahead and run without reading info on the link? Link to post Share on other sites More sharing options...
Maniac Posted December 14, 2013 ID:764364 Share Posted December 14, 2013 They have made some changes on their URLs, that's why the link now is: http://www.bleepingcomputer.com/forums/t/273628/combofix-usage-questions-help-look-here/ You can proceed further. Link to post Share on other sites More sharing options...
krwebber53 Posted December 16, 2013 Author ID:764990 Share Posted December 16, 2013 Thanks. I was away from my computer until now and am starting combofix now. I will post the results in the morning. Link to post Share on other sites More sharing options...
krwebber53 Posted December 16, 2013 Author ID:764995 Share Posted December 16, 2013 1st attempt to post ComboFix results yeolded error - Post too long - so I will post results in partsPart 1ComboFix 13-12-13.01 - webberk 12/15/2013 23:24:06.2.2 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.5861.3053 [GMT -6:00]Running from: c:\users\webberk\Desktop\ComboFix.exeAV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}. ADS - Windows: deleted 0 bytes in 1 streams. .((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\webberk\AppData\Local\Temp\aimemb.dllc:\users\webberk\AppData\Local\Temp\aimemb64.dllc:\windows\Fonts\PCFNEW.FONc:\windows\Fonts\PCMIRIAM.FONc:\windows\SysWow64\Cachec:\windows\SysWow64\Cache\075884af680ff6dc.fbc:\windows\SysWow64\Cache\227113dfa1ca894d.fbc:\windows\SysWow64\Cache\28aa9695c0851492.fbc:\windows\SysWow64\Cache\49fbbc5a8678d502.fbc:\windows\SysWow64\Cache\5c54eb1a1655b076.fbc:\windows\SysWow64\Cache\5f7a1730619160ca.fbc:\windows\SysWow64\Cache\613e8ce7ab7106af.fbc:\windows\SysWow64\Cache\633a76311867bd11.fbc:\windows\SysWow64\Cache\691f14230153a9e1.fbc:\windows\SysWow64\Cache\6cb409d7ac73d9f1.fbc:\windows\SysWow64\Cache\7614bd6cfa99e546.fbc:\windows\SysWow64\Cache\77664b6ccc36be9f.fbc:\windows\SysWow64\Cache\881b3593316772f0.fbc:\windows\SysWow64\Cache\98657d0579ae1930.fbc:\windows\SysWow64\Cache\a25e71635e6f5194.fbc:\windows\SysWow64\Cache\a814d70abb5320cf.fbc:\windows\SysWow64\Cache\bc8b7c797277c61b.fbc:\windows\SysWow64\Cache\c4e10d1be905349b.fbc:\windows\SysWow64\Cache\d5c0f4e7bbe35bf3.fbc:\windows\SysWow64\Cache\d9ca663388d21ec0.fbc:\windows\SysWow64\Cache\e28ceca8be4a3ef0.fbc:\windows\SysWow64\Cache\f2cda51fd108941f.fbc:\windows\SysWow64\Cache\f34d8db84131d925.fbc:\windows\SysWow64\Packet.dllc:\windows\SysWow64\pthreadVC.dllc:\windows\SysWow64\wpcap.dll..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_NPF..((((((((((((((((((((((((( Files Created from 2013-11-16 to 2013-12-16 )))))))))))))))))))))))))))))))..2013-12-16 05:34 . 2013-12-16 05:34 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp2013-12-16 05:34 . 2013-12-16 05:34 -------- d-----w- c:\users\Public\AppData\Local\temp2013-12-16 05:34 . 2013-12-16 05:34 -------- d-----w- c:\users\ken\AppData\Local\temp2013-12-16 05:34 . 2013-12-16 05:34 -------- d-----w- c:\users\Guest\AppData\Local\temp2013-12-16 05:34 . 2013-12-16 05:34 -------- d-----w- c:\users\Default\AppData\Local\temp2013-12-16 05:34 . 2013-12-16 05:34 -------- d-----w- c:\users\Administrator\AppData\Local\temp2013-12-16 05:34 . 2013-12-16 05:34 -------- d-----w- c:\users\admin\AppData\Local\temp2013-12-04 22:06 . 2013-12-04 22:06 -------- d-----w- c:\users\webberk\AppData\Local\DriverToolkit2013-12-04 22:06 . 2013-12-05 16:18 -------- d-----w- c:\program files (x86)\DriverToolkit2013-12-04 20:26 . 2013-12-04 20:27 -------- d-----w- c:\programdata\UAB2013-12-04 20:03 . 2013-12-04 20:03 -------- d-----w- c:\programdata\Actual Tools2013-12-04 01:43 . 2013-12-05 16:17 -------- d-----w- c:\program files (x86)\ESET2013-12-03 16:31 . 2013-12-10 19:28 -------- d-----w- C:\AdwCleaner2013-12-03 16:05 . 2013-12-05 16:17 -------- d-----w- c:\windows\ERUNT2013-11-18 15:44 . 2013-10-15 00:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-12-10 22:57 . 2012-04-05 13:53 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-12-10 22:57 . 2011-06-21 21:27 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-11-20 15:57 . 2013-03-26 19:19 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys2013-11-18 15:42 . 2013-11-18 15:42 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-11-18 15:42 . 2013-11-18 15:42 1818112 ----a-w- c:\windows\SysWow64\wininet.dll2013-11-18 15:42 . 2013-11-18 15:42 62464 ----a-w- c:\windows\SysWow64\tdc.ocx2013-11-18 15:42 . 2013-11-18 15:42 454656 ----a-w- c:\windows\SysWow64\vbscript.dll2013-11-18 15:42 . 2013-11-18 15:42 139264 ----a-w- c:\windows\SysWow64\wextract.exe2013-11-18 15:42 . 2013-11-18 15:42 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-11-15 15:34 . 2009-12-07 19:45 82896128 ----a-w- c:\windows\system32\MRT.exe2013-11-15 15:06 . 2013-11-15 15:06 1930752 ----a-w- c:\windows\system32\authui.dll2013-11-15 15:06 . 2013-11-15 15:06 197120 ----a-w- c:\windows\system32\credui.dll2013-11-15 15:06 . 2013-11-15 15:06 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll2013-11-15 15:06 . 2013-11-15 15:06 1796096 ----a-w- c:\windows\SysWow64\authui.dll2013-11-15 15:06 . 2013-11-15 15:06 168960 ----a-w- c:\windows\SysWow64\credui.dll2013-11-15 15:06 . 2013-11-15 15:06 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll2013-11-15 15:03 . 2011-09-08 21:54 191168 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll2013-11-06 03:55 . 2013-11-06 03:55 150808 ----a-w- c:\windows\system32\drivers\avgdiska.sys2013-11-05 03:52 . 2013-11-05 03:52 240920 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys2013-11-01 05:00 . 2013-11-01 05:00 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys2013-11-01 04:49 . 2013-11-01 04:49 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys2013-10-31 13:40 . 2009-12-07 19:34 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll2013-10-31 13:40 . 2009-12-07 19:34 35656 ----a-w- c:\windows\system32\LMIport.dll2013-10-31 13:40 . 2009-12-07 19:34 92488 ----a-w- c:\windows\system32\LMIinit.dll2013-10-25 04:25 . 2013-10-25 04:25 194872 ----a-w- c:\windows\system32\drivers\avgidsha.sys2013-10-20 13:59 . 2009-12-07 19:34 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak2013-10-12 02:30 . 2013-11-12 20:28 830464 ----a-w- c:\windows\system32\nshwfp.dll2013-10-12 02:29 . 2013-11-12 20:28 859648 ----a-w- c:\windows\system32\IKEEXT.DLL2013-10-12 02:29 . 2013-11-12 20:28 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL2013-10-12 02:03 . 2013-11-12 20:28 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll2013-10-12 02:01 . 2013-11-12 20:28 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL2013-10-10 19:35 . 2013-10-10 19:35 9584 ----a-w- c:\windows\SysWow64\ractrlkeyhook.dll2013-10-10 17:00 . 2013-10-10 17:00 81920 ----a-w- c:\windows\SysWow64\davclnt.dll2013-10-10 17:00 . 2013-10-10 17:00 259584 ----a-w- c:\windows\system32\WebClnt.dll2013-10-10 17:00 . 2013-10-10 17:00 205824 ----a-w- c:\windows\SysWow64\WebClnt.dll2013-10-10 17:00 . 2013-10-10 17:00 140800 ----a-w- c:\windows\system32\drivers\mrxdav.sys2013-10-10 17:00 . 2013-10-10 17:00 102400 ----a-w- c:\windows\system32\davclnt.dll2013-10-10 16:59 . 2013-10-10 16:59 878080 ----a-w- c:\windows\system32\advapi32.dll2013-10-10 16:59 . 2013-10-10 16:59 859648 ----a-w- c:\windows\system32\tdh.dll2013-10-10 16:59 . 2013-10-10 16:59 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe2013-10-10 16:59 . 2013-10-10 16:59 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-10-10 16:59 . 2013-10-10 16:59 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-10-10 16:59 . 2013-10-10 16:59 243712 ----a-w- c:\windows\system32\wow64.dll2013-10-10 16:59 . 2013-10-10 16:59 1732032 ----a-w- c:\windows\system32\ntdll.dll2013-10-10 16:59 . 2013-10-10 16:59 7680 ----a-w- c:\windows\SysWow64\instnm.exe2013-10-10 16:59 . 2013-10-10 16:59 5120 ----a-w- c:\windows\SysWow64\wow32.dll2013-10-10 16:59 . 2013-10-10 16:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-10-10 16:59 . 2013-10-10 16:59 25600 ----a-w- c:\windows\SysWow64\setup16.exe2013-10-10 16:59 . 2013-10-10 16:59 2048 ----a-w- c:\windows\SysWow64\user.exe2013-10-10 16:59 . 2013-10-10 16:59 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2013-10-10 16:59 . 2013-10-10 16:59 640512 ----a-w- c:\windows\SysWow64\advapi32.dll2013-10-10 16:59 . 2013-10-10 16:59 619520 ----a-w- c:\windows\SysWow64\tdh.dll2013-10-10 16:59 . 2013-10-10 16:59 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll2013-10-10 16:59 . 2013-10-10 16:59 461312 ----a-w- c:\windows\system32\scavengeui.dll2013-10-10 16:58 . 2013-10-10 16:58 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-10-10 16:58 . 2013-10-10 16:58 327168 ----a-w- c:\windows\system32\mswsock.dll2013-10-10 16:58 . 2013-10-10 16:58 231424 ----a-w- c:\windows\SysWow64\mswsock.dll2013-10-10 16:58 . 2013-10-10 16:58 155584 ----a-w- c:\windows\system32\drivers\ataport.sys2013-10-08 20:02 . 2013-10-08 20:02 46384 ----a-w- c:\windows\system32\drivers\DisplayLinkUsbIo_x64_7.4.51572.0.sys2013-10-08 20:02 . 2013-10-08 20:02 947200 ----a-w- c:\windows\system32\DisplayLinkUsbCo64_7.4.51572.0.dll2013-10-08 13:50 . 2013-11-04 16:23 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-10-07 10:45 . 2013-11-15 15:47 388912 ----a-w- c:\windows\system32\drivers\dlkmd.sys2013-10-07 10:45 . 2013-11-15 15:47 15664 ----a-w- c:\windows\system32\drivers\dlkmdldr.sys2013-10-07 10:43 . 2013-10-07 10:43 1227056 ----a-w- c:\windows\system32\dlumd9.dll2013-10-07 10:43 . 2013-10-07 10:43 1227056 ----a-w- c:\windows\system32\dlumd64.dll2013-10-07 10:43 . 2013-10-07 10:43 1227056 ----a-w- c:\windows\system32\dlumd11.dll2013-10-07 10:43 . 2013-10-07 10:43 1227056 ----a-w- c:\windows\system32\dlumd10.dll2013-10-07 10:43 . 2013-10-07 10:43 1010480 ----a-w- c:\windows\SysWow64\dlumd9.dll2013-10-07 10:43 . 2013-10-07 10:43 1010480 ----a-w- c:\windows\SysWow64\dlumd32.dll2013-10-07 10:43 . 2013-10-07 10:43 1010480 ----a-w- c:\windows\SysWow64\dlumd11.dll2013-10-07 10:43 . 2013-10-07 10:43 1010480 ----a-w- c:\windows\SysWow64\dlumd10.dll2013-10-05 20:25 . 2013-11-12 20:28 1474048 ----a-w- c:\windows\system32\crypt32.dll2013-10-05 19:57 . 2013-11-12 20:28 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll2013-10-03 02:23 . 2013-11-12 20:28 404480 ----a-w- c:\windows\system32\gdi32.dll2013-10-03 02:00 . 2013-11-12 20:28 311808 ----a-w- c:\windows\SysWow64\gdi32.dll2013-10-01 06:52 . 2013-10-01 06:52 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys2013-09-28 01:09 . 2013-11-12 20:28 497152 ----a-w- c:\windows\system32\drivers\afd.sys2013-09-26 14:44 . 2012-09-04 15:39 57144 ----a-w- c:\windows\system32\drivers\avgfwd6a.sys2013-09-25 02:26 . 2013-11-12 20:28 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys2013-09-25 02:26 . 2013-11-12 20:28 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys2013-09-25 02:23 . 2013-11-12 20:28 28672 ----a-w- c:\windows\system32\sspisrv.dll2013-09-25 02:23 . 2013-11-12 20:28 135680 ----a-w- c:\windows\system32\sspicli.dll2013-09-25 02:23 . 2013-11-12 20:28 28160 ----a-w- c:\windows\system32\secur32.dll2013-09-25 02:22 . 2013-11-12 20:28 340992 ----a-w- c:\windows\system32\schannel.dll2013-09-25 02:21 . 2013-11-12 20:28 307200 ----a-w- c:\windows\system32\ncrypt.dll2013-09-25 02:21 . 2013-11-12 20:28 1447936 ----a-w- c:\windows\system32\lsasrv.dll2013-09-25 01:58 . 2013-11-12 20:28 96768 ----a-w- c:\windows\SysWow64\sspicli.dll2013-09-25 01:57 . 2013-11-12 20:28 22016 ----a-w- c:\windows\SysWow64\secur32.dll2013-09-25 01:57 . 2013-11-12 20:28 247808 ----a-w- c:\windows\SysWow64\schannel.dll2013-09-25 01:56 . 2013-11-12 20:28 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll2013-09-25 01:03 . 2013-11-12 20:28 30720 ----a-w- c:\windows\system32\lsass.exe2012-01-10 20:36 . 2012-01-10 20:36 4763456 ----a-w- c:\program files (x86)\procexp.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn4\yt.dll" [2012-11-26 1525088].[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}][HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1][HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}][HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\webberk\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\webberk\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\webberk\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\webberk\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]2012-11-10 15:55 158056 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Directory Opus Desktop Dblclk"="c:\program files\GPSoftware\Directory Opus\dopusrt.exe" [2013-06-14 351344]"QuickenScheduledUpdates"="c:\program files (x86)\Quicken\bagent.exe" [2013-04-10 76072]"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-09-14 59720]"FA82178918DCCA1C45348F45238FC204F7277D5F._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-12-04 863184]"Akamai NetSession Interface"="c:\users\webberk\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-19 491840]"Actual Window Manager"="c:\program files (x86)\actual window manager\actualwindowmanagercenter.exe" [2013-09-14 1973040]"ActualWindowManagerCenter.exe"="c:\program files (x86)\actual window manager\actualwindowmanagercenter.exe" [2013-09-14 1973040]"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-09-15 59720]"Livedrive"="c:\program files (x86)\Livedrive\Livedrive.exe" [2013-07-29 1814680]"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-10-17 109784].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-09-03 41336]"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-09-03 840568]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-11-03 73728]"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-11-08 4956176]"DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-06-30 2638152]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2013-04-24 740888]"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-09-15 295512]"FreeAgentTheaterTrayIcon"="c:\program files (x86)\Seagate\Seagate_Media\AgrregationStatus\StxMediaMenuMgr.exe" [2012-12-20 177344]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-10-17 109784]"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-19 491840].c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=ENU /_WFM="." [2009-11-16 517384].c:\users\webberk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk - c:\program files (x86)\Digsby\digsby.exe [2010-3-3 141488]Dropbox.lnk - c:\users\webberk\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2013-10-3 1103200].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"EnableShellExecuteHooks"= 1 (0x1).[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{EE761688-C137-4b04-8FAB-3C9CDF0886F0}"= "c:\program files\GPSoftware\Directory Opus\dopuslib32.dll" [2013-06-14 366672].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 vToolbarUpdater17.1.3;vToolbarUpdater17.1.3;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [x]R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.3.40660.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbPort_6.3.40660.0.sys [x]R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe;c:\windows\SysWOW64\GSService.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x]R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys;c:\windows\SYSNATIVE\Drivers\motoandroid.sys [x]R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]R3 PROCEXP151;PROCEXP151; [x]R3 SMServer;SMServer;c:\windows\SysWOW64\snmvtsvc.exe;c:\windows\SysWOW64\snmvtsvc.exe [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]R3 STSService;STSService;c:\program files (x86)\SoundTaxi Media Suite\STSService.exe;c:\program files (x86)\SoundTaxi Media Suite\STSService.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys;c:\windows\SYSNATIVE\drivers\dlkmdldr.sys [x]S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt53.sys [x]S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys;c:\windows\SYSNATIVE\drivers\cbfs.sys [x]S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2014\avgfws.exe;c:\program files (x86)\AVG\AVG2014\avgfws.exe [x]S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]S2 FreeAgentTheater Service;Seagate Media;c:\program files (x86)\Seagate\Seagate_Media\Sync\MediaAggreService.exe;c:\program files (x86)\Seagate\Seagate_Media\Sync\MediaAggreService.exe [x]S2 GsServer;GoodSync Server;c:\program files\Siber Systems\GoodSync\Gs-Server.exe;c:\program files\Siber Systems\GoodSync\Gs-Server.exe [x]S2 LivedriveVSSService;Livedrive VSS Service;c:\program files (x86)\Livedrive\VSSService.exe;c:\program files (x86)\Livedrive\VSSService.exe [x]S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]S3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;c:\windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.4.51572.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbIo_x64_7.4.51572.0.sys [x]S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys;c:\windows\SYSNATIVE\drivers\dlkmd.sys [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys;c:\windows\SYSNATIVE\drivers\SndTAudio.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-12-06 07:36 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe. Link to post Share on other sites More sharing options...
krwebber53 Posted December 16, 2013 Author ID:764996 Share Posted December 16, 2013 Part 2Contents of the 'Scheduled Tasks' folder.2013-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 22:57].2012-09-05 c:\windows\Tasks\GoodSync - iWorship.job- c:\program files\Siber Systems\GoodSync\gsync.exe [2013-05-21 10:55].2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-30 22:14].2013-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-30 22:14]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlay]@="{B44A5D93-1351-41A1-BD91-5E92435D8ECD}"[HKEY_CLASSES_ROOT\CLSID\{B44A5D93-1351-41A1-BD91-5E92435D8ECD}]2013-07-29 16:38 1245848 ----a-w- c:\program files (x86)\Livedrive\Extensions.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\webberk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\webberk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\webberk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\webberk\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]2012-11-10 15:55 190312 ----a-w- c:\windows\System32\CbFsMntNtf3.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay]@="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}"[HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}]2013-07-29 16:38 1245848 ----a-w- c:\program files (x86)\Livedrive\Extensions.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay]@="{84CEF1E4-1356-4063-845F-05047F4DD52C}"[HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}]2013-07-29 16:38 1245848 ----a-w- c:\program files (x86)\Livedrive\Extensions.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSyncedOverlay]@="{42058329-2FBF-4B33-8E52-3BE5754DE0C1}"[HKEY_CLASSES_ROOT\CLSID\{42058329-2FBF-4B33-8E52-3BE5754DE0C1}]2013-07-29 16:38 1245848 ----a-w- c:\program files (x86)\Livedrive\Extensions.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay]@="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}"[HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}]2013-07-29 16:38 1245848 ----a-w- c:\program files (x86)\Livedrive\Extensions.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2008-08-11 57928]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 385560]"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 363544]"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]"Fences"="c:\program files (x86)\Stardock\Fences\Fences.exe" [2013-03-20 3996848]"Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-06-30 395152].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2013-03-20 552112].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"= "c:\program files\GPSoftware\Directory Opus\dopuslib.dll" [2013-06-14 1409656].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.local;192.168.*.*;<local>IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Clip Image - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.htmlTCP: DhcpNameServer = 207.203.159.23 205.172.132.23TCP: Interfaces\{6BAB9BC1-F74C-4B1F-9E36-170D3EE9BE46}: NameServer = 205.152.144.23,205.152.37.23Handler: startpage24 - {879506D7-73DF-8D45-BBDD-123467926D12} - c:\programdata\Startpage24\Plugin\link64_plugin.dllFF - ProfilePath - c:\users\webberk\AppData\Roaming\Mozilla\Firefox\Profiles\knmvngqb.default\FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - BingFF - ExtSQL: 2013-12-04 14:58; ffext@startpage24; c:\programdata\Startpage24\Plugin\firefox.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startWebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)AddRemove-0PR44WT7-L00K-1T1Z-H3R3-UN1NST4LLTH3_is1 - c:\program files (x86)\GlobalTec SolutionsAddRemove-C0M0DITY-L00K-1T1Z-H3R3-UN1NST4LLTH3_is1 - c:\program files (x86)\GlobalTec SolutionsAddRemove-C0MM4NDT-L00K-1T1Z-H3R3-UN1NST4LLTH3_is1 - c:\program files (x86)\GlobalTec SolutionsAddRemove-W1Z3F33D-CD0C-4AC4-86B4-X11E5511AA18_is1 - c:\program files (x86)\GlobalTec SolutionsAddRemove-W1Z3T4D3-L00K-1T1Z-H3R3-UN1NST4LLTH3_is1 - c:\program files (x86)\GlobalTec Solutions...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5e, 76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8, 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90, 43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8, 0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70"{11111111-1111-1111-1111-110011221158}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02, 15,23,5f,7f,54,6e,07,52,40,14,7c,55,4c"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7"{27B4851A-3207-45A2-B947-BE8AFE6163AB}"=hex:51,66,7a,6c,4c,1d,38,12,74,86,a7, 23,35,7c,cc,00,c6,51,fd,ca,fb,3f,27,bf"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a, 34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de"{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5e, 76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f, aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77, b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb"{CC59E0F9-7E43-44FA-9FAA-8377850BF205}"=hex:51,66,7a,6c,4c,1d,38,12,97,e3,4a, c8,71,30,94,01,e0,bc,c0,37,80,55,b6,11"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84, f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b"{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}"=hex:51,66,7a,6c,4c,1d,3b,1b,64,d2,44, 54,75,5c,8a,34,aa,62,82,42,ba,d5,f4,71.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:a8,28,c3,09,e2,b1,cd,01.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]@Denied: (2) (LocalSystem)"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,e4,93,b0,8f,8e,1f,4f,88,b8,45,\"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,e4,93,b0,8f,8e,1f,4f,88,b8,45,\"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,e4,93,b0,8f,8e,1f,4f,88,b8,45,\.[HKEY_USERS\S-1-5-21-2799653475-1206912365-1311522834-1001\Control Panel\International\Time]@Denied: (A) (Everyone)"{FAE7A96A-56C3-4ABF-A6C2-D5D78089A7D8}"=hex:6a,a9,e7,fa,c3,56,bf,4a,a6,c2,d5, d7,80,89,a7,d8,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\"{C3C00093-A5A2-48F3-AFCC-E0DE0EB8D1C6}"=hex:93,00,c0,c3,a2,a5,f3,48,af,cc,e0, de,0e,b8,d1,c6,37,48,5f,35,4d,25,3f,4b,3d,34,4c,23,45,29,5c,4b,5d,39,57,53,\"{378DC036-1D5F-41FA-8623-13BC398BBE82}"=hex:36,c0,8d,37,5f,1d,fa,41,86,23,13, bc,39,8b,be,82,53,32,49,44,51,25,4e,3d,4c,46,46,23,4a,57,23,2b,46,39,4f,55,\"{CD2D009D-C44E-4959-A103-9B11705195D7}"=hex:9d,00,2d,cd,4e,c4,59,49,a1,03,9b, 11,70,51,95,d7,4e,4c,55,4e,3f,25,50,4b,3f,40,4a,23,4a,5d,27,24,4b,39,5b,51,\"{5BBF68F8-9F66-4E76-AE71-3A8506C8DBAD}"=hex:f8,68,bf,5b,66,9f,76,4e,ae,71,3a, 85,06,c8,db,ad,41,57,56,5f,56,25,58,44,58,5f,34,23,42,29,5f,4a,51,39,5d,22,\"{3751523F-A7F6-4DDA-B49C-E8136E65DDD5}"=hex:3f,52,51,37,f6,a7,da,4d,b4,9c,e8, 13,6e,65,dd,d5,41,30,4f,45,4f,25,5f,4d,5f,38,48,23,3a,23,53,58,44,39,53,40,\"{D989101A-35EA-422C-B608-F456F9A77BC7}"=hex:1a,10,89,d9,ea,35,2c,42,b6,08,f4, 56,f9,a7,7b,c7,3b,49,57,34,35,25,50,40,38,58,5f,23,5d,28,55,43,40,39,4d,55,\"{16DE98D8-D650-4E69-8AA0-3D9273112FA9}"=hex:d8,98,de,16,50,d6,69,4e,8a,a0,3d, 92,73,11,2f,a9,34,4e,4b,35,53,25,53,42,4a,5c,35,23,49,29,44,44,52,39,46,22,\"{AE57E92E-ADCF-4877-B9CC-1F0F113736CD}"=hex:2e,e9,57,ae,cf,ad,77,48,b9,cc,1f, 0f,11,37,36,cd,40,5e,53,57,5d,25,4a,32,5d,5f,3e,23,4a,42,4b,50,47,39,23,54,\"{65BC8CA4-A1BB-4D6A-A17E-A52E811C44F5}"=hex:a4,8c,bc,65,bb,a1,6a,4d,a1,7e,a5, 2e,81,1c,44,f5,44,5e,3d,5c,5f,25,47,5d,4f,58,34,23,5b,5b,54,21,51,39,5e,52,\"{D980D581-6CC6-4BE0-91BC-B474647F0D3E}"=hex:81,d5,80,d9,c6,6c,e0,4b,91,bc,b4, 74,64,7f,0d,3e,41,3c,3d,50,41,25,53,50,5c,3f,41,23,3b,22,44,24,4b,39,4f,58,\"{5FB1E64F-3006-4F5C-88ED-C38C6FF0D841}"=hex:4f,e6,b1,5f,06,30,5c,4f,88,ed,c3, 8c,6f,f0,d8,41,3b,54,30,31,44,25,5a,44,47,4a,58,23,44,45,56,58,47,39,4f,4f,\"{CAAA4185-9BDB-4C8B-B2AE-D220E1C3E05A}"=hex:85,41,aa,ca,db,9b,8b,4c,b2,ae,d2, 20,e1,c3,e0,5a,3a,56,5d,5c,5d,25,5b,5b,32,3a,34,23,48,5c,40,25,52,39,58,41,\"{9F7CC8A0-711D-40F7-96E7-1EEBA187AF64}"=hex:a0,c8,7c,9f,1d,71,f7,40,96,e7,1e, eb,a1,87,af,64,4f,51,4d,45,50,25,47,44,3d,35,5d,23,42,58,42,57,40,39,44,41,\"{84EF61D4-194A-4BF3-A552-E7D832179E85}"=hex:d4,61,ef,84,4a,19,f3,4b,a5,52,e7, d8,32,17,9e,85,30,4f,4d,43,49,25,59,38,4f,3f,43,23,47,44,55,59,4a,39,5e,23,\"{D090D1EF-4ED1-4A8B-81E0-E5940E7EEDA7}"=hex:ef,d1,90,d0,d1,4e,8b,4a,81,e0,e5, 94,0e,7e,ed,a7,55,46,4b,30,57,25,58,4d,5f,3e,59,23,45,41,5f,53,5f,39,4c,41,\"{75B6E99E-EB61-4885-A72E-92131A132A49}"=hex:9e,e9,b6,75,61,eb,85,48,a7,2e,92, 13,1a,13,2a,49,56,46,48,47,4c,25,3d,52,51,54,55,23,5c,51,4b,5e,54,39,53,5d,\"{C2ED3D3E-1BC6-4215-B236-A20F764A07DA}"=hex:3e,3d,ed,c2,c6,1b,15,42,b2,36,a2, 0f,76,4a,07,da,4b,37,3d,5e,4d,25,30,4e,58,4f,35,23,58,43,25,40,4b,39,43,4f,\"{84146249-9C42-43B8-841B-418F7CB96EE5}"=hex:49,62,14,84,42,9c,b8,43,84,1b,41, 8f,7c,b9,6e,e5,49,52,57,35,42,25,5d,5f,59,3e,3e,23,41,45,5d,44,56,39,5b,23,\"{8CDC3080-7A40-4335-A642-147338D3C312}"=hex:80,30,dc,8c,40,7a,35,43,a6,42,14, 73,38,d3,c3,12,55,37,5d,54,4b,25,43,3f,45,47,40,23,44,58,47,24,5d,39,21,25,\"{939EB7D0-FC1D-4E1E-B7D7-1A6ED6092280}"=hex:d0,b7,9e,93,1d,fc,1e,4e,b7,d7,1a, 6e,d6,09,22,80,59,33,5c,31,3e,25,4d,5a,4c,5e,49,23,5a,5d,25,57,25,39,4d,23,\"{307B83B2-C865-4F78-A359-9F0015030C30}"=hex:b2,83,7b,30,65,c8,78,4f,a3,59,9f, 00,15,03,0c,30,30,45,3d,54,40,25,48,4c,47,5e,34,23,44,23,54,24,57,39,43,45,\"{5E7DE88A-FDAE-4528-808A-331542C427A7}"=hex:8a,e8,7d,5e,ae,fd,28,45,80,8a,33, 15,42,c4,27,a7,30,47,32,4b,30,25,45,44,5d,49,38,23,42,5b,45,51,40,39,43,40,\"{BFEED406-C1E0-4B13-9D55-DC3307ACB007}"=hex:06,d4,ee,bf,e0,c1,13,4b,9d,55,dc, 33,07,ac,b0,07,40,43,49,34,51,25,5c,5f,3d,34,41,23,59,23,44,45,59,39,52,42,\"{5400C9A7-1A7E-407A-9D92-E334C3A40E85}"=hex:a7,c9,00,54,7e,1a,7a,40,9d,92,e3, 34,c3,a4,0e,85,5b,37,55,30,33,25,43,41,4c,5b,5e,23,56,22,5f,41,4b,39,50,47,\"{09C56DC3-CC2A-4866-A5C1-F5FB5F7FE81D}"=hex:c3,6d,c5,09,2a,cc,66,48,a5,c1,f5, fb,5f,7f,e8,1d,44,50,49,56,4d,25,51,4e,3c,5c,4c,23,5c,53,23,40,52,39,2c,51,\"{6D92A128-79D2-4FB8-AD3A-458DD343ED54}"=hex:28,a1,92,6d,d2,79,b8,4f,ad,3a,45, 8d,d3,43,ed,54,36,42,4e,4e,34,25,5b,40,49,41,5c,23,5c,5e,28,47,59,39,27,51,\"{29D7276E-6421-411D-A794-142CFE680BDA}"=hex:6e,27,d7,29,21,64,1d,41,a7,94,14, 2c,fe,68,0b,da,59,43,5c,48,43,25,44,48,5f,59,55,23,5d,4a,27,27,5e,39,2c,50,\"{FDB3CB22-0A42-4ABC-A875-A33F43D22BE9}"=hex:22,cb,b3,fd,42,0a,bc,4a,a8,75,a3, 3f,43,d2,2b,e9,57,47,44,4c,53,25,48,39,5d,42,5e,23,4a,54,44,44,51,39,26,51,\"{4002D70E-AB93-4A65-AB36-6BE923A5AC1B}"=hex:0e,d7,02,40,93,ab,65,4a,ab,36,6b, e9,23,a5,ac,1b,45,49,3c,47,4b,25,5f,5f,3c,4e,57,23,4b,43,5f,43,42,39,46,4f,\"{5CAC11F4-0570-4B90-936D-C1878CEEAF6E}"=hex:f4,11,ac,5c,70,05,90,4b,93,6d,c1, 87,8c,ee,af,6e,53,52,47,40,5d,25,51,52,4c,47,40,23,56,25,59,55,27,39,21,23,\"{91DCEBBC-54B7-4752-8063-461BB786AD0E}"=hex:bc,eb,dc,91,b7,54,52,47,80,63,46, 1b,b7,86,ad,0e,4e,5e,54,32,5f,25,4c,4d,43,48,5c,23,41,42,29,27,56,39,2c,44,\"{B8877161-57ED-4883-9E46-D9853A4D9F12}"=hex:61,71,87,b8,ed,57,83,48,9e,46,d9, 85,3a,4d,9f,12,57,32,31,31,57,25,3b,5e,4a,4e,4a,23,5e,57,59,25,44,39,59,5d,\"{87A2AAE6-FB63-421F-BF7D-8766F7CCBEF2}"=hex:e6,aa,a2,87,63,fb,1f,42,bf,7d,87, 66,f7,cc,be,f2,36,5d,33,57,5f,25,30,4d,3d,5f,4e,23,42,48,54,47,52,39,56,20,\"{EE5DAD2E-249D-4FC9-B2B5-02CC786411A4}"=hex:2e,ad,5d,ee,9d,24,c9,4f,b2,b5,02, cc,78,64,11,a4,55,4f,53,45,53,25,3a,53,4e,4a,59,23,57,48,49,58,47,39,20,50,\"{6CFB4D27-D644-4399-95BA-B9A9F56005B2}"=hex:27,4d,fb,6c,44,d6,99,43,95,ba,b9, a9,f5,60,05,b2,31,4c,4f,30,55,25,5f,5d,5f,5f,3e,23,3b,45,48,25,47,39,21,42,\"{D5512DD1-4885-4A6B-A201-32B2C4BB738C}"=hex:d1,2d,51,d5,85,48,6b,4a,a2,01,32, b2,c4,bb,73,8c,45,51,33,54,4c,25,47,5e,5a,44,45,23,58,46,25,43,21,39,41,53,\"{D4E6DE5B-C1FE-4517-B1D3-E54FA757668C}"=hex:5b,de,e6,d4,fe,c1,17,45,b1,d3,e5, 4f,a7,57,66,8c,4b,41,5c,35,57,25,5a,3d,3c,40,41,23,5b,5e,45,25,40,39,2d,5e,\"{E9C08E92-7FBB-413C-9F8D-8B1FEE03D65F}"=hex:92,8e,c0,e9,bb,7f,3c,41,9f,8d,8b, 1f,ee,03,d6,5f,55,48,3c,54,56,25,5f,58,4d,4a,43,23,43,29,43,51,41,39,51,40,\"{6F4A0A86-3888-43E3-AEAA-3F9C16CA97B8}"=hex:86,0a,4a,6f,88,38,e3,43,ae,aa,3f, 9c,16,ca,97,b8,47,52,44,51,35,25,3c,40,5e,44,3f,23,4a,29,55,4a,21,39,52,5b,\"{5029F0C8-6261-427B-BF6F-C1BBC53669AB}"=hex:c8,f0,29,50,61,62,7b,42,bf,6f,c1, bb,c5,36,69,ab,41,5d,44,54,50,25,5c,46,49,35,4e,23,47,46,54,56,59,39,40,5c,\"{7212BF42-C520-462E-9918-22272038DE81}"=hex:42,bf,12,72,20,c5,2e,46,99,18,22, 27,20,38,de,81,37,47,33,40,34,25,45,47,3d,4e,43,23,4d,52,24,56,49,39,22,25,\"{EB369855-1D5E-4E16-8AB9-F688F909D2DB}"=hex:55,98,36,eb,5e,1d,16,4e,8a,b9,f6, 88,f9,09,d2,db,48,48,42,51,5d,25,4b,3e,40,5c,47,23,5e,51,29,46,57,39,58,22,\"{7F2EA556-93A9-4028-AE3A-50C83F0E23B5}"=hex:56,a5,2e,7f,a9,93,28,40,ae,3a,50, c8,3f,0e,23,b5,55,33,3c,44,50,25,43,47,3e,40,5b,23,48,56,42,5a,5e,39,2d,5e,\"{7270DF47-0DDE-4826-BFD3-DBF925B2AA07}"=hex:47,df,70,72,de,0d,26,48,bf,d3,db, f9,25,b2,aa,07,56,49,5d,40,42,25,3f,40,52,42,4b,23,5e,49,57,58,56,39,2c,51,\"{01D93F37-7A86-4D78-8E32-C5026AA637E4}"=hex:37,3f,d9,01,86,7a,78,4d,8e,32,c5, 02,6a,a6,37,e4,3a,57,5c,57,53,25,4d,5e,41,5d,4f,23,41,51,22,44,44,39,53,5b,\"{60BAFCA4-EEBA-49AB-A76E-D99E733ADEC3}"=hex:a4,fc,ba,60,ba,ee,ab,49,a7,6e,d9, 9e,73,3a,de,c3,54,32,57,5f,45,25,59,5e,5d,4e,4f,23,4d,40,5f,47,5f,39,54,24,\"{43B4D4C7-99CD-4C17-BD5D-B437A9A63A77}"=hex:c7,d4,b4,43,cd,99,17,4c,bd,5d,b4, 37,a9,a6,3a,77,42,4a,4d,41,4c,25,5e,5e,4c,4d,3f,23,3c,55,27,5f,51,39,54,5d,\"{05F3CDC6-C3C4-458C-BCBD-C260FB80B8C3}"=hex:c6,cd,f3,05,c4,c3,8c,45,bc,bd,c2, 60,fb,80,b8,c3,5b,40,40,4c,4a,25,42,4e,49,54,5a,23,59,45,54,2b,25,39,56,5a,\"{F60E943B-9CFB-40B1-AC5C-C7D0488B30E3}"=hex:3b,94,0e,f6,fb,9c,b1,40,ac,5c,c7, d0,48,8b,30,e3,52,54,51,3f,45,25,51,49,5a,3f,55,23,3b,44,22,50,49,39,5d,58,\"{FD3266AA-0832-4A9F-AF9F-F82BE6B3B9F2}"=hex:aa,66,32,fd,32,08,9f,4a,af,9f,f8, 2b,e6,b3,b9,f2,52,57,43,56,44,25,48,4b,59,35,41,23,59,5a,5a,21,50,39,5e,40,\"{18061B91-055F-4EBA-ACC3-50BBD4957D07}"=hex:91,1b,06,18,5f,05,ba,4e,ac,c3,50, bb,d4,95,7d,07,42,3d,4b,3e,52,25,3e,3f,4a,39,5a,23,56,5b,56,53,52,39,4c,50,\"{51AE1F7C-A3C4-4966-AD91-3E69654FA343}"=hex:7c,1f,ae,51,c4,a3,66,49,ad,91,3e, 69,65,4f,a3,43,3b,5e,42,5c,5d,25,3a,53,59,48,47,23,48,46,48,43,55,39,50,5e,\"{F25B05F9-5BFE-4514-92D4-00A3B41ABBC5}"=hex:f9,05,5b,f2,fe,5b,14,45,92,d4,00, a3,b4,1a,bb,c5,34,3d,43,4d,30,25,3f,42,3e,35,47,23,48,58,29,24,41,39,4d,4e,\"{ECE0F2D3-BFB8-4A35-9A59-7A283832ADE4}"=hex:d3,f2,e0,ec,b8,bf,35,4a,9a,59,7a, 28,38,32,ad,e4,3b,36,37,44,3e,25,5f,41,47,4b,43,23,57,5a,25,46,59,39,23,4f,\"{41FDDC21-04F5-4640-A97E-62353AFF6328}"=hex:21,dc,fd,41,f5,04,40,46,a9,7e,62, 35,3a,ff,63,28,40,4f,5f,43,5e,25,5b,48,58,4a,5f,23,5f,48,29,25,59,39,23,21,\"{F12ECC02-528E-4A62-9C1D-FF4A60B1EB98}"=hex:02,cc,2e,f1,8e,52,62,4a,9c,1d,ff, 4a,60,b1,eb,98,48,57,36,53,50,25,53,4e,5d,55,5b,23,5a,5d,41,4a,58,39,57,5a,\"{3385F201-EAA2-4DEC-867C-4FDDE62AC70D}"=hex:01,f2,85,33,a2,ea,ec,4d,86,7c,4f, dd,e6,2a,c7,0d,53,41,44,51,5d,25,47,59,53,4a,3f,23,55,5a,42,46,45,39,4f,23,\"{5BB2B01E-9566-449A-99D3-71323EA88D5C}"=hex:1e,b0,b2,5b,66,95,9a,44,99,d3,71, 32,3e,a8,8d,5c,4d,42,44,3e,55,25,43,3c,41,4a,5d,23,4d,5e,5a,44,51,39,40,5d,\"{CC7396BD-0F0E-408B-9C40-DEEBB17A23C0}"=hex:bd,96,73,cc,0e,0f,8b,40,9c,40,de, eb,b1,7a,23,c0,51,43,44,3e,3e,25,3e,52,5d,4b,3f,23,3b,27,26,42,42,39,27,4f,\"{24DF2EF0-F056-4F5F-9939-328FE9C27822}"=hex:f0,2e,df,24,56,f0,5f,4f,99,39,32, 8f,e9,c2,78,22,34,4f,42,48,5d,25,45,3e,5f,4a,3a,23,5d,5b,5f,4b,52,39,20,4c,\"{28B55D20-F2BE-4221-B20C-37552D87BAF6}"=hex:20,5d,b5,28,be,f2,21,42,b2,0c,37, 55,2d,87,ba,f6,3b,43,31,56,4c,25,5b,59,5c,38,5b,23,57,27,53,56,2a,39,43,4f,\"{B7BB60B4-7142-45F7-8C2E-FDD7B57DF593}"=hex:b4,60,bb,b7,42,71,f7,45,8c,2e,fd, d7,b5,7d,f5,93,59,30,49,40,44,25,45,58,58,44,4b,23,5c,48,5d,46,5f,39,52,42,\"{9F0E3D08-A2F5-45DC-8A8F-F48D094097E9}"=hex:08,3d,0e,9f,f5,a2,dc,45,8a,8f,f4, 8d,09,40,97,e9,55,52,5d,33,49,25,4b,4d,38,5c,4e,23,45,47,47,42,24,39,45,24,\"{F8C11339-F9A6-44B3-97DE-DC54079A11A0}"=hex:39,13,c1,f8,a6,f9,b3,44,97,de,dc, 54,07,9a,11,a0,3a,50,53,31,4f,25,4b,4c,41,56,3b,23,5f,53,42,26,24,39,22,5e,\"{548FE272-4E4A-4B44-8CCA-1066AD4FA654}"=hex:72,e2,8f,54,4a,4e,44,4b,8c,ca,10, 66,ad,4f,a6,54,30,41,50,31,5d,25,44,3f,4a,41,38,23,44,4a,22,26,52,39,44,54,\"{BA5833E3-C6FA-4489-B29E-9AC3FA725315}"=hex:e3,33,58,ba,fa,c6,89,44,b2,9e,9a, c3,fa,72,53,15,3a,56,53,4d,4d,25,42,46,3e,58,49,23,45,54,50,51,4a,39,40,50,\"{08FF8EDF-8986-4F2D-9277-1E51429A7052}"=hex:df,8e,ff,08,86,89,2d,4f,92,77,1e, 51,42,9a,70,52,4d,51,50,33,41,25,3c,5e,3e,49,45,23,5d,40,55,5e,56,39,2d,2f,\"{263D84D3-AE1D-4FF4-83B7-C46ED1D04416}"=hex:d3,84,3d,26,1d,ae,f4,4f,83,b7,c4, 6e,d1,d0,44,16,37,56,36,48,31,25,42,5e,5c,5e,3e,23,4d,56,44,55,57,39,5e,21,\"{0296BEAA-72BF-4174-AA87-6DCB4AC70196}"=hex:aa,be,96,02,bf,72,74,41,aa,87,6d, cb,4a,c7,01,96,37,5e,49,32,4c,25,3d,50,4c,3f,5a,23,5c,57,5b,57,4a,39,4d,53,\"{06FA8F64-0654-4F1F-99BA-EC337E73335D}"=hex:64,8f,fa,06,54,06,1f,4f,99,ba,ec, 33,7e,73,33,5d,50,5c,54,4e,44,25,4d,48,3d,3e,54,23,5a,42,28,46,2a,39,52,40,\"{A240B964-0E23-4BC1-888D-39BAC4781793}"=hex:64,b9,40,a2,23,0e,c1,4b,88,8d,39, ba,c4,78,17,93,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\"{BFBA4A54-2548-4470-8D3A-1A0FA8E8A589}"=hex:54,4a,ba,bf,48,25,70,44,8d,3a,1a, 0f,a8,e8,a5,89,41,47,52,3e,5f,25,58,3f,3d,59,45,23,45,25,24,54,5f,39,4c,5e,\"{A9AD27FF-87B2-4D8D-A41A-CD9ABF400D4C}"=hex:ff,27,ad,a9,b2,87,8d,4d,a4,1a,cd, 9a,bf,40,0d,4c,5b,53,55,55,45,25,4c,39,4c,4a,4f,23,5b,5b,56,25,47,39,54,44,\"{0EBFD787-4D22-4EB7-AC4F-5B0FE63F75DC}"=hex:87,d7,bf,0e,22,4d,b7,4e,ac,4f,5b, 0f,e6,3f,75,dc,42,48,42,5f,40,25,4a,32,5f,46,3a,23,44,27,25,50,47,39,58,20,\"{93280FC8-E8C9-4BF5-83F2-E86EB0A1AB96}"=hex:c8,0f,28,93,c9,e8,f5,4b,83,f2,e8, 6e,b0,a1,ab,96,55,4c,57,55,4c,25,53,38,41,5d,5a,23,44,23,24,59,42,39,23,53,\"{EA2F8194-3248-468F-818A-D6C6C5A81F0B}"=hex:94,81,2f,ea,48,32,8f,46,81,8a,d6, c6,c5,a8,1f,0b,31,55,53,40,5e,25,30,4e,5d,5b,39,23,5b,52,24,42,59,39,53,51,\"{D6B353D4-E01F-4B5E-880A-CF451B2DA2DC}"=hex:d4,53,b3,d6,1f,e0,5e,4b,88,0a,cf, 45,1b,2d,a2,dc,48,37,5f,53,57,25,4d,3f,4d,5c,4a,23,4b,53,5d,57,50,39,26,5d,\"{ADF109C2-E019-46B4-8A45-50EE4E05ACD5}"=hex:c2,09,f1,ad,19,e0,b4,46,8a,45,50, ee,4e,05,ac,d5,3b,3d,36,51,55,25,5f,41,38,3f,49,23,41,58,59,41,5d,39,40,58,\"{7C78BDE2-E4D9-47E1-979E-2BD66D980966}"=hex:e2,bd,78,7c,d9,e4,e1,47,97,9e,2b, d6,6d,98,09,66,4f,31,50,3e,57,25,4e,3e,3e,55,45,23,58,47,24,26,55,39,47,5d,\"{2B3E4D5E-3284-4EB8-B822-D3E7EB3E08C5}"=hex:5e,4d,3e,2b,84,32,b8,4e,b8,22,d3, e7,eb,3e,08,c5,44,4e,4d,51,5e,25,5e,33,47,59,46,23,56,43,24,53,4b,39,58,2f,\"{88635AE5-6FB4-43E4-A490-7FBD51376101}"=hex:e5,5a,63,88,b4,6f,e4,43,a4,90,7f, bd,51,37,61,01,52,57,5c,30,41,25,42,5a,53,3e,58,23,49,5d,40,57,4a,39,4c,2f,\"{E5C2DE84-473B-4E6E-8BA4-90C864770037}"=hex:84,de,c2,e5,3b,47,6e,4e,8b,a4,90, c8,64,77,00,37,55,46,46,5c,3f,25,3f,47,53,59,3f,23,59,4a,47,45,20,39,26,41,\"{F97AB5E9-B107-467B-A485-08D04E42E224}"=hex:e9,b5,7a,f9,07,b1,7b,46,a4,85,08, d0,4e,42,e2,24,56,54,33,52,42,25,4b,5d,53,5b,46,23,45,5e,49,2a,52,39,59,40,\"{BDAD6B4D-92ED-424B-BA72-447505A47940}"=hex:4d,6b,ad,bd,ed,92,4b,42,ba,72,44, 75,05,a4,79,40,49,50,51,4c,51,25,31,52,4f,4d,4f,23,39,48,5a,50,43,39,47,42,\"{E03BF5E7-3FDD-4A0A-97F9-22A279515846}"=hex:e7,f5,3b,e0,dd,3f,0a,4a,97,f9,22, a2,79,51,58,46,50,40,55,4b,55,25,41,5d,5d,44,59,23,3b,41,56,42,5e,39,46,51,\"{809800B1-28BD-4318-B1C8-3133D063E46D}"=hex:b1,00,98,80,bd,28,18,43,b1,c8,31, 33,d0,63,e4,6d,40,31,56,3f,45,25,59,48,51,3f,3e,23,37,51,46,2a,27,39,51,24,\"{570CAA09-3FC2-43F7-B638-34129523FD8A}"=hex:09,aa,0c,57,c2,3f,f7,43,b6,38,34, 12,95,23,fd,8a,48,33,40,54,3f,25,50,40,5a,40,35,23,3b,25,5c,5f,2b,39,4f,45,\"{054FEDCE-ADEC-41A2-BDF3-6F3EFA7A3351}"=hex:ce,ed,4f,05,ec,ad,a2,41,bd,f3,6f, 3e,fa,7a,33,51,3b,3c,3d,52,41,25,50,4c,45,40,58,23,5b,5d,42,25,50,39,57,43,\"{185373AC-4C62-4B62-B56B-E6204E35CE37}"=hex:ac,73,53,18,62,4c,62,4b,b5,6b,e6, 20,4e,35,ce,37,41,31,46,50,30,25,4e,38,3e,39,4e,23,4a,26,5d,40,56,39,51,21,\"{FBC0FF15-8EE6-4887-B131-F75B3D1FC6E2}"=hex:15,ff,c0,fb,e6,8e,87,48,b1,31,f7, 5b,3d,1f,c6,e2,45,40,4e,4a,4d,25,42,4b,5f,55,43,23,4a,48,5c,2a,58,39,43,45,\"{C84186D5-81B8-4290-A3AA-619BF998DD76}"=hex:d5,86,41,c8,b8,81,90,42,a3,aa,61, 9b,f9,98,dd,76,4f,42,3d,42,5d,25,4c,33,4c,46,3e,23,5a,48,5f,44,5d,39,52,58,\"{B854512D-D45C-4C7F-9DC7-2A1F26901028}"=hex:2d,51,54,b8,5c,d4,7f,4c,9d,c7,2a, 1f,26,90,10,28,5b,31,46,32,45,25,48,33,48,5f,39,23,43,46,5b,5c,46,39,56,5b,\"{6677E81D-E302-43CD-B86E-41E3C41D5C40}"=hex:1d,e8,77,66,02,e3,cd,43,b8,6e,41, e3,c4,1d,5c,40,4e,3c,4e,40,54,25,50,42,5f,44,54,23,58,26,53,4b,50,39,50,55,\"{789DC87C-F610-4FF0-9A5F-6F7FCA94554F}"=hex:7c,c8,9d,78,10,f6,f0,4f,9a,5f,6f, 7f,ca,94,55,4f,31,4a,32,3e,49,25,4a,4f,4c,4d,59,23,38,57,44,56,56,39,57,4c,\"{58E689A9-051A-45EF-B288-0845E9B8B23D}"=hex:a9,89,e6,58,1a,05,ef,45,b2,88,08, 45,e9,b8,b2,3d,4b,57,43,33,53,25,5c,4d,38,58,3f,23,58,5d,40,59,25,39,59,45,\"{A7103D2D-582B-47EB-AED4-BF4076E5E7BA}"=hex:2d,3d,10,a7,2b,58,eb,47,ae,d4,bf, 40,76,e5,e7,ba,5b,5d,40,4b,44,25,58,33,3c,4e,5b,23,37,5c,27,26,56,39,58,25,\"{2BE8E93F-DC91-4454-B5BE-E55A34132845}"=hex:3f,e9,e8,2b,91,dc,54,44,b5,be,e5, 5a,34,13,28,45,49,48,4d,40,34,25,3d,5e,3f,5f,4e,23,3b,43,47,58,59,39,40,55,\"{0BB61490-C36C-42C8-B4B6-7F7EB5D2E69D}"=hex:90,14,b6,0b,6c,c3,c8,42,b4,b6,7f, 7e,b5,d2,e6,9d,50,4f,56,40,53,25,43,4b,33,40,4a,23,39,48,49,26,5f,39,26,5b,\"{FAF6E97F-20F3-4730-B263-A9B24E8A7490}"=hex:7f,e9,f6,fa,f3,20,30,47,b2,63,a9, b2,4e,8a,74,90,5b,46,54,48,31,25,53,50,47,5f,49,23,39,58,40,5f,56,39,4d,22,\"{770D8AE7-5762-41EC-8FCC-1D5905F29F4D}"=hex:e7,8a,0d,77,62,57,ec,41,8f,cc,1d, 59,05,f2,9f,4d,52,4f,50,50,46,25,3d,48,3f,38,5d,23,3c,53,50,24,59,39,56,52,\"{5C18922F-20A7-4593-96B4-0F6159F38A4A}"=hex:2f,92,18,5c,a7,20,93,45,96,b4,0f, 61,59,f3,8a,4a,41,48,4b,4d,3e,25,45,5c,47,4d,58,23,47,57,28,43,24,39,5b,41,\"{DA75E6D8-17DC-4080-9051-34F5F0222704}"=hex:d8,e6,75,da,dc,17,80,40,90,51,34, f5,f0,22,27,04,46,53,49,51,31,25,41,3d,43,49,34,23,3d,5e,23,59,41,39,54,4f,\"{816FD6D6-367E-4C40-B8A3-099C9DC961CE}"=hex:d6,d6,6f,81,7e,36,40,4c,b8,a3,09, 9c,9d,c9,61,ce,34,51,33,35,55,25,3e,4b,5d,54,5c,23,43,28,29,2b,5b,39,58,2f,\"{0CD202EA-7CEF-4702-85B7-311CAE2D2C2F}"=hex:ea,02,d2,0c,ef,7c,02,47,85,b7,31, 1c,ae,2d,2c,2f,40,51,36,53,41,25,3c,5d,33,5c,4a,23,3b,56,49,20,59,39,5e,25,\"{A55726DE-7A89-451A-9636-027690A1BE7F}"=hex:de,26,57,a5,89,7a,1a,45,96,36,02, 76,90,a1,be,7f,4f,43,36,45,33,25,4f,53,5b,4f,5d,23,44,54,57,54,43,39,44,5c,\"{6C20E2A4-BE16-443A-8359-3731EDBFDF6C}"=hex:a4,e2,20,6c,16,be,3a,44,83,59,37, 31,ed,bf,df,6c,31,3c,5f,40,51,25,51,5b,5b,5e,4b,23,57,22,5b,42,59,39,26,47,\"{A11C1829-5D4B-48B8-A03A-E2DAA5208F48}"=hex:29,18,1c,a1,4b,5d,b8,48,a0,3a,e2, da,a5,20,8f,48,50,52,30,51,4b,25,4b,39,3c,41,4b,23,47,27,43,46,24,39,52,2e,\"{B7B4AA2C-F9D0-42AE-A87B-FB22B8B3A059}"=hex:2c,aa,b4,b7,d0,f9,ae,42,a8,7b,fb, 22,b8,b3,a0,59,59,46,4e,33,46,25,4f,39,32,58,45,23,5d,51,5f,45,2b,39,4c,42,\"{F3A7A042-02A9-4330-AE7C-9B3983D72517}"=hex:42,a0,a7,f3,a9,02,30,43,ae,7c,9b, 39,83,d7,25,17,52,3d,40,4d,41,25,48,3c,4c,5e,4f,23,3b,24,26,59,40,39,5f,2f,\"{2BA2BA37-A25F-4191-9CEF-638A1A9261F4}"=hex:37,ba,a2,2b,5f,a2,91,41,9c,ef,63, 8a,1a,92,61,f4,52,4e,4d,51,4c,25,47,38,4d,4a,46,23,3b,25,50,26,47,39,53,4f,\"{2656EDBA-C274-443A-985C-AE520E869B56}"=hex:ba,ed,56,26,74,c2,3a,44,98,5c,ae, 52,0e,86,9b,56,55,53,57,52,5f,25,59,48,52,3e,40,23,39,29,56,4b,49,39,52,5a,\"{DEB6CD47-AA07-4F51-8006-34EB9820A8D1}"=hex:47,cd,b6,de,07,aa,51,4f,80,06,34, eb,98,20,a8,d1,55,42,41,4b,44,25,4e,44,47,5b,4f,23,5b,22,5d,25,58,39,4c,42,\"{9C772F37-910F-4DE4-9420-5FFAFF2DD825}"=hex:37,2f,77,9c,0f,91,e4,4d,94,20,5f, fa,ff,2d,d8,25,36,56,32,3e,40,25,43,46,3e,49,54,23,3b,58,52,48,46,39,44,23,\"{21C6A024-0D0E-4104-8795-55918EF9DB47}"=hex:24,a0,c6,21,0e,0d,04,41,87,95,55, 91,8e,f9,db,47,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\"{130E19F9-10E4-4753-9906-B56B7E540DB8}"=hex:f9,19,0e,13,e4,10,53,47,99,06,b5, 6b,7e,54,0d,b8,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\"{5B73420A-B228-4569-9CAB-23239A05D666}"=hex:0a,42,73,5b,28,b2,69,45,9c,ab,23, 23,9a,05,d6,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\"{548D7133-BFC7-463E-B275-BE592A8DB4F4}"=hex:33,71,8d,54,c7,bf,3e,46,b2,75,be, 59,2a,8d,b4,f4,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\"{5193401A-1179-45C6-9EBE-3D3DB170CB99}"=hex:1a,40,93,51,79,11,c6,45,9e,be,3d, 3d,b1,70,cb,99,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\"{D2704A9E-7665-4B5D-BB73-A1E973FB22D5}"=hex:9e,4a,70,d2,65,76,5d,4b,bb,73,a1, e9,73,fb,22,d5,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\"{97D1E1A5-0B77-40E8-BF45-E0B73C97BA2B}"=hex:a5,e1,d1,97,77,0b,e8,40,bf,45,e0, b7,3c,97,ba,2b,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\"{717D9115-604A-4967-BDBE-D15372A017C8}"=hex:15,91,7d,71,4a,60,67,49,bd,be,d1, 53,72,a0,17,c8,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\"{C9762D4F-FC80-486A-8F23-F6B259660F88}"=hex:4f,2d,76,c9,80,fc,6a,48,8f,23,f6, b2,59,66,0f,88,4d,30,36,40,5f,25,3b,48,46,42,4f,23,37,51,44,51,57,39,23,50,\"{23CAB8A1-EE44-4D84-BF8B-12D6487D9C50}"=hex:a1,b8,ca,23,44,ee,84,4d,bf,8b,12, d6,48,7d,9c,50,37,41,49,4a,43,25,41,5c,3c,56,4c,23,4e,42,5d,2b,5d,39,45,4f,\.[HKEY_USERS\S-1-5-21-2799653475-1206912365-1311522834-1001\Software\Microsoft\Metro\AppCompat]@Denied: (A) (Everyone)"{9C772F37-910F-4DE4-9420-5FFAFF2DD825}"=hex:37,2f,77,9c,0f,91,e4,4d,94,20,5f, fa,ff,2d,d8,25,36,56,32,3e,40,25,43,46,3e,49,54,23,3b,58,52,48,46,39,44,23,\"{21C6A024-0D0E-4104-8795-55918EF9DB47}"=hex:24,a0,c6,21,0e,0d,04,41,87,95,55, 91,8e,f9,db,47,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\"{130E19F9-10E4-4753-9906-B56B7E540DB8}"=hex:f9,19,0e,13,e4,10,53,47,99,06,b5, 6b,7e,54,0d,b8,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\"{5B73420A-B228-4569-9CAB-23239A05D666}"=hex:0a,42,73,5b,28,b2,69,45,9c,ab,23, 23,9a,05,d6,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\"{548D7133-BFC7-463E-B275-BE592A8DB4F4}"=hex:33,71,8d,54,c7,bf,3e,46,b2,75,be, 59,2a,8d,b4,f4,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\"{5193401A-1179-45C6-9EBE-3D3DB170CB99}"=hex:1a,40,93,51,79,11,c6,45,9e,be,3d, 3d,b1,70,cb,99,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\"{D2704A9E-7665-4B5D-BB73-A1E973FB22D5}"=hex:9e,4a,70,d2,65,76,5d,4b,bb,73,a1, e9,73,fb,22,d5,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\"{97D1E1A5-0B77-40E8-BF45-E0B73C97BA2B}"=hex:a5,e1,d1,97,77,0b,e8,40,bf,45,e0, b7,3c,97,ba,2b,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\"{717D9115-604A-4967-BDBE-D15372A017C8}"=hex:15,91,7d,71,4a,60,67,49,bd,be,d1, 53,72,a0,17,c8,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\"{C9762D4F-FC80-486A-8F23-F6B259660F88}"=hex:4f,2d,76,c9,80,fc,6a,48,8f,23,f6, b2,59,66,0f,88,4d,30,36,40,5f,25,3b,48,46,42,4f,23,37,51,44,51,57,39,23,50,\"{23CAB8A1-EE44-4D84-BF8B-12D6487D9C50}"=hex:a1,b8,ca,23,44,ee,84,4d,bf,8b,12, d6,48,7d,9c,50,37,41,49,4a,43,25,41,5c,3c,56,4c,23,4e,42,5d,2b,5d,39,45,4f,\.[HKEY_USERS\S-1-5-21-2799653475-1206912365-1311522834-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\DlgInfo]@Denied: (A) (Everyone)"{21C6A024-0D0E-4104-8795-55918EF9DB47}"=hex:24,a0,c6,21,0e,0d,04,41,87,95,55, 91,8e,f9,db,47,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\"{130E19F9-10E4-4753-9906-B56B7E540DB8}"=hex:f9,19,0e,13,e4,10,53,47,99,06,b5, 6b,7e,54,0d,b8,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\"{5B73420A-B228-4569-9CAB-23239A05D666}"=hex:0a,42,73,5b,28,b2,69,45,9c,ab,23, 23,9a,05,d6,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\"{548D7133-BFC7-463E-B275-BE592A8DB4F4}"=hex:33,71,8d,54,c7,bf,3e,46,b2,75,be, 59,2a,8d,b4,f4,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\"{5193401A-1179-45C6-9EBE-3D3DB170CB99}"=hex:1a,40,93,51,79,11,c6,45,9e,be,3d, 3d,b1,70,cb,99,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\"{D2704A9E-7665-4B5D-BB73-A1E973FB22D5}"=hex:9e,4a,70,d2,65,76,5d,4b,bb,73,a1, e9,73,fb,22,d5,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\"{97D1E1A5-0B77-40E8-BF45-E0B73C97BA2B}"=hex:a5,e1,d1,97,77,0b,e8,40,bf,45,e0, b7,3c,97,ba,2b,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\"{717D9115-604A-4967-BDBE-D15372A017C8}"=hex:15,91,7d,71,4a,60,67,49,bd,be,d1, 53,72,a0,17,c8,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\"{C9762D4F-FC80-486A-8F23-F6B259660F88}"=hex:4f,2d,76,c9,80,fc,6a,48,8f,23,f6, b2,59,66,0f,88,4d,30,36,40,5f,25,3b,48,46,42,4f,23,37,51,44,51,57,39,23,50,\"{23CAB8A1-EE44-4D84-BF8B-12D6487D9C50}"=hex:a1,b8,ca,23,44,ee,84,4d,bf,8b,12, d6,48,7d,9c,50,37,41,49,4a,43,25,41,5c,3c,56,4c,23,4e,42,5d,2b,5d,39,45,4f,\. Link to post Share on other sites More sharing options...
krwebber53 Posted December 16, 2013 Author ID:764997 Share Posted December 16, 2013 Part 3[HKEY_USERS\S-1-5-21-2799653475-1206912365-1311522834-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\YRABIB69]@Denied: (A) (Everyone)"{21C6A024-0D0E-4104-8795-55918EF9DB47}"=hex:24,a0,c6,21,0e,0d,04,41,87,95,55, 91,8e,f9,db,47,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\"{130E19F9-10E4-4753-9906-B56B7E540DB8}"=hex:f9,19,0e,13,e4,10,53,47,99,06,b5, 6b,7e,54,0d,b8,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\"{5B73420A-B228-4569-9CAB-23239A05D666}"=hex:0a,42,73,5b,28,b2,69,45,9c,ab,23, 23,9a,05,d6,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\"{548D7133-BFC7-463E-B275-BE592A8DB4F4}"=hex:33,71,8d,54,c7,bf,3e,46,b2,75,be, 59,2a,8d,b4,f4,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\"{5193401A-1179-45C6-9EBE-3D3DB170CB99}"=hex:1a,40,93,51,79,11,c6,45,9e,be,3d, 3d,b1,70,cb,99,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\"{D2704A9E-7665-4B5D-BB73-A1E973FB22D5}"=hex:9e,4a,70,d2,65,76,5d,4b,bb,73,a1, e9,73,fb,22,d5,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\"{97D1E1A5-0B77-40E8-BF45-E0B73C97BA2B}"=hex:a5,e1,d1,97,77,0b,e8,40,bf,45,e0, b7,3c,97,ba,2b,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\"{717D9115-604A-4967-BDBE-D15372A017C8}"=hex:15,91,7d,71,4a,60,67,49,bd,be,d1, 53,72,a0,17,c8,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\"{C9762D4F-FC80-486A-8F23-F6B259660F88}"=hex:4f,2d,76,c9,80,fc,6a,48,8f,23,f6, b2,59,66,0f,88,4d,30,36,40,5f,25,3b,48,46,42,4f,23,37,51,44,51,57,39,23,50,\"{23CAB8A1-EE44-4D84-BF8B-12D6487D9C50}"=hex:a1,b8,ca,23,44,ee,84,4d,bf,8b,12, d6,48,7d,9c,50,37,41,49,4a,43,25,41,5c,3c,56,4c,23,4e,42,5d,2b,5d,39,45,4f,\.[HKEY_USERS\S-1-5-21-2799653475-1206912365-1311522834-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Disallowed]@Denied: (A) (Everyone)"{A240B964-0E23-4BC1-888D-39BAC4781793}"=hex:64,b9,40,a2,23,0e,c1,4b,88,8d,39, ba,c4,78,17,93,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\"{BFBA4A54-2548-4470-8D3A-1A0FA8E8A589}"=hex:54,4a,ba,bf,48,25,70,44,8d,3a,1a, 0f,a8,e8,a5,89,41,47,52,3e,5f,25,58,3f,3d,59,45,23,45,25,24,54,5f,39,4c,5e,\"{A9AD27FF-87B2-4D8D-A41A-CD9ABF400D4C}"=hex:ff,27,ad,a9,b2,87,8d,4d,a4,1a,cd, 9a,bf,40,0d,4c,5b,53,55,55,45,25,4c,39,4c,4a,4f,23,5b,5b,56,25,47,39,54,44,\"{0EBFD787-4D22-4EB7-AC4F-5B0FE63F75DC}"=hex:87,d7,bf,0e,22,4d,b7,4e,ac,4f,5b, 0f,e6,3f,75,dc,42,48,42,5f,40,25,4a,32,5f,46,3a,23,44,27,25,50,47,39,58,20,\"{93280FC8-E8C9-4BF5-83F2-E86EB0A1AB96}"=hex:c8,0f,28,93,c9,e8,f5,4b,83,f2,e8, 6e,b0,a1,ab,96,55,4c,57,55,4c,25,53,38,41,5d,5a,23,44,23,24,59,42,39,23,53,\"{EA2F8194-3248-468F-818A-D6C6C5A81F0B}"=hex:94,81,2f,ea,48,32,8f,46,81,8a,d6, c6,c5,a8,1f,0b,31,55,53,40,5e,25,30,4e,5d,5b,39,23,5b,52,24,42,59,39,53,51,\"{D6B353D4-E01F-4B5E-880A-CF451B2DA2DC}"=hex:d4,53,b3,d6,1f,e0,5e,4b,88,0a,cf, 45,1b,2d,a2,dc,48,37,5f,53,57,25,4d,3f,4d,5c,4a,23,4b,53,5d,57,50,39,26,5d,\"{ADF109C2-E019-46B4-8A45-50EE4E05ACD5}"=hex:c2,09,f1,ad,19,e0,b4,46,8a,45,50, ee,4e,05,ac,d5,3b,3d,36,51,55,25,5f,41,38,3f,49,23,41,58,59,41,5d,39,40,58,\"{7C78BDE2-E4D9-47E1-979E-2BD66D980966}"=hex:e2,bd,78,7c,d9,e4,e1,47,97,9e,2b, d6,6d,98,09,66,4f,31,50,3e,57,25,4e,3e,3e,55,45,23,58,47,24,26,55,39,47,5d,\"{2B3E4D5E-3284-4EB8-B822-D3E7EB3E08C5}"=hex:5e,4d,3e,2b,84,32,b8,4e,b8,22,d3, e7,eb,3e,08,c5,44,4e,4d,51,5e,25,5e,33,47,59,46,23,56,43,24,53,4b,39,58,2f,\"{88635AE5-6FB4-43E4-A490-7FBD51376101}"=hex:e5,5a,63,88,b4,6f,e4,43,a4,90,7f, bd,51,37,61,01,52,57,5c,30,41,25,42,5a,53,3e,58,23,49,5d,40,57,4a,39,4c,2f,\"{E5C2DE84-473B-4E6E-8BA4-90C864770037}"=hex:84,de,c2,e5,3b,47,6e,4e,8b,a4,90, c8,64,77,00,37,55,46,46,5c,3f,25,3f,47,53,59,3f,23,59,4a,47,45,20,39,26,41,\"{F97AB5E9-B107-467B-A485-08D04E42E224}"=hex:e9,b5,7a,f9,07,b1,7b,46,a4,85,08, d0,4e,42,e2,24,56,54,33,52,42,25,4b,5d,53,5b,46,23,45,5e,49,2a,52,39,59,40,\"{BDAD6B4D-92ED-424B-BA72-447505A47940}"=hex:4d,6b,ad,bd,ed,92,4b,42,ba,72,44, 75,05,a4,79,40,49,50,51,4c,51,25,31,52,4f,4d,4f,23,39,48,5a,50,43,39,47,42,\"{E03BF5E7-3FDD-4A0A-97F9-22A279515846}"=hex:e7,f5,3b,e0,dd,3f,0a,4a,97,f9,22, a2,79,51,58,46,50,40,55,4b,55,25,41,5d,5d,44,59,23,3b,41,56,42,5e,39,46,51,\"{809800B1-28BD-4318-B1C8-3133D063E46D}"=hex:b1,00,98,80,bd,28,18,43,b1,c8,31, 33,d0,63,e4,6d,40,31,56,3f,45,25,59,48,51,3f,3e,23,37,51,46,2a,27,39,51,24,\"{570CAA09-3FC2-43F7-B638-34129523FD8A}"=hex:09,aa,0c,57,c2,3f,f7,43,b6,38,34, 12,95,23,fd,8a,48,33,40,54,3f,25,50,40,5a,40,35,23,3b,25,5c,5f,2b,39,4f,45,\"{054FEDCE-ADEC-41A2-BDF3-6F3EFA7A3351}"=hex:ce,ed,4f,05,ec,ad,a2,41,bd,f3,6f, 3e,fa,7a,33,51,3b,3c,3d,52,41,25,50,4c,45,40,58,23,5b,5d,42,25,50,39,57,43,\"{185373AC-4C62-4B62-B56B-E6204E35CE37}"=hex:ac,73,53,18,62,4c,62,4b,b5,6b,e6, 20,4e,35,ce,37,41,31,46,50,30,25,4e,38,3e,39,4e,23,4a,26,5d,40,56,39,51,21,\"{FBC0FF15-8EE6-4887-B131-F75B3D1FC6E2}"=hex:15,ff,c0,fb,e6,8e,87,48,b1,31,f7, 5b,3d,1f,c6,e2,45,40,4e,4a,4d,25,42,4b,5f,55,43,23,4a,48,5c,2a,58,39,43,45,\"{C84186D5-81B8-4290-A3AA-619BF998DD76}"=hex:d5,86,41,c8,b8,81,90,42,a3,aa,61, 9b,f9,98,dd,76,4f,42,3d,42,5d,25,4c,33,4c,46,3e,23,5a,48,5f,44,5d,39,52,58,\"{B854512D-D45C-4C7F-9DC7-2A1F26901028}"=hex:2d,51,54,b8,5c,d4,7f,4c,9d,c7,2a, 1f,26,90,10,28,5b,31,46,32,45,25,48,33,48,5f,39,23,43,46,5b,5c,46,39,56,5b,\"{6677E81D-E302-43CD-B86E-41E3C41D5C40}"=hex:1d,e8,77,66,02,e3,cd,43,b8,6e,41, e3,c4,1d,5c,40,4e,3c,4e,40,54,25,50,42,5f,44,54,23,58,26,53,4b,50,39,50,55,\"{789DC87C-F610-4FF0-9A5F-6F7FCA94554F}"=hex:7c,c8,9d,78,10,f6,f0,4f,9a,5f,6f, 7f,ca,94,55,4f,31,4a,32,3e,49,25,4a,4f,4c,4d,59,23,38,57,44,56,56,39,57,4c,\"{58E689A9-051A-45EF-B288-0845E9B8B23D}"=hex:a9,89,e6,58,1a,05,ef,45,b2,88,08, 45,e9,b8,b2,3d,4b,57,43,33,53,25,5c,4d,38,58,3f,23,58,5d,40,59,25,39,59,45,\"{A7103D2D-582B-47EB-AED4-BF4076E5E7BA}"=hex:2d,3d,10,a7,2b,58,eb,47,ae,d4,bf, 40,76,e5,e7,ba,5b,5d,40,4b,44,25,58,33,3c,4e,5b,23,37,5c,27,26,56,39,58,25,\"{2BE8E93F-DC91-4454-B5BE-E55A34132845}"=hex:3f,e9,e8,2b,91,dc,54,44,b5,be,e5, 5a,34,13,28,45,49,48,4d,40,34,25,3d,5e,3f,5f,4e,23,3b,43,47,58,59,39,40,55,\"{0BB61490-C36C-42C8-B4B6-7F7EB5D2E69D}"=hex:90,14,b6,0b,6c,c3,c8,42,b4,b6,7f, 7e,b5,d2,e6,9d,50,4f,56,40,53,25,43,4b,33,40,4a,23,39,48,49,26,5f,39,26,5b,\"{FAF6E97F-20F3-4730-B263-A9B24E8A7490}"=hex:7f,e9,f6,fa,f3,20,30,47,b2,63,a9, b2,4e,8a,74,90,5b,46,54,48,31,25,53,50,47,5f,49,23,39,58,40,5f,56,39,4d,22,\"{770D8AE7-5762-41EC-8FCC-1D5905F29F4D}"=hex:e7,8a,0d,77,62,57,ec,41,8f,cc,1d, 59,05,f2,9f,4d,52,4f,50,50,46,25,3d,48,3f,38,5d,23,3c,53,50,24,59,39,56,52,\"{5C18922F-20A7-4593-96B4-0F6159F38A4A}"=hex:2f,92,18,5c,a7,20,93,45,96,b4,0f, 61,59,f3,8a,4a,41,48,4b,4d,3e,25,45,5c,47,4d,58,23,47,57,28,43,24,39,5b,41,\"{DA75E6D8-17DC-4080-9051-34F5F0222704}"=hex:d8,e6,75,da,dc,17,80,40,90,51,34, f5,f0,22,27,04,46,53,49,51,31,25,41,3d,43,49,34,23,3d,5e,23,59,41,39,54,4f,\"{816FD6D6-367E-4C40-B8A3-099C9DC961CE}"=hex:d6,d6,6f,81,7e,36,40,4c,b8,a3,09, 9c,9d,c9,61,ce,34,51,33,35,55,25,3e,4b,5d,54,5c,23,43,28,29,2b,5b,39,58,2f,\"{0CD202EA-7CEF-4702-85B7-311CAE2D2C2F}"=hex:ea,02,d2,0c,ef,7c,02,47,85,b7,31, 1c,ae,2d,2c,2f,40,51,36,53,41,25,3c,5d,33,5c,4a,23,3b,56,49,20,59,39,5e,25,\"{A55726DE-7A89-451A-9636-027690A1BE7F}"=hex:de,26,57,a5,89,7a,1a,45,96,36,02, 76,90,a1,be,7f,4f,43,36,45,33,25,4f,53,5b,4f,5d,23,44,54,57,54,43,39,44,5c,\"{6C20E2A4-BE16-443A-8359-3731EDBFDF6C}"=hex:a4,e2,20,6c,16,be,3a,44,83,59,37, 31,ed,bf,df,6c,31,3c,5f,40,51,25,51,5b,5b,5e,4b,23,57,22,5b,42,59,39,26,47,\"{A11C1829-5D4B-48B8-A03A-E2DAA5208F48}"=hex:29,18,1c,a1,4b,5d,b8,48,a0,3a,e2, da,a5,20,8f,48,50,52,30,51,4b,25,4b,39,3c,41,4b,23,47,27,43,46,24,39,52,2e,\"{B7B4AA2C-F9D0-42AE-A87B-FB22B8B3A059}"=hex:2c,aa,b4,b7,d0,f9,ae,42,a8,7b,fb, 22,b8,b3,a0,59,59,46,4e,33,46,25,4f,39,32,58,45,23,5d,51,5f,45,2b,39,4c,42,\"{F3A7A042-02A9-4330-AE7C-9B3983D72517}"=hex:42,a0,a7,f3,a9,02,30,43,ae,7c,9b, 39,83,d7,25,17,52,3d,40,4d,41,25,48,3c,4c,5e,4f,23,3b,24,26,59,40,39,5f,2f,\"{2BA2BA37-A25F-4191-9CEF-638A1A9261F4}"=hex:37,ba,a2,2b,5f,a2,91,41,9c,ef,63, 8a,1a,92,61,f4,52,4e,4d,51,4c,25,47,38,4d,4a,46,23,3b,25,50,26,47,39,53,4f,\"{2656EDBA-C274-443A-985C-AE520E869B56}"=hex:ba,ed,56,26,74,c2,3a,44,98,5c,ae, 52,0e,86,9b,56,55,53,57,52,5f,25,59,48,52,3e,40,23,39,29,56,4b,49,39,52,5a,\"{DEB6CD47-AA07-4F51-8006-34EB9820A8D1}"=hex:47,cd,b6,de,07,aa,51,4f,80,06,34, eb,98,20,a8,d1,55,42,41,4b,44,25,4e,44,47,5b,4f,23,5b,22,5d,25,58,39,4c,42,\"{9C772F37-910F-4DE4-9420-5FFAFF2DD825}"=hex:37,2f,77,9c,0f,91,e4,4d,94,20,5f, fa,ff,2d,d8,25,36,56,32,3e,40,25,43,46,3e,49,54,23,3b,58,52,48,46,39,44,23,\"{21C6A024-0D0E-4104-8795-55918EF9DB47}"=hex:24,a0,c6,21,0e,0d,04,41,87,95,55, 91,8e,f9,db,47,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\"{130E19F9-10E4-4753-9906-B56B7E540DB8}"=hex:f9,19,0e,13,e4,10,53,47,99,06,b5, 6b,7e,54,0d,b8,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\"{5B73420A-B228-4569-9CAB-23239A05D666}"=hex:0a,42,73,5b,28,b2,69,45,9c,ab,23, 23,9a,05,d6,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\"{548D7133-BFC7-463E-B275-BE592A8DB4F4}"=hex:33,71,8d,54,c7,bf,3e,46,b2,75,be, 59,2a,8d,b4,f4,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\"{5193401A-1179-45C6-9EBE-3D3DB170CB99}"=hex:1a,40,93,51,79,11,c6,45,9e,be,3d, 3d,b1,70,cb,99,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\"{D2704A9E-7665-4B5D-BB73-A1E973FB22D5}"=hex:9e,4a,70,d2,65,76,5d,4b,bb,73,a1, e9,73,fb,22,d5,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\"{97D1E1A5-0B77-40E8-BF45-E0B73C97BA2B}"=hex:a5,e1,d1,97,77,0b,e8,40,bf,45,e0, b7,3c,97,ba,2b,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\"{717D9115-604A-4967-BDBE-D15372A017C8}"=hex:15,91,7d,71,4a,60,67,49,bd,be,d1, 53,72,a0,17,c8,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\"{C9762D4F-FC80-486A-8F23-F6B259660F88}"=hex:4f,2d,76,c9,80,fc,6a,48,8f,23,f6, b2,59,66,0f,88,4d,30,36,40,5f,25,3b,48,46,42,4f,23,37,51,44,51,57,39,23,50,\"{23CAB8A1-EE44-4D84-BF8B-12D6487D9C50}"=hex:a1,b8,ca,23,44,ee,84,4d,bf,8b,12, d6,48,7d,9c,50,37,41,49,4a,43,25,41,5c,3c,56,4c,23,4e,42,5d,2b,5d,39,45,4f,\.[HKEY_USERS\S-1-5-21-2799653475-1206912365-1311522834-1001\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Handlers]@Denied: (A) (Everyone)"{770D8AE7-5762-41EC-8FCC-1D5905F29F4D}"=hex:e7,8a,0d,77,62,57,ec,41,8f,cc,1d, 59,05,f2,9f,4d,52,4f,50,50,46,25,3d,48,3f,38,5d,23,3c,53,50,24,59,39,56,52,\"{5C18922F-20A7-4593-96B4-0F6159F38A4A}"=hex:2f,92,18,5c,a7,20,93,45,96,b4,0f, 61,59,f3,8a,4a,41,48,4b,4d,3e,25,45,5c,47,4d,58,23,47,57,28,43,24,39,5b,41,\"{DA75E6D8-17DC-4080-9051-34F5F0222704}"=hex:d8,e6,75,da,dc,17,80,40,90,51,34, f5,f0,22,27,04,46,53,49,51,31,25,41,3d,43,49,34,23,3d,5e,23,59,41,39,54,4f,\"{816FD6D6-367E-4C40-B8A3-099C9DC961CE}"=hex:d6,d6,6f,81,7e,36,40,4c,b8,a3,09, 9c,9d,c9,61,ce,34,51,33,35,55,25,3e,4b,5d,54,5c,23,43,28,29,2b,5b,39,58,2f,\"{0CD202EA-7CEF-4702-85B7-311CAE2D2C2F}"=hex:ea,02,d2,0c,ef,7c,02,47,85,b7,31, 1c,ae,2d,2c,2f,40,51,36,53,41,25,3c,5d,33,5c,4a,23,3b,56,49,20,59,39,5e,25,\"{A55726DE-7A89-451A-9636-027690A1BE7F}"=hex:de,26,57,a5,89,7a,1a,45,96,36,02, 76,90,a1,be,7f,4f,43,36,45,33,25,4f,53,5b,4f,5d,23,44,54,57,54,43,39,44,5c,\"{6C20E2A4-BE16-443A-8359-3731EDBFDF6C}"=hex:a4,e2,20,6c,16,be,3a,44,83,59,37, 31,ed,bf,df,6c,31,3c,5f,40,51,25,51,5b,5b,5e,4b,23,57,22,5b,42,59,39,26,47,\"{A11C1829-5D4B-48B8-A03A-E2DAA5208F48}"=hex:29,18,1c,a1,4b,5d,b8,48,a0,3a,e2, da,a5,20,8f,48,50,52,30,51,4b,25,4b,39,3c,41,4b,23,47,27,43,46,24,39,52,2e,\"{B7B4AA2C-F9D0-42AE-A87B-FB22B8B3A059}"=hex:2c,aa,b4,b7,d0,f9,ae,42,a8,7b,fb, 22,b8,b3,a0,59,59,46,4e,33,46,25,4f,39,32,58,45,23,5d,51,5f,45,2b,39,4c,42,\"{F3A7A042-02A9-4330-AE7C-9B3983D72517}"=hex:42,a0,a7,f3,a9,02,30,43,ae,7c,9b, 39,83,d7,25,17,52,3d,40,4d,41,25,48,3c,4c,5e,4f,23,3b,24,26,59,40,39,5f,2f,\"{2BA2BA37-A25F-4191-9CEF-638A1A9261F4}"=hex:37,ba,a2,2b,5f,a2,91,41,9c,ef,63, 8a,1a,92,61,f4,52,4e,4d,51,4c,25,47,38,4d,4a,46,23,3b,25,50,26,47,39,53,4f,\"{2656EDBA-C274-443A-985C-AE520E869B56}"=hex:ba,ed,56,26,74,c2,3a,44,98,5c,ae, 52,0e,86,9b,56,55,53,57,52,5f,25,59,48,52,3e,40,23,39,29,56,4b,49,39,52,5a,\"{DEB6CD47-AA07-4F51-8006-34EB9820A8D1}"=hex:47,cd,b6,de,07,aa,51,4f,80,06,34, eb,98,20,a8,d1,55,42,41,4b,44,25,4e,44,47,5b,4f,23,5b,22,5d,25,58,39,4c,42,\"{9C772F37-910F-4DE4-9420-5FFAFF2DD825}"=hex:37,2f,77,9c,0f,91,e4,4d,94,20,5f, fa,ff,2d,d8,25,36,56,32,3e,40,25,43,46,3e,49,54,23,3b,58,52,48,46,39,44,23,\"{21C6A024-0D0E-4104-8795-55918EF9DB47}"=hex:24,a0,c6,21,0e,0d,04,41,87,95,55, 91,8e,f9,db,47,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\"{130E19F9-10E4-4753-9906-B56B7E540DB8}"=hex:f9,19,0e,13,e4,10,53,47,99,06,b5, 6b,7e,54,0d,b8,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\"{5B73420A-B228-4569-9CAB-23239A05D666}"=hex:0a,42,73,5b,28,b2,69,45,9c,ab,23, 23,9a,05,d6,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\"{548D7133-BFC7-463E-B275-BE592A8DB4F4}"=hex:33,71,8d,54,c7,bf,3e,46,b2,75,be, 59,2a,8d,b4,f4,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\"{5193401A-1179-45C6-9EBE-3D3DB170CB99}"=hex:1a,40,93,51,79,11,c6,45,9e,be,3d, 3d,b1,70,cb,99,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\"{D2704A9E-7665-4B5D-BB73-A1E973FB22D5}"=hex:9e,4a,70,d2,65,76,5d,4b,bb,73,a1, e9,73,fb,22,d5,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\"{97D1E1A5-0B77-40E8-BF45-E0B73C97BA2B}"=hex:a5,e1,d1,97,77,0b,e8,40,bf,45,e0, b7,3c,97,ba,2b,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\"{717D9115-604A-4967-BDBE-D15372A017C8}"=hex:15,91,7d,71,4a,60,67,49,bd,be,d1, 53,72,a0,17,c8,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\"{C9762D4F-FC80-486A-8F23-F6B259660F88}"=hex:4f,2d,76,c9,80,fc,6a,48,8f,23,f6, b2,59,66,0f,88,4d,30,36,40,5f,25,3b,48,46,42,4f,23,37,51,44,51,57,39,23,50,\"{23CAB8A1-EE44-4D84-BF8B-12D6487D9C50}"=hex:a1,b8,ca,23,44,ee,84,4d,bf,8b,12, d6,48,7d,9c,50,37,41,49,4a,43,25,41,5c,3c,56,4c,23,4e,42,5d,2b,5d,39,45,4f,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\GPSoftware\Directory Opus\Config\System\Data]@Denied: (A) (Everyone)"{B7BB60B4-7142-45F7-8C2E-FDD7B57DF593}"=hex:b4,60,bb,b7,42,71,f7,45,8c,2e,fd, d7,b5,7d,f5,93,59,30,49,40,44,25,45,58,58,44,4b,23,5c,48,5d,46,5f,39,52,42,\"{9F0E3D08-A2F5-45DC-8A8F-F48D094097E9}"=hex:08,3d,0e,9f,f5,a2,dc,45,8a,8f,f4, 8d,09,40,97,e9,55,52,5d,33,49,25,4b,4d,38,5c,4e,23,45,47,47,42,24,39,45,24,\"{F8C11339-F9A6-44B3-97DE-DC54079A11A0}"=hex:39,13,c1,f8,a6,f9,b3,44,97,de,dc, 54,07,9a,11,a0,3a,50,53,31,4f,25,4b,4c,41,56,3b,23,5f,53,42,26,24,39,22,5e,\"{548FE272-4E4A-4B44-8CCA-1066AD4FA654}"=hex:72,e2,8f,54,4a,4e,44,4b,8c,ca,10, 66,ad,4f,a6,54,30,41,50,31,5d,25,44,3f,4a,41,38,23,44,4a,22,26,52,39,44,54,\"{BA5833E3-C6FA-4489-B29E-9AC3FA725315}"=hex:e3,33,58,ba,fa,c6,89,44,b2,9e,9a, c3,fa,72,53,15,3a,56,53,4d,4d,25,42,46,3e,58,49,23,45,54,50,51,4a,39,40,50,\"{08FF8EDF-8986-4F2D-9277-1E51429A7052}"=hex:df,8e,ff,08,86,89,2d,4f,92,77,1e, 51,42,9a,70,52,4d,51,50,33,41,25,3c,5e,3e,49,45,23,5d,40,55,5e,56,39,2d,2f,\"{263D84D3-AE1D-4FF4-83B7-C46ED1D04416}"=hex:d3,84,3d,26,1d,ae,f4,4f,83,b7,c4, 6e,d1,d0,44,16,37,56,36,48,31,25,42,5e,5c,5e,3e,23,4d,56,44,55,57,39,5e,21,\"{0296BEAA-72BF-4174-AA87-6DCB4AC70196}"=hex:aa,be,96,02,bf,72,74,41,aa,87,6d, cb,4a,c7,01,96,37,5e,49,32,4c,25,3d,50,4c,3f,5a,23,5c,57,5b,57,4a,39,4d,53,\"{06FA8F64-0654-4F1F-99BA-EC337E73335D}"=hex:64,8f,fa,06,54,06,1f,4f,99,ba,ec, 33,7e,73,33,5d,50,5c,54,4e,44,25,4d,48,3d,3e,54,23,5a,42,28,46,2a,39,52,40,\"{A240B964-0E23-4BC1-888D-39BAC4781793}"=hex:64,b9,40,a2,23,0e,c1,4b,88,8d,39, ba,c4,78,17,93,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\"{BFBA4A54-2548-4470-8D3A-1A0FA8E8A589}"=hex:54,4a,ba,bf,48,25,70,44,8d,3a,1a, 0f,a8,e8,a5,89,41,47,52,3e,5f,25,58,3f,3d,59,45,23,45,25,24,54,5f,39,4c,5e,\"{A9AD27FF-87B2-4D8D-A41A-CD9ABF400D4C}"=hex:ff,27,ad,a9,b2,87,8d,4d,a4,1a,cd, 9a,bf,40,0d,4c,5b,53,55,55,45,25,4c,39,4c,4a,4f,23,5b,5b,56,25,47,39,54,44,\"{0EBFD787-4D22-4EB7-AC4F-5B0FE63F75DC}"=hex:87,d7,bf,0e,22,4d,b7,4e,ac,4f,5b, 0f,e6,3f,75,dc,42,48,42,5f,40,25,4a,32,5f,46,3a,23,44,27,25,50,47,39,58,20,\"{93280FC8-E8C9-4BF5-83F2-E86EB0A1AB96}"=hex:c8,0f,28,93,c9,e8,f5,4b,83,f2,e8, 6e,b0,a1,ab,96,55,4c,57,55,4c,25,53,38,41,5d,5a,23,44,23,24,59,42,39,23,53,\"{EA2F8194-3248-468F-818A-D6C6C5A81F0B}"=hex:94,81,2f,ea,48,32,8f,46,81,8a,d6, c6,c5,a8,1f,0b,31,55,53,40,5e,25,30,4e,5d,5b,39,23,5b,52,24,42,59,39,53,51,\"{D6B353D4-E01F-4B5E-880A-CF451B2DA2DC}"=hex:d4,53,b3,d6,1f,e0,5e,4b,88,0a,cf, 45,1b,2d,a2,dc,48,37,5f,53,57,25,4d,3f,4d,5c,4a,23,4b,53,5d,57,50,39,26,5d,\"{ADF109C2-E019-46B4-8A45-50EE4E05ACD5}"=hex:c2,09,f1,ad,19,e0,b4,46,8a,45,50, ee,4e,05,ac,d5,3b,3d,36,51,55,25,5f,41,38,3f,49,23,41,58,59,41,5d,39,40,58,\"{7C78BDE2-E4D9-47E1-979E-2BD66D980966}"=hex:e2,bd,78,7c,d9,e4,e1,47,97,9e,2b, d6,6d,98,09,66,4f,31,50,3e,57,25,4e,3e,3e,55,45,23,58,47,24,26,55,39,47,5d,\"{2B3E4D5E-3284-4EB8-B822-D3E7EB3E08C5}"=hex:5e,4d,3e,2b,84,32,b8,4e,b8,22,d3, e7,eb,3e,08,c5,44,4e,4d,51,5e,25,5e,33,47,59,46,23,56,43,24,53,4b,39,58,2f,\"{88635AE5-6FB4-43E4-A490-7FBD51376101}"=hex:e5,5a,63,88,b4,6f,e4,43,a4,90,7f, bd,51,37,61,01,52,57,5c,30,41,25,42,5a,53,3e,58,23,49,5d,40,57,4a,39,4c,2f,\"{E5C2DE84-473B-4E6E-8BA4-90C864770037}"=hex:84,de,c2,e5,3b,47,6e,4e,8b,a4,90, c8,64,77,00,37,55,46,46,5c,3f,25,3f,47,53,59,3f,23,59,4a,47,45,20,39,26,41,\"{F97AB5E9-B107-467B-A485-08D04E42E224}"=hex:e9,b5,7a,f9,07,b1,7b,46,a4,85,08, d0,4e,42,e2,24,56,54,33,52,42,25,4b,5d,53,5b,46,23,45,5e,49,2a,52,39,59,40,\"{BDAD6B4D-92ED-424B-BA72-447505A47940}"=hex:4d,6b,ad,bd,ed,92,4b,42,ba,72,44, 75,05,a4,79,40,49,50,51,4c,51,25,31,52,4f,4d,4f,23,39,48,5a,50,43,39,47,42,\"{E03BF5E7-3FDD-4A0A-97F9-22A279515846}"=hex:e7,f5,3b,e0,dd,3f,0a,4a,97,f9,22, a2,79,51,58,46,50,40,55,4b,55,25,41,5d,5d,44,59,23,3b,41,56,42,5e,39,46,51,\"{809800B1-28BD-4318-B1C8-3133D063E46D}"=hex:b1,00,98,80,bd,28,18,43,b1,c8,31, 33,d0,63,e4,6d,40,31,56,3f,45,25,59,48,51,3f,3e,23,37,51,46,2a,27,39,51,24,\"{570CAA09-3FC2-43F7-B638-34129523FD8A}"=hex:09,aa,0c,57,c2,3f,f7,43,b6,38,34, 12,95,23,fd,8a,48,33,40,54,3f,25,50,40,5a,40,35,23,3b,25,5c,5f,2b,39,4f,45,\"{054FEDCE-ADEC-41A2-BDF3-6F3EFA7A3351}"=hex:ce,ed,4f,05,ec,ad,a2,41,bd,f3,6f, 3e,fa,7a,33,51,3b,3c,3d,52,41,25,50,4c,45,40,58,23,5b,5d,42,25,50,39,57,43,\"{185373AC-4C62-4B62-B56B-E6204E35CE37}"=hex:ac,73,53,18,62,4c,62,4b,b5,6b,e6, 20,4e,35,ce,37,41,31,46,50,30,25,4e,38,3e,39,4e,23,4a,26,5d,40,56,39,51,21,\"{FBC0FF15-8EE6-4887-B131-F75B3D1FC6E2}"=hex:15,ff,c0,fb,e6,8e,87,48,b1,31,f7, 5b,3d,1f,c6,e2,45,40,4e,4a,4d,25,42,4b,5f,55,43,23,4a,48,5c,2a,58,39,43,45,\"{C84186D5-81B8-4290-A3AA-619BF998DD76}"=hex:d5,86,41,c8,b8,81,90,42,a3,aa,61, 9b,f9,98,dd,76,4f,42,3d,42,5d,25,4c,33,4c,46,3e,23,5a,48,5f,44,5d,39,52,58,\"{B854512D-D45C-4C7F-9DC7-2A1F26901028}"=hex:2d,51,54,b8,5c,d4,7f,4c,9d,c7,2a, 1f,26,90,10,28,5b,31,46,32,45,25,48,33,48,5f,39,23,43,46,5b,5c,46,39,56,5b,\"{6677E81D-E302-43CD-B86E-41E3C41D5C40}"=hex:1d,e8,77,66,02,e3,cd,43,b8,6e,41, e3,c4,1d,5c,40,4e,3c,4e,40,54,25,50,42,5f,44,54,23,58,26,53,4b,50,39,50,55,\"{789DC87C-F610-4FF0-9A5F-6F7FCA94554F}"=hex:7c,c8,9d,78,10,f6,f0,4f,9a,5f,6f, 7f,ca,94,55,4f,31,4a,32,3e,49,25,4a,4f,4c,4d,59,23,38,57,44,56,56,39,57,4c,\"{58E689A9-051A-45EF-B288-0845E9B8B23D}"=hex:a9,89,e6,58,1a,05,ef,45,b2,88,08, 45,e9,b8,b2,3d,4b,57,43,33,53,25,5c,4d,38,58,3f,23,58,5d,40,59,25,39,59,45,\"{A7103D2D-582B-47EB-AED4-BF4076E5E7BA}"=hex:2d,3d,10,a7,2b,58,eb,47,ae,d4,bf, 40,76,e5,e7,ba,5b,5d,40,4b,44,25,58,33,3c,4e,5b,23,37,5c,27,26,56,39,58,25,\"{2BE8E93F-DC91-4454-B5BE-E55A34132845}"=hex:3f,e9,e8,2b,91,dc,54,44,b5,be,e5, 5a,34,13,28,45,49,48,4d,40,34,25,3d,5e,3f,5f,4e,23,3b,43,47,58,59,39,40,55,\"{0BB61490-C36C-42C8-B4B6-7F7EB5D2E69D}"=hex:90,14,b6,0b,6c,c3,c8,42,b4,b6,7f, 7e,b5,d2,e6,9d,50,4f,56,40,53,25,43,4b,33,40,4a,23,39,48,49,26,5f,39,26,5b,\"{FAF6E97F-20F3-4730-B263-A9B24E8A7490}"=hex:7f,e9,f6,fa,f3,20,30,47,b2,63,a9, b2,4e,8a,74,90,5b,46,54,48,31,25,53,50,47,5f,49,23,39,58,40,5f,56,39,4d,22,\"{770D8AE7-5762-41EC-8FCC-1D5905F29F4D}"=hex:e7,8a,0d,77,62,57,ec,41,8f,cc,1d, 59,05,f2,9f,4d,52,4f,50,50,46,25,3d,48,3f,38,5d,23,3c,53,50,24,59,39,56,52,\"{5C18922F-20A7-4593-96B4-0F6159F38A4A}"=hex:2f,92,18,5c,a7,20,93,45,96,b4,0f, 61,59,f3,8a,4a,41,48,4b,4d,3e,25,45,5c,47,4d,58,23,47,57,28,43,24,39,5b,41,\"{DA75E6D8-17DC-4080-9051-34F5F0222704}"=hex:d8,e6,75,da,dc,17,80,40,90,51,34, f5,f0,22,27,04,46,53,49,51,31,25,41,3d,43,49,34,23,3d,5e,23,59,41,39,54,4f,\"{816FD6D6-367E-4C40-B8A3-099C9DC961CE}"=hex:d6,d6,6f,81,7e,36,40,4c,b8,a3,09, 9c,9d,c9,61,ce,34,51,33,35,55,25,3e,4b,5d,54,5c,23,43,28,29,2b,5b,39,58,2f,\"{0CD202EA-7CEF-4702-85B7-311CAE2D2C2F}"=hex:ea,02,d2,0c,ef,7c,02,47,85,b7,31, 1c,ae,2d,2c,2f,40,51,36,53,41,25,3c,5d,33,5c,4a,23,3b,56,49,20,59,39,5e,25,\"{A55726DE-7A89-451A-9636-027690A1BE7F}"=hex:de,26,57,a5,89,7a,1a,45,96,36,02, 76,90,a1,be,7f,4f,43,36,45,33,25,4f,53,5b,4f,5d,23,44,54,57,54,43,39,44,5c,\"{6C20E2A4-BE16-443A-8359-3731EDBFDF6C}"=hex:a4,e2,20,6c,16,be,3a,44,83,59,37, 31,ed,bf,df,6c,31,3c,5f,40,51,25,51,5b,5b,5e,4b,23,57,22,5b,42,59,39,26,47,\"{A11C1829-5D4B-48B8-A03A-E2DAA5208F48}"=hex:29,18,1c,a1,4b,5d,b8,48,a0,3a,e2, da,a5,20,8f,48,50,52,30,51,4b,25,4b,39,3c,41,4b,23,47,27,43,46,24,39,52,2e,\"{B7B4AA2C-F9D0-42AE-A87B-FB22B8B3A059}"=hex:2c,aa,b4,b7,d0,f9,ae,42,a8,7b,fb, 22,b8,b3,a0,59,59,46,4e,33,46,25,4f,39,32,58,45,23,5d,51,5f,45,2b,39,4c,42,\"{F3A7A042-02A9-4330-AE7C-9B3983D72517}"=hex:42,a0,a7,f3,a9,02,30,43,ae,7c,9b, 39,83,d7,25,17,52,3d,40,4d,41,25,48,3c,4c,5e,4f,23,3b,24,26,59,40,39,5f,2f,\"{2BA2BA37-A25F-4191-9CEF-638A1A9261F4}"=hex:37,ba,a2,2b,5f,a2,91,41,9c,ef,63, 8a,1a,92,61,f4,52,4e,4d,51,4c,25,47,38,4d,4a,46,23,3b,25,50,26,47,39,53,4f,\"{2656EDBA-C274-443A-985C-AE520E869B56}"=hex:ba,ed,56,26,74,c2,3a,44,98,5c,ae, 52,0e,86,9b,56,55,53,57,52,5f,25,59,48,52,3e,40,23,39,29,56,4b,49,39,52,5a,\"{DEB6CD47-AA07-4F51-8006-34EB9820A8D1}"=hex:47,cd,b6,de,07,aa,51,4f,80,06,34, eb,98,20,a8,d1,55,42,41,4b,44,25,4e,44,47,5b,4f,23,5b,22,5d,25,58,39,4c,42,\"{9C772F37-910F-4DE4-9420-5FFAFF2DD825}"=hex:37,2f,77,9c,0f,91,e4,4d,94,20,5f, fa,ff,2d,d8,25,36,56,32,3e,40,25,43,46,3e,49,54,23,3b,58,52,48,46,39,44,23,\"{21C6A024-0D0E-4104-8795-55918EF9DB47}"=hex:24,a0,c6,21,0e,0d,04,41,87,95,55, 91,8e,f9,db,47,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\"{130E19F9-10E4-4753-9906-B56B7E540DB8}"=hex:f9,19,0e,13,e4,10,53,47,99,06,b5, 6b,7e,54,0d,b8,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\"{5B73420A-B228-4569-9CAB-23239A05D666}"=hex:0a,42,73,5b,28,b2,69,45,9c,ab,23, 23,9a,05,d6,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\"{548D7133-BFC7-463E-B275-BE592A8DB4F4}"=hex:33,71,8d,54,c7,bf,3e,46,b2,75,be, 59,2a,8d,b4,f4,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\"{5193401A-1179-45C6-9EBE-3D3DB170CB99}"=hex:1a,40,93,51,79,11,c6,45,9e,be,3d, 3d,b1,70,cb,99,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\"{D2704A9E-7665-4B5D-BB73-A1E973FB22D5}"=hex:9e,4a,70,d2,65,76,5d,4b,bb,73,a1, e9,73,fb,22,d5,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\"{97D1E1A5-0B77-40E8-BF45-E0B73C97BA2B}"=hex:a5,e1,d1,97,77,0b,e8,40,bf,45,e0, b7,3c,97,ba,2b,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\"{717D9115-604A-4967-BDBE-D15372A017C8}"=hex:15,91,7d,71,4a,60,67,49,bd,be,d1, 53,72,a0,17,c8,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\"{C9762D4F-FC80-486A-8F23-F6B259660F88}"=hex:4f,2d,76,c9,80,fc,6a,48,8f,23,f6, b2,59,66,0f,88,4d,30,36,40,5f,25,3b,48,46,42,4f,23,37,51,44,51,57,39,23,50,\"{23CAB8A1-EE44-4D84-BF8B-12D6487D9C50}"=hex:a1,b8,ca,23,44,ee,84,4d,bf,8b,12, d6,48,7d,9c,50,37,41,49,4a,43,25,41,5c,3c,56,4c,23,4e,42,5d,2b,5d,39,45,4f,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DesktopInterfaceMethod]@Denied: (A) (Everyone)"{B7BB60B4-7142-45F7-8C2E-FDD7B57DF593}"=hex:b4,60,bb,b7,42,71,f7,45,8c,2e,fd, d7,b5,7d,f5,93,59,30,49,40,44,25,45,58,58,44,4b,23,5c,48,5d,46,5f,39,52,42,\"{9F0E3D08-A2F5-45DC-8A8F-F48D094097E9}"=hex:08,3d,0e,9f,f5,a2,dc,45,8a,8f,f4, 8d,09,40,97,e9,55,52,5d,33,49,25,4b,4d,38,5c,4e,23,45,47,47,42,24,39,45,24,\"{F8C11339-F9A6-44B3-97DE-DC54079A11A0}"=hex:39,13,c1,f8,a6,f9,b3,44,97,de,dc, 54,07,9a,11,a0,3a,50,53,31,4f,25,4b,4c,41,56,3b,23,5f,53,42,26,24,39,22,5e,\"{548FE272-4E4A-4B44-8CCA-1066AD4FA654}"=hex:72,e2,8f,54,4a,4e,44,4b,8c,ca,10, 66,ad,4f,a6,54,30,41,50,31,5d,25,44,3f,4a,41,38,23,44,4a,22,26,52,39,44,54,\"{BA5833E3-C6FA-4489-B29E-9AC3FA725315}"=hex:e3,33,58,ba,fa,c6,89,44,b2,9e,9a, c3,fa,72,53,15,3a,56,53,4d,4d,25,42,46,3e,58,49,23,45,54,50,51,4a,39,40,50,\"{08FF8EDF-8986-4F2D-9277-1E51429A7052}"=hex:df,8e,ff,08,86,89,2d,4f,92,77,1e, 51,42,9a,70,52,4d,51,50,33,41,25,3c,5e,3e,49,45,23,5d,40,55,5e,56,39,2d,2f,\"{263D84D3-AE1D-4FF4-83B7-C46ED1D04416}"=hex:d3,84,3d,26,1d,ae,f4,4f,83,b7,c4, 6e,d1,d0,44,16,37,56,36,48,31,25,42,5e,5c,5e,3e,23,4d,56,44,55,57,39,5e,21,\"{0296BEAA-72BF-4174-AA87-6DCB4AC70196}"=hex:aa,be,96,02,bf,72,74,41,aa,87,6d, cb,4a,c7,01,96,37,5e,49,32,4c,25,3d,50,4c,3f,5a,23,5c,57,5b,57,4a,39,4d,53,\"{06FA8F64-0654-4F1F-99BA-EC337E73335D}"=hex:64,8f,fa,06,54,06,1f,4f,99,ba,ec, 33,7e,73,33,5d,50,5c,54,4e,44,25,4d,48,3d,3e,54,23,5a,42,28,46,2a,39,52,40,\"{A240B964-0E23-4BC1-888D-39BAC4781793}"=hex:64,b9,40,a2,23,0e,c1,4b,88,8d,39, ba,c4,78,17,93,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\"{BFBA4A54-2548-4470-8D3A-1A0FA8E8A589}"=hex:54,4a,ba,bf,48,25,70,44,8d,3a,1a, 0f,a8,e8,a5,89,41,47,52,3e,5f,25,58,3f,3d,59,45,23,45,25,24,54,5f,39,4c,5e,\"{A9AD27FF-87B2-4D8D-A41A-CD9ABF400D4C}"=hex:ff,27,ad,a9,b2,87,8d,4d,a4,1a,cd, 9a,bf,40,0d,4c,5b,53,55,55,45,25,4c,39,4c,4a,4f,23,5b,5b,56,25,47,39,54,44,\"{0EBFD787-4D22-4EB7-AC4F-5B0FE63F75DC}"=hex:87,d7,bf,0e,22,4d,b7,4e,ac,4f,5b, 0f,e6,3f,75,dc,42,48,42,5f,40,25,4a,32,5f,46,3a,23,44,27,25,50,47,39,58,20,\"{93280FC8-E8C9-4BF5-83F2-E86EB0A1AB96}"=hex:c8,0f,28,93,c9,e8,f5,4b,83,f2,e8, 6e,b0,a1,ab,96,55,4c,57,55,4c,25,53,38,41,5d,5a,23,44,23,24,59,42,39,23,53,\"{EA2F8194-3248-468F-818A-D6C6C5A81F0B}"=hex:94,81,2f,ea,48,32,8f,46,81,8a,d6, c6,c5,a8,1f,0b,31,55,53,40,5e,25,30,4e,5d,5b,39,23,5b,52,24,42,59,39,53,51,\"{D6B353D4-E01F-4B5E-880A-CF451B2DA2DC}"=hex:d4,53,b3,d6,1f,e0,5e,4b,88,0a,cf, 45,1b,2d,a2,dc,48,37,5f,53,57,25,4d,3f,4d,5c,4a,23,4b,53,5d,57,50,39,26,5d,\"{ADF109C2-E019-46B4-8A45-50EE4E05ACD5}"=hex:c2,09,f1,ad,19,e0,b4,46,8a,45,50, ee,4e,05,ac,d5,3b,3d,36,51,55,25,5f,41,38,3f,49,23,41,58,59,41,5d,39,40,58,\"{7C78BDE2-E4D9-47E1-979E-2BD66D980966}"=hex:e2,bd,78,7c,d9,e4,e1,47,97,9e,2b, d6,6d,98,09,66,4f,31,50,3e,57,25,4e,3e,3e,55,45,23,58,47,24,26,55,39,47,5d,\"{2B3E4D5E-3284-4EB8-B822-D3E7EB3E08C5}"=hex:5e,4d,3e,2b,84,32,b8,4e,b8,22,d3, e7,eb,3e,08,c5,44,4e,4d,51,5e,25,5e,33,47,59,46,23,56,43,24,53,4b,39,58,2f,\"{88635AE5-6FB4-43E4-A490-7FBD51376101}"=hex:e5,5a,63,88,b4,6f,e4,43,a4,90,7f, bd,51,37,61,01,52,57,5c,30,41,25,42,5a,53,3e,58,23,49,5d,40,57,4a,39,4c,2f,\"{E5C2DE84-473B-4E6E-8BA4-90C864770037}"=hex:84,de,c2,e5,3b,47,6e,4e,8b,a4,90, c8,64,77,00,37,55,46,46,5c,3f,25,3f,47,53,59,3f,23,59,4a,47,45,20,39,26,41,\"{F97AB5E9-B107-467B-A485-08D04E42E224}"=hex:e9,b5,7a,f9,07,b1,7b,46,a4,85,08, d0,4e,42,e2,24,56,54,33,52,42,25,4b,5d,53,5b,46,23,45,5e,49,2a,52,39,59,40,\"{BDAD6B4D-92ED-424B-BA72-447505A47940}"=hex:4d,6b,ad,bd,ed,92,4b,42,ba,72,44, 75,05,a4,79,40,49,50,51,4c,51,25,31,52,4f,4d,4f,23,39,48,5a,50,43,39,47,42,\"{E03BF5E7-3FDD-4A0A-97F9-22A279515846}"=hex:e7,f5,3b,e0,dd,3f,0a,4a,97,f9,22, a2,79,51,58,46,50,40,55,4b,55,25,41,5d,5d,44,59,23,3b,41,56,42,5e,39,46,51,\"{809800B1-28BD-4318-B1C8-3133D063E46D}"=hex:b1,00,98,80,bd,28,18,43,b1,c8,31, 33,d0,63,e4,6d,40,31,56,3f,45,25,59,48,51,3f,3e,23,37,51,46,2a,27,39,51,24,\"{570CAA09-3FC2-43F7-B638-34129523FD8A}"=hex:09,aa,0c,57,c2,3f,f7,43,b6,38,34, 12,95,23,fd,8a,48,33,40,54,3f,25,50,40,5a,40,35,23,3b,25,5c,5f,2b,39,4f,45,\"{054FEDCE-ADEC-41A2-BDF3-6F3EFA7A3351}"=hex:ce,ed,4f,05,ec,ad,a2,41,bd,f3,6f, 3e,fa,7a,33,51,3b,3c,3d,52,41,25,50,4c,45,40,58,23,5b,5d,42,25,50,39,57,43,\"{185373AC-4C62-4B62-B56B-E6204E35CE37}"=hex:ac,73,53,18,62,4c,62,4b,b5,6b,e6, 20,4e,35,ce,37,41,31,46,50,30,25,4e,38,3e,39,4e,23,4a,26,5d,40,56,39,51,21,\"{FBC0FF15-8EE6-4887-B131-F75B3D1FC6E2}"=hex:15,ff,c0,fb,e6,8e,87,48,b1,31,f7, 5b,3d,1f,c6,e2,45,40,4e,4a,4d,25,42,4b,5f,55,43,23,4a,48,5c,2a,58,39,43,45,\"{C84186D5-81B8-4290-A3AA-619BF998DD76}"=hex:d5,86,41,c8,b8,81,90,42,a3,aa,61, 9b,f9,98,dd,76,4f,42,3d,42,5d,25,4c,33,4c,46,3e,23,5a,48,5f,44,5d,39,52,58,\"{B854512D-D45C-4C7F-9DC7-2A1F26901028}"=hex:2d,51,54,b8,5c,d4,7f,4c,9d,c7,2a, 1f,26,90,10,28,5b,31,46,32,45,25,48,33,48,5f,39,23,43,46,5b,5c,46,39,56,5b,\"{6677E81D-E302-43CD-B86E-41E3C41D5C40}"=hex:1d,e8,77,66,02,e3,cd,43,b8,6e,41, e3,c4,1d,5c,40,4e,3c,4e,40,54,25,50,42,5f,44,54,23,58,26,53,4b,50,39,50,55,\"{789DC87C-F610-4FF0-9A5F-6F7FCA94554F}"=hex:7c,c8,9d,78,10,f6,f0,4f,9a,5f,6f, 7f,ca,94,55,4f,31,4a,32,3e,49,25,4a,4f,4c,4d,59,23,38,57,44,56,56,39,57,4c,\"{58E689A9-051A-45EF-B288-0845E9B8B23D}"=hex:a9,89,e6,58,1a,05,ef,45,b2,88,08, 45,e9,b8,b2,3d,4b,57,43,33,53,25,5c,4d,38,58,3f,23,58,5d,40,59,25,39,59,45,\"{A7103D2D-582B-47EB-AED4-BF4076E5E7BA}"=hex:2d,3d,10,a7,2b,58,eb,47,ae,d4,bf, 40,76,e5,e7,ba,5b,5d,40,4b,44,25,58,33,3c,4e,5b,23,37,5c,27,26,56,39,58,25,\"{2BE8E93F-DC91-4454-B5BE-E55A34132845}"=hex:3f,e9,e8,2b,91,dc,54,44,b5,be,e5, 5a,34,13,28,45,49,48,4d,40,34,25,3d,5e,3f,5f,4e,23,3b,43,47,58,59,39,40,55,\"{0BB61490-C36C-42C8-B4B6-7F7EB5D2E69D}"=hex:90,14,b6,0b,6c,c3,c8,42,b4,b6,7f, 7e,b5,d2,e6,9d,50,4f,56,40,53,25,43,4b,33,40,4a,23,39,48,49,26,5f,39,26,5b,\"{FAF6E97F-20F3-4730-B263-A9B24E8A7490}"=hex:7f,e9,f6,fa,f3,20,30,47,b2,63,a9, b2,4e,8a,74,90,5b,46,54,48,31,25,53,50,47,5f,49,23,39,58,40,5f,56,39,4d,22,\"{770D8AE7-5762-41EC-8FCC-1D5905F29F4D}"=hex:e7,8a,0d,77,62,57,ec,41,8f,cc,1d, 59,05,f2,9f,4d,52,4f,50,50,46,25,3d,48,3f,38,5d,23,3c,53,50,24,59,39,56,52,\"{5C18922F-20A7-4593-96B4-0F6159F38A4A}"=hex:2f,92,18,5c,a7,20,93,45,96,b4,0f, 61,59,f3,8a,4a,41,48,4b,4d,3e,25,45,5c,47,4d,58,23,47,57,28,43,24,39,5b,41,\"{DA75E6D8-17DC-4080-9051-34F5F0222704}"=hex:d8,e6,75,da,dc,17,80,40,90,51,34, f5,f0,22,27,04,46,53,49,51,31,25,41,3d,43,49,34,23,3d,5e,23,59,41,39,54,4f,\"{816FD6D6-367E-4C40-B8A3-099C9DC961CE}"=hex:d6,d6,6f,81,7e,36,40,4c,b8,a3,09, 9c,9d,c9,61,ce,34,51,33,35,55,25,3e,4b,5d,54,5c,23,43,28,29,2b,5b,39,58,2f,\"{0CD202EA-7CEF-4702-85B7-311CAE2D2C2F}"=hex:ea,02,d2,0c,ef,7c,02,47,85,b7,31, 1c,ae,2d,2c,2f,40,51,36,53,41,25,3c,5d,33,5c,4a,23,3b,56,49,20,59,39,5e,25,\"{A55726DE-7A89-451A-9636-027690A1BE7F}"=hex:de,26,57,a5,89,7a,1a,45,96,36,02, 76,90,a1,be,7f,4f,43,36,45,33,25,4f,53,5b,4f,5d,23,44,54,57,54,43,39,44,5c,\"{6C20E2A4-BE16-443A-8359-3731EDBFDF6C}"=hex:a4,e2,20,6c,16,be,3a,44,83,59,37, 31,ed,bf,df,6c,31,3c,5f,40,51,25,51,5b,5b,5e,4b,23,57,22,5b,42,59,39,26,47,\"{A11C1829-5D4B-48B8-A03A-E2DAA5208F48}"=hex:29,18,1c,a1,4b,5d,b8,48,a0,3a,e2, da,a5,20,8f,48,50,52,30,51,4b,25,4b,39,3c,41,4b,23,47,27,43,46,24,39,52,2e,\"{B7B4AA2C-F9D0-42AE-A87B-FB22B8B3A059}"=hex:2c,aa,b4,b7,d0,f9,ae,42,a8,7b,fb, 22,b8,b3,a0,59,59,46,4e,33,46,25,4f,39,32,58,45,23,5d,51,5f,45,2b,39,4c,42,\"{F3A7A042-02A9-4330-AE7C-9B3983D72517}"=hex:42,a0,a7,f3,a9,02,30,43,ae,7c,9b, 39,83,d7,25,17,52,3d,40,4d,41,25,48,3c,4c,5e,4f,23,3b,24,26,59,40,39,5f,2f,\"{2BA2BA37-A25F-4191-9CEF-638A1A9261F4}"=hex:37,ba,a2,2b,5f,a2,91,41,9c,ef,63, 8a,1a,92,61,f4,52,4e,4d,51,4c,25,47,38,4d,4a,46,23,3b,25,50,26,47,39,53,4f,\"{2656EDBA-C274-443A-985C-AE520E869B56}"=hex:ba,ed,56,26,74,c2,3a,44,98,5c,ae, 52,0e,86,9b,56,55,53,57,52,5f,25,59,48,52,3e,40,23,39,29,56,4b,49,39,52,5a,\"{DEB6CD47-AA07-4F51-8006-34EB9820A8D1}"=hex:47,cd,b6,de,07,aa,51,4f,80,06,34, eb,98,20,a8,d1,55,42,41,4b,44,25,4e,44,47,5b,4f,23,5b,22,5d,25,58,39,4c,42,\"{9C772F37-910F-4DE4-9420-5FFAFF2DD825}"=hex:37,2f,77,9c,0f,91,e4,4d,94,20,5f, fa,ff,2d,d8,25,36,56,32,3e,40,25,43,46,3e,49,54,23,3b,58,52,48,46,39,44,23,\"{21C6A024-0D0E-4104-8795-55918EF9DB47}"=hex:24,a0,c6,21,0e,0d,04,41,87,95,55, 91,8e,f9,db,47,41,57,56,4d,4c,25,5d,33,3f,35,4a,23,37,57,47,48,44,39,4f,25,\"{130E19F9-10E4-4753-9906-B56B7E540DB8}"=hex:f9,19,0e,13,e4,10,53,47,99,06,b5, 6b,7e,54,0d,b8,46,48,37,3f,46,25,3a,47,5b,5a,38,23,56,26,5b,2a,45,39,4d,5e,\"{5B73420A-B228-4569-9CAB-23239A05D666}"=hex:0a,42,73,5b,28,b2,69,45,9c,ab,23, 23,9a,05,d6,66,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\"{548D7133-BFC7-463E-B275-BE592A8DB4F4}"=hex:33,71,8d,54,c7,bf,3e,46,b2,75,be, 59,2a,8d,b4,f4,37,42,5c,4e,4a,25,3b,5f,43,47,35,23,39,40,5b,43,47,39,45,5a,\"{5193401A-1179-45C6-9EBE-3D3DB170CB99}"=hex:1a,40,93,51,79,11,c6,45,9e,be,3d, 3d,b1,70,cb,99,46,55,51,45,49,25,5b,4d,47,4a,5d,23,5e,5e,40,51,5f,39,56,24,\"{D2704A9E-7665-4B5D-BB73-A1E973FB22D5}"=hex:9e,4a,70,d2,65,76,5d,4b,bb,73,a1, e9,73,fb,22,d5,5b,5e,44,35,52,25,44,4d,4f,3f,39,23,43,52,55,5c,2b,39,59,5e,\"{97D1E1A5-0B77-40E8-BF45-E0B73C97BA2B}"=hex:a5,e1,d1,97,77,0b,e8,40,bf,45,e0, b7,3c,97,ba,2b,49,5d,4e,34,4d,25,59,46,5e,49,46,23,48,24,47,2a,5f,39,26,4f,\"{717D9115-604A-4967-BDBE-D15372A017C8}"=hex:15,91,7d,71,4a,60,67,49,bd,be,d1, 53,72,a0,17,c8,56,55,5c,33,30,25,4a,38,41,3a,38,23,5d,5d,5c,55,43,39,45,20,\"{C9762D4F-FC80-486A-8F23-F6B259660F88}"=hex:4f,2d,76,c9,80,fc,6a,48,8f,23,f6, b2,59,66,0f,88,4d,30,36,40,5f,25,3b,48,46,42,4f,23,37,51,44,51,57,39,23,50,\"{23CAB8A1-EE44-4D84-BF8B-12D6487D9C50}"=hex:a1,b8,ca,23,44,ee,84,4d,bf,8b,12, d6,48,7d,9c,50,37,41,49,4a,43,25,41,5c,3c,56,4c,23,4e,42,5d,2b,5d,39,45,4f,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exec:\program files (x86)\FileZilla Server\FileZilla Server.exec:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exec:\program files (x86)\IObit\Advanced SystemCare 6\Monitor.exec:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exec:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exec:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exec:\windows\SysWOW64\vmnat.exec:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exec:\program files (x86)\VMware\VMware Player\vmware-authd.exec:\windows\SysWOW64\vmnetdhcp.exec:\users\webberk\AppData\Roaming\Dropbox\bin\Dropbox.exec:\program files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exec:\program files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe.**************************************************************************.Completion time: 2013-12-15 23:48:00 - machine was rebootedComboFix-quarantined-files.txt 2013-12-16 05:47ComboFix2.txt 2012-09-28 00:41.Pre-Run: 782,984,990,720 bytes freePost-Run: 782,735,630,336 bytes free.- - End Of File - - 1EFFC6C01276A925DE0583BB347340B5A36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
Maniac Posted December 16, 2013 ID:765054 Share Posted December 16, 2013 Thanks! Please scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your Desktop.Double click on the to download the ESET Smart Installer. icon on your Desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under Scan Settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button. Link to post Share on other sites More sharing options...
krwebber53 Posted December 16, 2013 Author ID:765237 Share Posted December 16, 2013 ESET finished with message "No threats found".So far today, I have not received the IP BLOCK message.The last IP BLOCK message in the protection-log files is dated 2013/12/15 23:12:27 Link to post Share on other sites More sharing options...
Maniac Posted December 17, 2013 ID:765475 Share Posted December 17, 2013 One last scan, please: Please download the Kaspersky Virus Removal Tool from here to your Desktop. Double-click the Removal Tool. Click the cog in the upper right corner: Select down to and including your main drive. Once done please select the Automatic Scan tab and press Start Scan. Allow AVP to delete all infections found. Once it has finished select the Report tab. Select the Detected threats report from the left and press the Save button. Save it to your Desktop and post the contents in your next reply. Link to post Share on other sites More sharing options...
krwebber53 Posted December 17, 2013 Author ID:765633 Share Posted December 17, 2013 Kapersky still running - 33% - so far no threats detected Link to post Share on other sites More sharing options...
krwebber53 Posted December 18, 2013 Author ID:765777 Share Posted December 18, 2013 Kapersky finished - no threats found. Also no reoccurence of the IP Block message. Link to post Share on other sites More sharing options...
Maniac Posted December 18, 2013 ID:765799 Share Posted December 18, 2013 Glad I could help! Step 1Download OTC to your desktop and run itClick Yes to beginning the Cleanup process and remove these components, including this application.You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.Step 2Double click on AdwCleaner.exe to run the tool.Click on UninstallConfirm with YesStep 3 Please uninstall ESET Online Scanner and manually delete Kaspersky AVP . Step 4 Some malware preventions: users.telenet.be/bluepatchy/miekiemoes/prevention.html Safe surfing! Link to post Share on other sites More sharing options...
Recommended Posts