Jump to content

Cannot change LAN settings


Recommended Posts

I am getting an error with IE and Chrome that it is unable to connect to the proxy server.  I do not have a proxy server set up.  When I go into settings and LAN settings and uncheck the use proxy server, it returns immediately after leaving the connections tab.  Here are the logs.

 

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 1/25/2010 3:07:52 PM
System Uptime: 3/25/2014 7:18:31 PM (0 hours ago)
.
Motherboard: Gateway |  | RS780
Processor: AMD Phenom II X4 805 Processor | AM2 | 2500/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 916 GiB total, 477.833 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&2A700557&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&2A700557&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP446: 3/13/2014 3:00:13 AM - Windows Update
RP447: 3/18/2014 2:21:59 AM - Windows Update
RP448: 3/18/2014 3:00:10 AM - Windows Update
RP449: 3/21/2014 10:58:44 AM - Windows Update
RP450: 3/25/2014 2:28:26 AM - Restore Operation
RP451: 3/25/2014 3:01:06 AM - Windows Update
RP452: 3/25/2014 8:10:54 AM - Windows Update
RP453: 3/25/2014 8:38:03 AM - Removed Adobe Reader 9.4.5 MUI.
RP454: 3/25/2014 8:40:29 AM - Removed Box Sync
RP455: 3/25/2014 8:41:40 AM - Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
RP456: 3/25/2014 8:42:23 AM - Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
RP457: 3/25/2014 9:16:53 AM - Restore Operation
RP458: 3/25/2014 6:32:53 PM - Windows Modules Installer
RP459: 3/25/2014 6:35:08 PM - Windows Modules Installer
RP460: 3/25/2014 7:27:16 PM - Windows Live Essentials
RP461: 3/25/2014 7:30:02 PM - Installed DirectX
RP462: 3/25/2014 7:30:53 PM - Installed DirectX
RP463: 3/25/2014 7:31:18 PM - Installed DirectX
RP464: 3/25/2014 7:32:09 PM - WLSetup
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 12 ActiveX
Advertising Center
ATI Catalyst Install Manager
Backup Manager Advance
Box Sync
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
Crystal Reports for .NET Framework 2.0 (x86)
D3DX10
Debut Video Capture Software
eBay Worldwide
Express Burn
Fitbit Connect
Gateway Games
Gateway InfoCentre
Gateway MyBackup
Gateway Photo Frame 4.2.3.10
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoZone iSync
Identity Card
ImagXpress
Java 7 Update 45
Java Auto Updater
Junk Mail filter update
LogMeIn
Malwarebytes Anti-Malware version 2.00.0.1000
Marvell Miniport Driver
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft OneDrive
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 2.0
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
NETGEAR WG111v3 wireless USB 2.0 adapter
NETGEAR WNDA3100v2 wireless USB 2.0 adapter
Norton Internet Security
Norton Online Backup
NVIDIA Drivers
Photo Common
Photo Gallery
Polar Daemon
Polar WebSync
QuickBooks
QuickBooks Pro 2014
QuickBooks Runtime Redistributable
Realtek High Definition Audio Driver
SAM PuttLab 2008
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition 
Sp5TTIntXP
Spotify
The Weather Channel App
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
V1 Professional 2009
VideoPad Video Editor
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
VSO Downloader 3.1.1.8
VSO EVE Network Driver version 0.4
VSO Video Converter 1
Welcome Center
Windows Driver Package - YUAN TV DRIVER (cxpl_mhd) Media  (06/22/2009 6.0.64.0059)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.2
.
==== Event Viewer Messages From Past Week ========
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.45.2
Run by Brad at 19:53:29 on 2014-03-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7935.5596 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k yksvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Polar\Daemon\polard.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Users\Brad\AppData\Roaming\Spotify\spotify.exe
C:\Users\Brad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files (x86)\pastaleads\PastaLeadsWinApp.exe
C:\Program Files (x86)\Polar\WebSync\WebSync.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
C:\Program Files (x86)\GoZone\GoZone_iSync.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Brad\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Brad\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Brad\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Brad\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Brad\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
uRun: [spotify] "C:\Users\Brad\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [spotify Web Helper] "C:\Users\Brad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRunOnce: [uninstall C:\Users\Brad\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Brad\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
uRunOnce: [uninstall C:\Users\Brad\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Brad\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
StartupFolder: C:\Users\Brad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GOZONE~1.LNK - C:\Program Files (x86)\GoZone\GoZone_iSync.exe
StartupFolder: C:\Users\Brad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~2.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PASTAQ~1.LNK - C:\Program Files (x86)\pastaleads\PastaLeadsWinApp.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\POLARW~1.LNK - C:\Program Files (x86)\Polar\WebSync\WebSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{2C52AB02-5BEF-408A-BF8F-9440E1781901} : DHCPNameServer = 168.94.0.14 168.94.0.15
TCP: Interfaces\{983368E5-366B-4586-B57C-F846C132AB5D} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{983368E5-366B-4586-B57C-F846C132AB5D}\1427961602444354236433 : DHCPNameServer = 192.168.240.1
TCP: Interfaces\{9ED09563-80C9-4FB2-9CE3-3671935757D8} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2013-7-30 25056]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1008030.006\SymEFA64.sys [2011-10-10 402992]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\NISx64\1008030.006\BHDrvx64.sys [2011-10-10 334384]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1008030.006\cchpx64.sys [2011-10-10 561800]
R1 Eve;EVE Protocol Driver;C:\Windows\System32\drivers\eve.sys [2013-10-24 41304]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSviA64.sys [2010-3-26 466992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-22 203264]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2013-10-2 1384992]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-3-1 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-4-28 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-3-25 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-3-25 857912]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-10-10 117648]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208]
R2 Polar Daemon;Polar Daemon;C:\Program Files (x86)\Polar\Daemon\polard.exe [2012-12-12 419536]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2013-12-2 1248256]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-22 240160]
R2 WSWNDA3100v2;WSWNDA3100v2;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2013-7-30 303360]
R2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [2009-7-13 27136]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2013-7-30 1256192]
R3 cxpl_mhd;CX23885/7 PCI-E AvStream Video Capture (PalomarMHD);C:\Windows\System32\drivers\y_cx88x.sys [2009-8-22 714752]
R3 debutfilter;Debut Filter Driver v6.20.01;C:\Windows\System32\drivers\debutfilterx64.sys [2013-10-23 33488]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-25 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-3-25 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-3-25 63192]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-15 393216]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-11-15 57840]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-1-10 1512640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8187B.sys [2009-6-10 416768]
S3 SrvHsfPCI;SrvHsfPCI;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-30 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-2 1255736]
.
=============== Created Last 30 ================
.
2014-03-25 23:35:27 -------- d-----w- C:\Windows\en
2014-03-25 23:27:18 6072008 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\c3951f4b1cf488101\onedrivesetup.exe
2014-03-25 23:05:19 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-03-25 23:05:04 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-25 23:05:04 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-03-25 23:05:04 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-25 23:05:04 -------- d-----w- C:\ProgramData\Malwarebytes
2014-03-25 23:05:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-25 07:02:04 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0AABD217-3EE6-410E-8F1F-E779C7E5CB91}\mpengine.dll
2014-03-25 04:17:23 -------- d-----w- C:\Program Files\Conduit
2014-03-25 04:17:22 -------- d-----w- C:\Program Files (x86)\VideoLAN
2014-03-25 04:17:13 -------- d-----w- C:\ProgramData\pastaleads
2014-03-25 04:17:13 -------- d-----w- C:\Program Files (x86)\pastaleads
2014-03-25 04:17:12 -------- d-----w- C:\Users\Brad\AppData\Roaming\ValueApps
2014-03-12 12:48:52 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-12 12:48:52 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-12 12:48:52 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-12 12:48:52 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-05 23:26:03 -------- d-----w- C:\Program Files (x86)\The Weather Channel
2014-03-05 23:25:55 -------- d-----w- C:\Users\Brad\AppData\Local\Downloaded Installations
2014-03-05 23:25:53 -------- d-----w- C:\ProgramData\Oberon Media
.
==================== Find3M  ====================
.
2014-03-12 17:40:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 17:40:13 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-01-10 17:40:12 58560 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2014-01-10 17:31:32 322240 ----a-w- C:\Windows\WLXPGSS.SCR
.
============= FINISH: 19:54:18.58 ===============
 
Link to post
Share on other sites

Hello vballer and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites

OTL logfile created on: 3/28/2014 4:15:51 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = K:\

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16521)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

7.75 Gb Total Physical Memory | 5.40 Gb Available Physical Memory | 69.69% Memory free

15.50 Gb Paging File | 12.84 Gb Available in Paging File | 82.88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 916.41 Gb Total Space | 483.07 Gb Free Space | 52.71% Space Free | Partition Type: NTFS

Drive K: | 1002.22 Mb Total Space | 954.25 Mb Free Space | 95.21% Space Free | Partition Type: FAT

 

Computer Name: BRAD-PC | User Name: Brad | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/03/28 16:13:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- K:\OTL.exe

PRC - [2014/03/18 08:35:12 | 000,027,032 | ---- | M] () -- C:\Program Files (x86)\pastaleads\PastaLeadsWinApp.exe

PRC - [2014/03/05 09:24:48 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

PRC - [2014/03/05 09:24:46 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

PRC - [2014/03/05 09:24:40 | 007,430,968 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

PRC - [2014/01/17 18:26:41 | 006,118,400 | ---- | M] (Spotify Ltd) -- C:\Users\Brad\AppData\Roaming\Spotify\spotify.exe

PRC - [2014/01/17 18:26:41 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\Brad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

PRC - [2014/01/17 18:26:41 | 000,603,648 | ---- | M] () -- C:\Users\Brad\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

PRC - [2013/12/02 17:59:28 | 001,129,288 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

PRC - [2013/12/02 17:57:54 | 001,215,304 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE

PRC - [2013/12/02 17:20:28 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

PRC - [2013/12/02 15:27:20 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

PRC - [2013/11/10 09:55:03 | 000,436,848 | ---- | M] (Virgin HealthMiles Inc.) -- C:\Program Files (x86)\GoZone\GoZone_iSync.exe

PRC - [2013/10/02 13:36:40 | 003,264,544 | R--- | M] (Fitbit, Inc.) -- C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe

PRC - [2013/10/02 13:36:38 | 001,384,992 | R--- | M] (Fitbit, Inc.) -- C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe

PRC - [2013/02/26 17:59:08 | 006,227,512 | ---- | M] () -- C:\Program Files (x86)\Polar\WebSync\WebSync.exe

PRC - [2012/12/12 16:20:18 | 000,419,536 | ---- | M] () -- C:\Program Files (x86)\Polar\Daemon\polard.exe

PRC - [2011/12/14 17:55:40 | 008,453,376 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe

PRC - [2011/12/14 17:53:44 | 000,303,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe

PRC - [2011/09/21 20:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe

PRC - [2009/08/12 18:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

PRC - [2009/08/12 17:58:52 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe

PRC - [2009/07/20 17:07:10 | 000,124,416 | ---- | M] (IOI) -- C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe

PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

PRC - [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2014/03/18 08:35:12 | 000,027,032 | ---- | M] () -- C:\Program Files (x86)\pastaleads\PastaLeadsWinApp.exe

MOD - [2014/02/13 04:30:13 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll

MOD - [2014/02/13 04:29:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll

MOD - [2014/02/13 04:29:45 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll

MOD - [2014/02/13 04:29:27 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll

MOD - [2014/02/13 04:29:15 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll

MOD - [2014/02/13 04:29:06 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll

MOD - [2014/02/13 04:29:01 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll

MOD - [2014/02/13 04:28:55 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll

MOD - [2014/02/13 04:28:37 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll

MOD - [2014/02/13 04:28:33 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll

MOD - [2014/02/13 04:28:16 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll

MOD - [2014/02/13 04:10:52 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll

MOD - [2014/02/13 04:10:30 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll

MOD - [2014/02/13 04:07:18 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll

MOD - [2014/02/13 04:07:11 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll

MOD - [2014/02/13 04:07:01 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll

MOD - [2014/02/13 04:07:01 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll

MOD - [2014/02/13 04:06:59 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll

MOD - [2014/02/13 04:06:59 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll

MOD - [2014/02/13 04:06:54 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll

MOD - [2014/02/13 04:06:54 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll

MOD - [2014/02/13 04:06:52 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll

MOD - [2014/02/13 04:06:48 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll

MOD - [2014/02/13 04:06:47 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll

MOD - [2014/02/13 04:06:40 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll

MOD - [2014/01/17 18:26:41 | 036,967,424 | ---- | M] () -- C:\Users\Brad\AppData\Roaming\Spotify\Data\libcef.dll

MOD - [2014/01/17 18:26:41 | 000,887,808 | ---- | M] () -- C:\Users\Brad\AppData\Roaming\Spotify\Data\libGLESv2.dll

MOD - [2014/01/17 18:26:41 | 000,603,648 | ---- | M] () -- C:\Users\Brad\AppData\Roaming\Spotify\Data\SpotifyHelper.exe

MOD - [2014/01/17 18:26:41 | 000,109,568 | ---- | M] () -- C:\Users\Brad\AppData\Roaming\Spotify\Data\libEGL.dll

MOD - [2013/12/02 17:58:40 | 000,140,616 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\QBProActiveCore.DLL

MOD - [2013/12/02 17:58:38 | 000,148,296 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\QBMAPILibrary.dll

MOD - [2013/12/02 17:58:34 | 000,021,320 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\QBCompressor.DLL

MOD - [2013/12/02 17:58:24 | 000,043,848 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\mbpopup.dll

MOD - [2013/12/02 17:58:16 | 000,760,648 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\FeaturesBridge.DLL

MOD - [2013/12/02 17:58:16 | 000,621,896 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\FtuEngine.dll

MOD - [2013/12/02 17:58:04 | 000,623,432 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_regex-vc100-mt-1_47.dll

MOD - [2013/12/02 17:58:04 | 000,247,112 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_serialization-vc100-mt-1_47.dll

MOD - [2013/12/02 17:58:00 | 000,578,888 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\BackupLib.dll

MOD - [2013/12/02 15:27:14 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2014\zlib1.dll

MOD - [2013/02/26 17:59:08 | 006,227,512 | ---- | M] () -- C:\Program Files (x86)\Polar\WebSync\WebSync.exe

MOD - [2013/02/26 17:59:06 | 000,110,648 | ---- | M] () -- C:\Program Files (x86)\Polar\WebSync\PTransform.dll

MOD - [2013/02/26 17:59:00 | 003,722,296 | ---- | M] () -- C:\Program Files (x86)\Polar\WebSync\libpolar.dll

MOD - [2011/12/14 17:55:40 | 008,453,376 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe

MOD - [2011/12/14 10:43:04 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll

MOD - [2011/01/14 17:01:02 | 002,142,720 | ---- | M] () -- C:\Program Files (x86)\Polar\WebSync\QtCore4.dll

MOD - [2010/02/10 19:45:48 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Polar\WebSync\imageformats\qgif4.dll

MOD - [2010/02/10 19:45:40 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Polar\WebSync\imageformats\qjpeg4.dll

MOD - [2010/02/10 17:22:16 | 007,971,840 | ---- | M] () -- C:\Program Files (x86)\Polar\WebSync\QtGui4.dll

MOD - [2010/02/10 17:07:32 | 000,929,280 | ---- | M] () -- C:\Program Files (x86)\Polar\WebSync\QtNetwork4.dll

MOD - [2010/02/10 17:06:06 | 000,334,848 | ---- | M] () -- C:\Program Files (x86)\Polar\WebSync\QtXml4.dll

MOD - [2009/06/12 19:37:38 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll

MOD - [2009/06/12 19:37:36 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll

MOD - [2009/02/02 20:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2014/03/01 00:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)

SRV:64bit: - [2009/07/02 01:16:04 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/06/15 05:10:00 | 000,382,976 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\SysNative\yk62x64.dll -- (yksvc)

SRV - [2014/03/12 13:40:14 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/03/05 09:24:48 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2014/03/05 09:24:46 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/12/02 17:20:28 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)

SRV - [2013/12/02 15:27:20 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)

SRV - [2013/12/02 15:27:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)

SRV - [2013/10/02 13:36:38 | 001,384,992 | R--- | M] (Fitbit, Inc.) [Auto | Running] -- C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe -- (Fitbit Connect)

SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2012/12/12 16:20:18 | 000,419,536 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Polar\Daemon\polard.exe -- (Polar Daemon)

SRV - [2011/12/14 17:53:44 | 000,303,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100v2)

SRV - [2011/09/21 20:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)

SRV - [2011/03/01 12:12:30 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)

SRV - [2011/03/01 12:12:26 | 000,373,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)

SRV - [2010/11/08 12:04:20 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)

SRV - [2009/08/12 18:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2009/07/28 15:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)

SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2014/03/28 15:56:33 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)

DRV:64bit: - [2014/03/05 09:26:18 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)

DRV:64bit: - [2014/03/05 09:26:04 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2013/10/23 07:59:22 | 000,033,488 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\debutfilterx64.sys -- (debutfilter)

DRV:64bit: - [2013/03/28 19:50:02 | 000,041,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eve.sys -- (Eve)

DRV:64bit: - [2013/02/05 23:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/12/12 17:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)

DRV:64bit: - [2011/10/10 20:28:28 | 000,561,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\cchpx64.sys -- (ccHP)

DRV:64bit: - [2011/09/21 20:35:58 | 000,279,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symtdi.sys -- (SYMTDI)

DRV:64bit: - [2011/07/22 10:33:48 | 000,025,056 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/01 12:12:48 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/09/17 15:40:06 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV:64bit: - [2010/09/17 15:39:58 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)

DRV:64bit: - [2010/07/15 20:45:42 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)

DRV:64bit: - [2010/01/25 16:10:25 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2010/01/20 17:18:24 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\BHDrvx64.sys -- (BHDrvx64)

DRV:64bit: - [2009/10/22 14:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)

DRV:64bit: - [2009/08/22 01:28:16 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2009/08/22 01:28:16 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SymEFA64.sys -- (SymEFA)

DRV:64bit: - [2009/08/22 01:28:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2009/08/22 01:28:16 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 20:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)

DRV:64bit: - [2009/07/13 20:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)

DRV:64bit: - [2009/07/13 20:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)

DRV:64bit: - [2009/07/02 01:51:28 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/06/22 02:08:30 | 000,714,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\y_cx88x.sys -- (cxpl_mhd)

DRV:64bit: - [2009/06/15 05:10:00 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 17:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (SrvHsfPCI)

DRV:64bit: - [2009/06/10 16:35:46 | 000,416,768 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/04 17:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2009/05/04 12:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)

DRV - [2010/09/17 15:40:06 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)

DRV - [2010/02/07 11:34:26 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2009/10/28 18:37:21 | 000,466,992 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100326.001\IDSviA64.sys -- (IDSVia64)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-3469309329-4221218142-3363908905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-3469309329-4221218142-3363908905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173601109116p0325v125k48i15268

IE - HKU\S-1-5-21-3469309329-4221218142-3363908905-1000\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

IE - HKU\S-1-5-21-3469309329-4221218142-3363908905-1000\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?gd=&ctid=CT3321675&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=2&UP=SPD544AD59-F3CD-4434-BE08-BE4A1324241A&q={searchTerms}&SSPV=

IE - HKU\S-1-5-21-3469309329-4221218142-3363908905-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR

IE - HKU\S-1-5-21-3469309329-4221218142-3363908905-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = https://www.google.com/search?q={searchTerms}

IE - HKU\S-1-5-21-3469309329-4221218142-3363908905-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-3469309329-4221218142-3363908905-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3522.0110: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/13 09:21:53 | 000,000,000 | ---D | M]

 

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},


CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\gcswf32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: Google Drive = C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: NCH EN = C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\

CHR - Extension: NCH EN = C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\nativeMessaging\nmHost

CHR - Extension: Google Wallet = C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: Gmail = C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

 

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-3469309329-4221218142-3363908905-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\S-1-5-21-3469309329-4221218142-3363908905-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [Fitbit Connect] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)

O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)

O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3469309329-4221218142-3363908905-1000..\Run: [Fitbit Connect] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)

O4 - HKU\S-1-5-21-3469309329-4221218142-3363908905-1000..\Run: [spotify] C:\Users\Brad\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)

O4 - HKU\S-1-5-21-3469309329-4221218142-3363908905-1000..\Run: [spotify Web Helper] C:\Users\Brad\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk = C:\Program Files (x86)\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C52AB02-5BEF-408A-BF8F-9440E1781901}: DhcpNameServer = 168.94.0.14 168.94.0.15

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{983368E5-366B-4586-B57C-F846C132AB5D}: DhcpNameServer = 209.18.47.61 209.18.47.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9ED09563-80C9-4FB2-9CE3-3671935757D8}: DhcpNameServer = 209.18.47.61 209.18.47.62

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\intu-help-qb7 - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\qbwc - No CLSID value found

O18:64bit: - Protocol\Handler\symres - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\intu-help-qb7 {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{322d73a5-5a8c-11e3-8801-00016c71007d}\Shell - "" = AutoRun

O33 - MountPoints2\{322d73a5-5a8c-11e3-8801-00016c71007d}\Shell\AutoRun\command - "" = K:\VZW_Software_upgrade_assistant.exe

O33 - MountPoints2\{4ff77bcd-ee69-11df-9765-00016c71007d}\Shell - "" = AutoRun

O33 - MountPoints2\{4ff77bcd-ee69-11df-9765-00016c71007d}\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true

O33 - MountPoints2\{59a309eb-3725-11e1-b83b-00016c71007d}\Shell - "" = AutoRun

O33 - MountPoints2\{59a309eb-3725-11e1-b83b-00016c71007d}\Shell\AutoRun\command - "" = J:\setup.exe -a

O33 - MountPoints2\{74f61c69-98b2-11e0-b131-00016c71007d}\Shell - "" = AutoRun

O33 - MountPoints2\{74f61c69-98b2-11e0-b131-00016c71007d}\Shell\AutoRun\command - "" = J:\TL-Bootstrap.exe

O33 - MountPoints2\{eb7d9dc5-f581-11e2-8556-00016c71007d}\Shell - "" = AutoRun

O33 - MountPoints2\{eb7d9dc5-f581-11e2-8556-00016c71007d}\Shell\AutoRun\command - "" = L:\VZW_Software_upgrade_assistant.exe

O33 - MountPoints2\{fc1de6e1-66d5-11e0-a66e-00016c71007d}\Shell - "" = AutoRun

O33 - MountPoints2\{fc1de6e1-66d5-11e0-a66e-00016c71007d}\Shell\AutoRun\command - "" = J:\TL-Bootstrap.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/03/25 21:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2014/03/25 21:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2014/03/25 19:53:14 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Brad\Desktop\dds.scr

[2014/03/25 19:35:27 | 000,000,000 | ---D | C] -- C:\Windows\en

[2014/03/25 19:05:19 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2014/03/25 19:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2014/03/25 19:05:04 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2014/03/25 19:05:04 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys

[2014/03/25 19:05:04 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2014/03/25 19:05:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware

[2014/03/25 19:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2014/03/25 01:09:45 | 000,000,000 | ---D | C] -- C:\Users\Brad\Desktop\March 25 save

[2014/03/25 00:28:18 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\vlc

[2014/03/25 00:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit

[2014/03/25 00:17:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN

[2014/03/25 00:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\pastaleads

[2014/03/25 00:17:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pastaleads

[2014/03/25 00:17:12 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\ValueApps

[2014/03/05 19:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel

[2014/03/05 19:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Weather Channel

[2014/03/05 19:25:55 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\Downloaded Installations

[2014/03/05 19:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Media

[2014/03/05 19:25:26 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeFrontier

[2013/10/26 11:02:25 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Brad\AppData\Roaming\pcouffin.sys

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/03/28 16:07:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/03/28 15:56:33 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

[2014/03/28 15:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/03/28 12:07:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/03/28 07:38:33 | 000,786,598 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2014/03/28 07:38:33 | 000,665,342 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2014/03/28 07:38:33 | 000,123,150 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2014/03/27 22:17:13 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/03/27 22:17:13 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/03/25 21:14:58 | 000,010,946 | ---- | M] () -- C:\Users\Brad\Documents\cc_20140325_211455.reg

[2014/03/25 21:14:37 | 000,290,164 | ---- | M] () -- C:\Users\Brad\Documents\cc_20140325_211427.reg

[2014/03/25 21:10:05 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2014/03/25 20:44:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/03/25 20:43:43 | 1945,608,191 | -HS- | M] () -- C:\hiberfil.sys

[2014/03/25 19:51:08 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Brad\Desktop\dds.scr

[2014/03/25 19:05:07 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/03/25 08:14:18 | 000,014,336 | ---- | M] () -- C:\Users\Brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2014/03/25 00:25:52 | 000,000,235 | ---- | M] () -- C:\Windows\wininit.ini

[2014/03/25 00:17:34 | 000,000,000 | ---- | M] () -- C:\END

[2014/03/25 00:17:13 | 000,001,986 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PastaQuotes.lnk

[2014/03/13 03:21:25 | 000,440,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2014/03/05 19:26:03 | 000,002,771 | ---- | M] () -- C:\Users\Public\Desktop\Desktop Weather.lnk

[2014/03/05 09:26:18 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys

[2014/03/05 09:26:08 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2014/03/05 09:26:04 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/03/25 21:14:56 | 000,010,946 | ---- | C] () -- C:\Users\Brad\Documents\cc_20140325_211455.reg

[2014/03/25 21:14:30 | 000,290,164 | ---- | C] () -- C:\Users\Brad\Documents\cc_20140325_211427.reg

[2014/03/25 21:10:05 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2014/03/25 19:34:43 | 000,001,312 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk

[2014/03/25 19:29:56 | 000,002,144 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk

[2014/03/25 19:05:07 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/03/25 00:25:52 | 000,000,235 | ---- | C] () -- C:\Windows\wininit.ini

[2014/03/25 00:17:13 | 000,001,986 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PastaQuotes.lnk

[2014/03/05 19:26:03 | 000,002,771 | ---- | C] () -- C:\Users\Public\Desktop\Desktop Weather.lnk

[2014/02/17 18:12:33 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini

[2014/01/31 04:04:17 | 000,799,604 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/10/26 11:02:25 | 000,099,384 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\inst.exe

[2013/10/26 11:02:25 | 000,007,859 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\pcouffin.cat

[2013/10/26 11:02:25 | 000,001,167 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\pcouffin.inf

[2013/08/27 00:50:24 | 000,000,544 | ---- | C] () -- C:\Users\Brad\.powerschool_gradebook.properties

[2013/08/26 21:32:52 | 000,000,012 | ---- | C] () -- C:\Users\Brad\.gradebook_userdict.tlx

[2012/06/26 18:41:04 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat

[2012/03/02 10:07:27 | 000,001,041 | ---- | C] () -- C:\Users\Brad\Documents - Shortcut.lnk

[2011/12/09 15:37:41 | 000,014,336 | ---- | C] () -- C:\Users\Brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/23 18:06:53 | 000,000,000 | ---- | C] () -- C:\Users\Brad\AppData\Roaming\wklnhst.dat

 

========== ZeroAccess Check ==========

 

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2010/02/01 16:10:05 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\ISG

[2010/02/02 13:51:23 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Packard Bell

[2014/01/13 20:49:17 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Polar WebSync

[2014/03/28 14:58:46 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Spotify

[2010/03/13 10:56:24 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\v1

[2014/03/25 19:17:28 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\ValueApps

[2013/10/26 11:02:25 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Vso

[2010/02/24 14:15:40 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\WildTangent

 

========== Purity Check ==========

 

 

 

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 3/28/2014 4:15:51 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = K:\

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16521)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

7.75 Gb Total Physical Memory | 5.40 Gb Available Physical Memory | 69.69% Memory free

15.50 Gb Paging File | 12.84 Gb Available in Paging File | 82.88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 916.41 Gb Total Space | 483.07 Gb Free Space | 52.71% Space Free | Partition Type: NTFS

Drive K: | 1002.22 Mb Total Space | 954.25 Mb Free Space | 95.21% Space Free | Partition Type: FAT

 

Computer Name: BRAD-PC | User Name: Brad | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

 

[HKEY_USERS\S-1-5-21-3469309329-4221218142-3363908905-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{004375B0-78EB-419D-B267-A1980ECAABC4}" = rport=139 | protocol=6 | dir=out | app=system | 

"{1C5269D4-192D-4FDF-A79B-06A86CEAA050}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{2AB39B62-6A82-4155-BB35-70EA3405EE3D}" = lport=137 | protocol=17 | dir=in | app=system | 

"{5BF852C0-1D11-41C8-B9B1-8BAF96299C40}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{601FCCA4-9C77-4F31-8278-0656C37B1007}" = rport=445 | protocol=6 | dir=out | app=system | 

"{62C9D3C0-5640-4AB6-94CE-DC9997CA903A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{74C58757-9006-4513-BB1B-9DBB6D9F598A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{76FC54FB-E04C-415E-9784-4505D78724B6}" = lport=445 | protocol=6 | dir=in | app=system | 

"{7F5E609A-ED1E-4D2C-85E9-2B98B996A49A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{A5BE40D5-796C-4EB6-B87B-2196CF61629A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{C0B92F21-6696-48B4-8484-A133D4A3CD89}" = lport=138 | protocol=17 | dir=in | app=system | 

"{C8D19F87-90C2-426E-8E92-F807FF5A554D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{CAE521D0-BCC6-4F0D-AC52-69875746F166}" = rport=137 | protocol=17 | dir=out | app=system | 

"{E024A490-433C-445C-B006-37E76E31D4DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{E1C33B29-3FA7-483B-AFE1-79F9FCF70B9A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 

"{F2D12259-B16C-436D-BBC9-EAEF6E3D4FEB}" = lport=139 | protocol=6 | dir=in | app=system | 

"{FD06ACAF-140C-46A0-B1F6-668047D18212}" = rport=138 | protocol=17 | dir=out | app=system | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{2312864F-2807-46A2-9C27-057387778B0A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{4E88120D-B8EC-42EF-A6C8-1C450258C690}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{5B0677D4-35A2-40E2-A97F-474890399021}" = protocol=17 | dir=in | app=c:\program files (x86)\vso\vso downloader\3\vsodownloader.exe | 

"{640A6A18-19F7-4FBE-87C3-8694F683DAB4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{65904BF5-741F-4B14-9AF9-62251680BCBB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 

"{6F2E248F-0435-43BE-911E-742B7613493D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{72709214-376D-4C04-827F-DDD5C1C59918}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{7C988D0B-430F-4F6D-9396-DC5CBB6C5ABD}" = dir=in | app=c:\users\brad\appdata\local\microsoft\skydrive\skydrive.exe | 

"{84D2BE98-05E1-497D-BF24-25C0A530A4AC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{999E43E2-9431-4429-837C-BA92BFCA7A8D}" = protocol=6 | dir=in | app=c:\program files (x86)\vso\vso downloader\3\vsodownloader.exe | 

"{9DD46385-BF60-453A-8715-0DA3488A0D96}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 

"{FD200359-372F-410A-8E1C-0F444A4D2BDF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{FF99CD61-0E6C-43BC-A885-6251DFF1C602}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 

"{FFDF9278-0DBA-4E82-ACF3-654FFF694F31}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"TCP Query User{16AA702B-942C-4A56-AFA5-CEDB2EBACE74}C:\program files (x86)\sam puttlab 2008\puttlab.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sam puttlab 2008\puttlab.exe | 

"TCP Query User{7AC5C9AF-2F4E-4974-850F-227467C0DA89}C:\windows\syswow64\searchprotocolhost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\searchprotocolhost.exe | 

"TCP Query User{8FC22C4A-F4C7-4616-92AD-E132709233C3}C:\program files (x86)\microsoft office\office12\outlook.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 

"TCP Query User{ECF5250D-8204-4993-9916-EB714ED48AFD}C:\users\brad\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\brad\appdata\roaming\spotify\spotify.exe | 

"UDP Query User{04B3773B-BBAE-42A1-9711-03194FBDE94A}C:\users\brad\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\brad\appdata\roaming\spotify\spotify.exe | 

"UDP Query User{55DC19F2-79E2-4B08-8974-946808624134}C:\windows\syswow64\searchprotocolhost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\searchprotocolhost.exe | 

"UDP Query User{9E02884D-BC28-4846-8616-264AB07BCF3A}C:\program files (x86)\microsoft office\office12\outlook.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 

"UDP Query User{DCF8A264-708D-4B84-9A21-67EACF359E28}C:\program files (x86)\sam puttlab 2008\puttlab.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sam puttlab 2008\puttlab.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{1F9241E8-87C1-FB9C-5D76-3FF7D0318A87}" = ATI Catalyst Install Manager

"{2B1C6CB4-4470-4D57-91E0-83986DCEB5DA}" = Windows Live Family Safety

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{C6E57DC0-5699-47D4-9263-CEE00A4BB1FC}" = Windows Live MIME IFilter

"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant

"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64

"{EBAE9144-AF3E-4AF5-B45F-64896D651E27}" = ccc-utility64

"{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}" = QuickBooks Runtime Redistributable

"7F4303078887B33BF9E472598BB463CBE007C68E" = Windows Driver Package - YUAN TV DRIVER (cxpl_mhd) Media  (06/22/2009 6.0.64.0059)

"CCleaner" = CCleaner

"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"NVIDIA Drivers" = NVIDIA Drivers

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{{5289246A-D537-4823-88C2-38C17840E45A}_is1" = VSO Video Converter 1

"{03E830A5-822B-D6FB-3257-E1E6A188CF22}" = Catalyst Control Center Graphics Full Existing

"{098D994D-620E-4CEF-BB33-5A446A6F9C7B}" = V1 Professional 2009

"{0B30D22F-AB4F-9379-CDE1-3019D68D72B7}" = CCC Help Chinese Traditional

"{0E4AD541-61D5-0DF8-44C9-797C3EEBDE2C}" = CCC Help English

"{167158CE-1637-4167-8A1C-C2549EEA966A}" = The Weather Channel App

"{16E46BCF-3D36-4353-9BCB-344F7812CEDE}" = Photo Gallery

"{17B5E42B-670F-BE6A-7CBE-B9DFF74D81DC}" = CCC Help Norwegian

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1AC41DC5-DD17-41D7-AE0B-139A9D2725EC}_is1" = VSO EVE Network Driver version 0.4

"{1D359627-1E53-8D9B-46A6-242B1D7A8B9D}" = CCC Help Turkish

"{1F9E8447-9B82-45D5-A6D7-2A4CB874111F}" = Windows Live Mail

"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help

"{21C205CD-3770-9454-ECC1-88BB0E2AD807}" = Catalyst Control Center Localization All

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help

"{244C6FE3-82BC-D9F0-91F9-D9909E926FCE}" = CCC Help Greek

"{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0

"{24758B1D-9345-4538-A69A-05660F63A296}" = Junk Mail filter update

"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{28E941CF-3D09-C540-07FF-81FDB66E8BC9}" = CCC Help Swedish

"{2BA9320D-E061-4C71-ACCB-AC0E9D4FC82B}" = Polar Daemon

"{2C4A0A98-66EA-427A-46B4-FED4A141E4CE}" = Catalyst Control Center Graphics Full New

"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance

"{320453EE-6AEA-4E1A-8E64-72F33C0C928F}" = Polar WebSync

"{32F898BE-7D45-EBC2-29F3-B0B704CC8FBB}" = ccc-core-static

"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed

"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime

"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter

"{41ACCBEB-F6BD-B9DF-8CCE-32A70F14432B}" = Catalyst Control Center Graphics Previews Vista

"{424104AD-BEC6-441D-ADE9-F6662FEEA4BA}" = QuickBooks

"{4260CAAE-D108-4223-A1C5-96B67062FE86}" = Windows Live Installer

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}" = QuickBooks Pro 2014

"{4A5FF1B1-7C05-19F4-17D7-B1809CDFA0CD}" = CCC Help Polish

"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth

"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM

"{4D6873BC-73C0-487D-A4B4-BA78D9EF465C}" = Catalyst Control Center - Branding

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{59307833-CB98-4440-B644-0CD352F61907}" = Windows Live PIMT Platform

"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress

"{65179FD8-04C0-40A7-87FC-007F2CD5BF1E}" = LogMeIn

"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works

"{708FC368-197E-1AAB-8018-49AC1BA28B34}" = CCC Help Hungarian

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72D9236D-C6EA-4DA6-A18C-CC24521A70D4}" = Windows Live Mail

"{764182F2-8B5E-5B6B-A439-02D06550F663}" = CCC Help Dutch

"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart

"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)

"{7C0791D9-F1FB-48DD-B8E4-662BDAE42357}" = Windows Live Messenger

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management

"{80E311AD-3A9C-45C7-A403-8FF3F7609764}" = Windows Live Writer

"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help

"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed

"{87CE7117-D736-8108-AD6A-4F0D117E94B6}" = CCC Help Spanish

"{888934B4-09FC-4CB3-2AA4-87C2F5030C79}" = CCC Help Finnish

"{8C22A294-DBBA-445F-B55C-E26817CCFE69}" = Movie Maker

"{8C617D96-CDAA-9025-AAEA-659B477B4B7C}" = CCC Help Czech

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110

"{8e9411dc-a75a-4829-a892-41b5cb72bd8a}" = Box Sync

"{8F66BFDE-B213-48E2-93EF-7151277A2916}" = Windows Live SOXE Definitions

"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92E5F54C-888C-51E5-A388-7B360B174311}" = CCC Help Russian

"{94532CD5-C66D-49E3-9131-5FB04D7647A1}" = Windows Live UX Platform

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{952D22C8-CA9F-65ED-B7C3-7CEDC08121E7}" = Catalyst Control Center Core Implementation

"{9797D7BA-A333-4DF1-AF55-AC745D216EDB}" = Windows Live Writer

"{983FA94A-A7DD-40B1-B7F9-F45D2B4FD1DE}" = Windows Live Photo Common

"{99E82553-9654-4FB7-8DB3-900C0FDB1A70}" = Windows Live Writer Resources

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A018A4CE-0D6F-BEB5-EDC2-D9386B2BF1B3}" = Catalyst Control Center Graphics Light

"{A04C1E78-8EC0-7A07-FDA7-843920FE9D36}" = CCC Help Japanese

"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A2F4B74E-D722-4D9E-817B-F58F32A55A51}" = Windows Live UX Platform Language Pack

"{A59A15E8-2B9B-490D-916E-D608A9D0D295}" = Windows Live Writer

"{A7A39878-C21D-D6D5-0F34-A01FF3E79B7F}" = CCC Help Korean

"{A7CD6CCE-C2BC-3B61-F0CC-A842F02FB6C0}" = CCC Help Italian

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9FFEC6C-9C44-4597-8E23-EDD78BF5D0B2}" = Windows Live Communications Platform

"{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide

"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center

"{B3576D1B-5763-4E8C-43CE-1B6908D0B22D}" = CCC Help German

"{B672D77A-8BA3-24EF-3421-8FB8E35E2A8D}" = Catalyst Control Center InstallProxy

"{B951569A-7EC8-CF90-74AF-53610BC15097}" = CCC Help Chinese Standard

"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter

"{C201BDF9-1C27-46F8-A248-F4469C9FC27C}" = Photo Common

"{C257E096-67B0-4122-98F3-EE0D8798E03B}" = Fitbit Connect

"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup

"{C68F1F36-9B04-2CC8-15A4-DC9606E760EB}" = CCC Help Danish

"{C87DF7BB-4F5C-4BBE-B041-A59FFF4A1D07}" = Windows Live SOXE

"{C95AEB53-7FAE-4257-97AF-7136E8D9F9CA}" = Movie Maker

"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade

"{dee20f07-04f7-40f0-99bd-afcbd8377f0d}" = Nero 9 Essentials

"{DF7DC45D-8A3C-490C-A70F-8C6A6189EDF9}" = Photo Gallery

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E48E84C5-7599-4CBD-9900-8BCB9A2A2FFA}_is1" = VSO Downloader 3.1.1.8

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help

"{E5E83E00-1144-4821-B6B6-7A16C41EFC39}" = Windows Live Messenger

"{E647D018-2209-C4B6-493F-ECB57E6620D1}" = CCC Help French

"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer

"{ED58D367-6FB9-4C00-AD81-F5B4CF96845D}" = Windows Live Family Safety

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater

"{EF2E00AB-F454-C823-0408-8F2098F2CDCB}" = CCC Help Portuguese

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter

"{F9EB0701-776E-BF9F-5B57-760A16422520}" = CCC Help Thai

"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool

"{FCEDADE3-1C8A-4858-BE93-360168178BB2}" = Windows Live Essentials

"{FE8E36D7-534D-450F-9ADB-4E027990A38E}" = Sp5TTIntXP

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX

"Debut" = Debut Video Capture Software

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ExpressBurn" = Express Burn

"Gateway InfoCentre" = Gateway InfoCentre

"Gateway Photo Frame" = Gateway Photo Frame 4.2.3.10

"Gateway Registration" = Gateway Registration

"Gateway Screensaver" = Gateway ScreenSaver

"Gateway Welcome Center" = Welcome Center

"Google Chrome" = Google Chrome

"GoZone iSync" = GoZone iSync

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Identity Card" = Identity Card

"InstallShield_{098D994D-620E-4CEF-BB33-5A446A6F9C7B}" = V1 Professional 2009

"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Gateway MyBackup

"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.00.0.1000

"Marvell Miniport Driver" = Marvell Miniport Driver

"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime

"NIS" = Norton Internet Security

"SAM PuttLab 2008" = SAM PuttLab 2008

"VideoPad" = VideoPad Video Editor

"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime

"WildTangent gateway Master Uninstall" = Gateway Games

"WinLiveSuite" = Windows Live Essentials

"WinPcapInst" = WinPcap 4.1.2

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-3469309329-4221218142-3363908905-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"OneDriveSetup.exe" = Microsoft OneDrive

"Spotify" = Spotify

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 10/11/2013 12:30:31 AM | Computer Name = Brad-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

 Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value

 "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

 "version" in element "assemblyIdentity" is invalid.

 

Error - 10/11/2013 12:31:07 AM | Computer Name = Brad-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".

Dependent

 Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

 could not be found.  Please use sxstrace.exe for detailed diagnosis.

 

Error - 10/11/2013 12:31:07 AM | Computer Name = Brad-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".

Dependent

 Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

 could not be found.  Please use sxstrace.exe for detailed diagnosis.

 

Error - 10/11/2013 12:31:07 AM | Computer Name = Brad-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".

Dependent

 Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

 could not be found.  Please use sxstrace.exe for detailed diagnosis.

 

Error - 10/11/2013 12:31:08 AM | Computer Name = Brad-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".

Dependent

 Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

 could not be found.  Please use sxstrace.exe for detailed diagnosis.

 

Error - 10/12/2013 12:30:32 AM | Computer Name = Brad-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

 Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

 Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value

 "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

 "version" in element "assemblyIdentity" is invalid.

 

Error - 10/12/2013 12:31:15 AM | Computer Name = Brad-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".

Dependent

 Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

 could not be found.  Please use sxstrace.exe for detailed diagnosis.

 

Error - 10/12/2013 12:31:15 AM | Computer Name = Brad-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".

Dependent

 Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

 could not be found.  Please use sxstrace.exe for detailed diagnosis.

 

Error - 10/12/2013 12:31:15 AM | Computer Name = Brad-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".

Dependent

 Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

 could not be found.  Please use sxstrace.exe for detailed diagnosis.

 

Error - 10/12/2013 12:31:15 AM | Computer Name = Brad-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".

Dependent

 Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

 could not be found.  Please use sxstrace.exe for detailed diagnosis.

 

[ Media Center Events ]

Error - 11/8/2013 10:17:17 AM | Computer Name = Brad-PC | Source = MCUpdate | ID = 0

Description = 9:17:16 AM - Error connecting to the internet.  9:17:16 AM -     Unable

 to contact server..  

 

Error - 11/8/2013 11:18:44 AM | Computer Name = Brad-PC | Source = MCUpdate | ID = 0

Description = 10:18:43 AM - Error connecting to the internet.  10:18:43 AM -     Unable

 to contact server..  

 

Error - 11/8/2013 12:19:34 PM | Computer Name = Brad-PC | Source = MCUpdate | ID = 0

Description = 11:19:33 AM - Error connecting to the internet.  11:19:33 AM -     Unable

 to contact server..  

 

Error - 12/13/2013 9:28:22 AM | Computer Name = Brad-PC | Source = MCUpdate | ID = 0

Description = 8:28:20 AM - Error connecting to the internet.  8:28:20 AM -     Unable

 to contact server..  

 

Error - 12/13/2013 10:29:13 AM | Computer Name = Brad-PC | Source = MCUpdate | ID = 0

Description = 9:29:12 AM - Error connecting to the internet.  9:29:12 AM -     Unable

 to contact server..  

 

Error - 12/13/2013 11:30:03 AM | Computer Name = Brad-PC | Source = MCUpdate | ID = 0

Description = 10:30:02 AM - Error connecting to the internet.  10:30:02 AM -     Unable

 to contact server..  

 

Error - 12/17/2013 9:31:14 AM | Computer Name = Brad-PC | Source = MCUpdate | ID = 0

Description = 8:31:13 AM - Error connecting to the internet.  8:31:13 AM -     Unable

 to contact server..  

 

Error - 12/17/2013 10:32:05 AM | Computer Name = Brad-PC | Source = MCUpdate | ID = 0

Description = 9:32:04 AM - Error connecting to the internet.  9:32:04 AM -     Unable

 to contact server..  

 

Error - 12/17/2013 11:32:55 AM | Computer Name = Brad-PC | Source = MCUpdate | ID = 0

Description = 10:32:54 AM - Error connecting to the internet.  10:32:54 AM -     Unable

 to contact server..  

 

Error - 12/17/2013 12:33:45 PM | Computer Name = Brad-PC | Source = MCUpdate | ID = 0

Description = 11:33:44 AM - Error connecting to the internet.  11:33:44 AM -     Unable

 to contact server..  

 

[ System Events ]

Error - 3/25/2014 1:06:50 AM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7000

Description = The PastaQuotes service failed to start due to the following error:

   %%1053

 

Error - 3/25/2014 2:03:27 AM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the PastaQuotes

 service to connect.

 

Error - 3/25/2014 2:03:27 AM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7000

Description = The PastaQuotes service failed to start due to the following error:

   %%1053

 

Error - 3/25/2014 2:38:05 AM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7022

Description = The PastaQuotes service hung on starting.

 

Error - 3/25/2014 2:57:45 AM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

 response from the ShellHWDetection service.

 

Error - 3/25/2014 8:21:26 AM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the PastaQuotes

 service to connect.

 

Error - 3/25/2014 8:21:26 AM | Computer Name = Brad-PC | Source = Service Control Manager | ID = 7000

Description = The PastaQuotes service failed to start due to the following error:

   %%1053

 

Error - 3/25/2014 9:21:55 PM | Computer Name = Brad-PC | Source = DCOM | ID = 10016

Description = 

 

Error - 3/25/2014 9:22:00 PM | Computer Name = Brad-PC | Source = DCOM | ID = 10016

Description = 

 

Error - 3/25/2014 9:30:26 PM | Computer Name = Brad-PC | Source = DCOM | ID = 10016

Description = 

 

 

< End of report >

Link to post
Share on other sites

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

    IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

    IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877

    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877

    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3469309329-4221218142-3363908905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

    IE - HKU\S-1-5-21-3469309329-4221218142-3363908905-1000\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

    IE - HKU\S-1-5-21-3469309329-4221218142-3363908905-1000\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?gd=&ctid=CT3321675&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=2&UP=SPD544AD59-F3CD-4434-BE08-BE4A1324241A&q={searchTerms}&SSPV=

    CHR - homepage: http://search.conduit.com/?gd=&ctid=CT3321675&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=55&CUI=&UM=2&UP=SPD544AD59-F3CD-4434-BE08-BE4A1324241A&SSPV=

    CHR - Extension: NCH EN = C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\

    CHR - Extension: NCH EN = C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\nativeMessaging\nmHost

    :files

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 2

Please run a Quick Scan with Malwarebytes and post the log:

Open up Malwarebytes => Settings Tab => Scanner Settings => Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

In your next reply, post the following log files:

  • OTL Fix log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

All processes killed

Error: Unable to interpret <------------ QUOTE ----------> in the current context!

========== OTL ==========

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKU\S-1-5-21-3469309329-4221218142-3363908905-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKEY_USERS\S-1-5-21-3469309329-4221218142-3363908905-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-3469309329-4221218142-3363908905-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.

Use Chrome's Settings page to change the HomePage.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\_locales\en folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\_locales folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\toolbarImages folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\sl folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\lib\jquery.jscrollpane folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\lib\jquery.alerts\images folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\lib\jquery.alerts folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\lib folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\core folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\WEATHER\js folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\WEATHER\css folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\WEATHER folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\TWITTER\js folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\TWITTER\img folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\TWITTER folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\SEARCH\view\style folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\SEARCH\view\script folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\SEARCH\view folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\SEARCH\resources folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\SEARCH\js folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\SEARCH\Css folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\SEARCH\buildSettings folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\SEARCH folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\RADIO_PLAYER\js folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\RADIO_PLAYER\css folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\RADIO_PLAYER folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\PRICE_GONG\images folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\PRICE_GONG\css folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\PRICE_GONG\agreement folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\PRICE_GONG folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\Optimizer\js folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\Optimizer folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\NOTIFICATION\js folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\NOTIFICATION\images\light folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\NOTIFICATION\images folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\NOTIFICATION\css folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\NOTIFICATION folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\MULTI_RSS\js folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\MULTI_RSS\img folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\MULTI_RSS\css folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\MULTI_RSS folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\HIGHLIGHTER\js folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\HIGHLIGHTER\css folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\HIGHLIGHTER folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa\APPLICATION_BUTTON folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\wa folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\ui\menu\js folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\ui\menu\img folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\ui\menu\css folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\ui\menu folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\ui\gf\js folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\ui\gf\img folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\ui\gf\css folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\ui\gf folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\ui\gadgetFrame folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\ui\dlg\restart\images folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\ui\dlg\restart folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\ui\dlg\ftd\images folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\ui\dlg\ftd folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\ui\dlg folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\ui folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\sp\spsd\images folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\sp\spsd folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\sp\spbd\images folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\sp\spbd folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\sp\js folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\sp folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\options\js\resources folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\options\js folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\options\images folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\options\css folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\options folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\msd folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\api folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\ac\res folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\ac\img folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\ac\css folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\ac folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\aboutBox\js folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\aboutBox\images folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al\aboutBox folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb\al folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\tb folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\Search\NewTabPages\js folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\Search\NewTabPages\img folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\Search\NewTabPages\html folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\Search\NewTabPages\css folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\Search\NewTabPages\API folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\Search\NewTabPages folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\Search\html folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\Search folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\plugins folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\nativeMessaging folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\mam\scripts\contentScripts folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\mam\scripts folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\mam folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\js\toolbarAPI folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\js\tabs\back folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\js\tabs folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\js\options folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\js\lib folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\js folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\APISupport folder moved successfully.

C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0 folder moved successfully.

File C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\nativeMessaging\nmHost not found.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Brad\Desktop\cmd.bat deleted successfully.

C:\Users\Brad\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Brad

->Temp folder emptied: 85747330 bytes

->Temporary Internet Files folder emptied: 137599 bytes

->Java cache emptied: 12737802 bytes

->Google Chrome cache emptied: 856432 bytes

->Flash cache emptied: 648 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 10889 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1780002 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42413470 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 137.00 mb

 

Error: Unable to interpret <-----------------------------> in the current context!

 

OTL by OldTimer - Version 3.2.69.0 log created on 03292014_114628

 

Files\Folders moved on Reboot...

C:\Users\Brad\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Users\Brad\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

File\Folder C:\Windows\temp\JETE82C.tmp not found!

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
Link to post
Share on other sites

This script is not worked as it should, because when you copy it, you marked the word "Quote". The script should looks like this in OTL when you pasted:

:OTL

IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8877;https=127.0.0.1:8877

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3469309329-4221218142-3363908905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-3469309329-4221218142-3363908905-1000\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

IE - HKU\S-1-5-21-3469309329-4221218142-3363908905-1000\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...BE4A1324241A&q={searchTerms}&SSPV=

CHR - homepage: http://search.condui...A1324241A&SSPV=

CHR - Extension: NCH EN = C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\

CHR - Extension: NCH EN = C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\nativeMessaging\nmHost

:files

ipconfig /flushdns /c

:Commands

[emptytemp]

Link to post
Share on other sites

Sorry about that:)

 

Here is the new log:

All processes killed
========== OTL ==========
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-3469309329-4221218142-3363908905-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKEY_USERS\S-1-5-21-3469309329-4221218142-3363908905-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3469309329-4221218142-3363908905-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Use Chrome's Settings page to change the HomePage.
File C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0 not found.
File C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf\10.26.9.505_0\nativeMessaging\nmHost not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Brad\Desktop\cmd.bat deleted successfully.
C:\Users\Brad\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Brad
->Temp folder emptied: 21454 bytes
->Temporary Internet Files folder emptied: 142811 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03292014_115901
 
Files\Folders moved on Reboot...
C:\Users\Brad\AppData\Local\Temp\03291150-000012c4-23evyyv2oy\Logs.CAB moved successfully.
C:\Users\Brad\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\Brad\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File\Folder C:\Windows\temp\JETACD1.tmp not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
Link to post
Share on other sites

<?xml version="1.0" encoding="UTF-16"?>

 

-<mbam-log>

 

 

-<header>

 

<date>2014/03/29 12:16:15 -0400</date>

 

<log>mbam-log-2014-03-29 (12-03-10).xml</log>

 

<isadmin>yes</isadmin>

 

</header>

 

 

-<engine>

 

<version>2.00.0.1000</version>

 

<rules-database>v2014.03.29.02</rules-database>

 

<swissarmy-database>v2014.03.27.01</swissarmy-database>

 

<license>trial</license>

 

<file-protection>enabled</file-protection>

 

<web-protection>enabled</web-protection>

 

<self-protection>disabled</self-protection>

 

</engine>

 

 

-<system>

 

<osversion>Windows 7 Service Pack 1</osversion>

 

<arch>x64</arch>

 

<username>Brad</username>

 

<filesys>NTFS</filesys>

 

</system>

 

 

-<summary>

 

<type>threat</type>

 

<result>completed</result>

 

<objects>249240</objects>

 

<time>783</time>

 

<processes>0</processes>

 

<modules>0</modules>

 

<keys>0</keys>

 

<values>0</values>

 

<datas>0</datas>

 

<folders>0</folders>

 

<files>0</files>

 

<sectors>0</sectors>

 

</summary>

 

 

-<options>

 

<memory>enabled</memory>

 

<startup>enabled</startup>

 

<filesystem>enabled</filesystem>

 

<archives>enabled</archives>

 

<rootkits>enabled</rootkits>

 

<deeprootkit>disabled</deeprootkit>

 

<shuriken>enabled</shuriken>

 

<pup>enabled</pup>

 

<pum>enabled</pum>

 

</options>

 

<items> </items>

 

</mbam-log>

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.