WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

sweetpack malware [Closed]

Started by asexymind , Jun 26 2013 04:20 PM

This topic is locked

11 replies to this topic

#1 asexymind

New Member

Authentic Member
7 posts

Posted 26 June 2013 - 04:20 PM

Thank you for existing.

Note - I ran adwcleaner before I read instructions on how to post. :-( I don't know if that solved the problem - sweetpack went away for a restart or two, but now it is back.

here is my dds file

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by i7-2600 at 15:17:35.26 on Wed 06/26/2013
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.25.2
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16351.12486 [GMT -7:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe
C:\Program Files\Soluto\SolutoLauncherService.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe
c:\program files\soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Ditto\Ditto.exe
C:\Program Files (x86)\Replay Telecorder for Skype\replay_telecorder_skype.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\program files (x86)\evernote\evernote\evernoteclipper.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files (x86)\Xobni\XobniService.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Users\i7-2600\appdata\roaming\dropbox\bin\dropbox.exe
C:\Program Files\SocialFolders\SocialFolders.exe
C:\program files (x86)\line6\gearbox\gearbox.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\i7-2600\Downloads\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://mail.execushield.com/owa/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\IPS\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adobe Acrobat Create PDF from Selection: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: TextAloud: {f053c368-5458-45b2-9b4d-d8914bdddbff} - C:\PROGRA~2\TEXTAL~1\TAForIE.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [AdobeBridge]
uRun: [ISUSPM] -scheduler
uRun: [Ditto] C:\Program Files (x86)\Ditto\Ditto.exe
uRun: [replay_telecorder_skype] C:\Program Files (x86)\Replay Telecorder for Skype\replay_telecorder_skype.exe /start_context sys_auto
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
StartupFolder: C:\Users\i7-2600\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\i7-2600\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Ditto.lnk - C:\Program Files (x86)\Ditto\Ditto.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Skype.lnk - C:\Windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: line6.net
Trusted Zone: samsungsetup.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\PROGRA~2\COMMON~1\JAKSTA~1\AUDIOC~1\jaudcap.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
IE-X64: {7815BE26-237D-41A8-A98F-F7BD75F71086}
AppInit_DLLs-X64: C:\PROGRA~1\COMMON~1\JAKSTA~1\AUDIOC~1\JAUDCA~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\i7-2600\AppData\Roaming\Mozilla\Firefox\Profiles\uyctyank.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\i7-2600\AppData\Local\Citrix\Plugins\94\npappdetector.dll
FF - plugin: C:\Users\i7-2600\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\i7-2600\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\i7-2600\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\i7-2600\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Users\i7-2600\AppData\Roaming\Mozilla\plugins\NPShipRush_FedEx.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-8-27 297000]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-9-10 56208]
R0 Soluto;Soluto;C:\Windows\System32\drivers\Soluto.sys [2013-6-6 54728]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1403010.016\symds64.sys [2013-5-16 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1403010.016\symefa64.sys [2013-5-16 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [2013-6-24 1393240]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\System32\drivers\N360x64\1403010.016\ccsetx64.sys [2013-5-16 168096]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-8-1 41704]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130625.001\IDSviA64.sys [2013-6-25 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1403010.016\ironx64.sys [2013-5-16 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1403010.016\symnets.sys [2013-5-16 432800]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-9-9 133800]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccsvchst.exe [2013-5-16 144520]
R2 SolutoLauncherService;Soluto Launcher Service;C:\Program Files\Soluto\SolutoLauncherService.exe [2013-6-4 182848]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2013-6-4 746048]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-15 4150112]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-13 28832]
R3 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]
R3 DTSAudioService;DTSAudioService;C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [2012-9-17 210024]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\System32\drivers\e1c62x64.sys [2012-9-9 313520]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-5-27 138912]
R3 L6TPortB;Service - Line 6 TonePort UX2;C:\Windows\System32\drivers\L6TPortB64.sys [2010-3-9 894336]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-9-10 56344]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2013-5-7 194488]
R3 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-10 2656280]
R3 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2012-4-9 62184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-9-17 1266464]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-5-11 65640]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-10 256904]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-13 36000]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2011-3-13 51872]
S3 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-13 154272]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-13 280224]
S3 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2012-8-16 222720]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-3 103064]
S3 FedExAdminService;FedEx Administration Service;C:\Program Files (x86)\FedEx\ShipManager\BIN\AdminService.exe [2013-2-8 24576]
S3 FedExLoggingService;FedEx Logging Service;C:\Program Files (x86)\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe [2013-2-8 7168]
S3 FedExShipnetDBService;FedEx Shipnet Database Service;C:\Program Files (x86)\FedEx\ShipManager\SQLAnywhere\Bin32\dbsrv11.exe [2013-2-8 141176]
S3 FedExShipService;FedEx Shipping Engine;C:\Program Files (x86)\FedEx\ShipManager\BIN\ShipEngineService.exe [2013-2-8 5120]
S3 FedExTransactionService;FedEx Transaction Engine;C:\Program Files (x86)\FedEx\ShipManager\BIN\TransEngineService.exe [2013-2-8 6656]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-3-8 37344]
S3 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-9 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-9 136176]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2009-6-10 1192448]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-10 117144]
S3 SolutoRemoteService;Soluto Remote Service;C:\Program Files\Soluto\SolutoRemoteService.exe [2013-6-4 1671680]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-3 203672]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-9-13 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-11 1255736]
.
=============== Created Last 30 ================
.
2013-06-26 22:12:34 388096 ----a-r- C:\Users\i7-2600\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-06-26 22:00:54 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-06-26 21:40:33 -------- d-----w- C:\Users\i7-2600\AppData\Local\NPE
2013-06-24 13:37:42 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 13:26:48 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2013-06-18 04:06:48 -------- d-----w- C:\Program Files (x86)\ABC Amber LIT Converter
2013-06-18 04:05:24 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2013-06-12 23:43:43 -------- d-----w- C:\Program Files (x86)\TweetAdder4
2013-06-06 09:19:48 54728 ----a-w- C:\Windows\System32\drivers\Soluto.sys
2013-06-06 09:19:47 -------- d-----w- C:\Program Files\Soluto
2013-06-04 00:01:40 203672 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2013-06-04 00:01:40 103064 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2013-05-29 17:01:44 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2013-05-28 23:26:59 -------- d-----w- C:\Users\i7-2600\AppData\Roaming\Replay Media Catcher 5
2013-05-28 23:26:59 -------- d-----w- C:\Users\i7-2600\AppData\Local\Replay Media Catcher 5
2013-05-28 23:26:58 -------- d-----w- C:\Users\i7-2600\AppData\Local\Jaksta_Technologies_Pty_L
2013-05-28 23:26:38 -------- d-----w- C:\Program Files (x86)\WinPcap
2013-05-28 23:26:10 -------- d-----w- C:\Program Files\Common Files\Jaksta Technologies
2013-05-28 23:26:10 -------- d-----w- C:\Program Files (x86)\Common Files\Jaksta Technologies
2013-05-28 23:26:10 -------- d-----w- C:\Program Files (x86)\Applian Technologies
.
==================== Find3M ====================
.
2013-06-24 13:37:36 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-24 13:37:36 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-21 09:41:12 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-21 09:41:12 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-13 22:36:12 828872 ----a-w- C:\Windows\System32\msvcr110.dll
2013-05-13 22:36:12 661448 ----a-w- C:\Windows\System32\msvcp110.dll
2013-05-13 22:36:12 354264 ----a-w- C:\Windows\System32\vccorlib110.dll
2013-05-13 22:36:12 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
2013-05-13 22:36:10 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll
2013-05-13 22:36:10 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll
2013-05-13 22:36:06 50864 ----a-w- C:\Windows\System32\drivers\point64.sys
2013-05-02 17:32:04 2274480 ----a-w- C:\Windows\System32\coin94.dll
2013-04-24 16:45:08 113224 ----a-w- C:\Users\i7-2600\g2ax_customer_downloadhelper_win32_x86.exe
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-02 01:20:51 61304 ----a-w- C:\Users\i7-2600\g2mdlhlpx.exe
.
============= FINISH: 15:18:35.01 ===============

Edited by asexymind, 26 June 2013 - 05:58 PM.

Advertisements

Register to Remove

#2 OCD

SuperHelper

Malware Team
5,574 posts

Posted 30 June 2013 - 09:47 AM

Hello asexymind,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

1. Security Check

Download Security Check by screen317 from here or here.

Save it to your Desktop.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

2. aswMBR

Download aswMBR.exe and save it to your desktop.

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================

3. OTL

Download OTL to your desktop.

Make sure all other windows are closed and to let it run uninterrupted.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in

%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
services.*
/md5stop
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
BASESERVICES
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
- You may need two posts to fit them both in.

=========================

Locate the log from AdwCleaner, and post it in your reply. (AdwCleaner.txt)

=========================

In your next post please provide the following:

checkup.txt
aswMBR.txt
attach MBR.zip
OTL.txt
Extras.txt
AdwCleaner.txt
What symptoms are you experiencing?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#3 asexymind

New Member

Authentic Member
7 posts

Posted 30 June 2013 - 10:09 PM

Download Security Check
[*]A Notepad document should open automatically called checkup.txt; please post the contents of that document.
here

Results of screen317's Security Check version 0.99.68
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
HijackThis 2.0.2
Java™ 6 Update 33
Java 7 Update 25
Adobe Flash Player 11.7.700.224
Adobe Reader XI
Mozilla Firefox 21.0 Firefox out of Date!
Google Chrome 27.0.1453.110
Google Chrome 27.0.1453.116
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

Download aswMBR.exe and save it to your desktop.
[*]Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review.

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-30 20:41:24
-----------------------------
20:41:24.759 OS Version: Windows x64 6.1.7601 Service Pack 1
20:41:24.759 Number of processors: 8 586 0x2A07
20:41:24.759 ComputerName: I7-2600-PC UserName: i7-2600
20:41:26.556 Initialize success
20:43:23.195 AVAST engine defs: 13062800
20:44:34.304 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:44:34.305 Disk 0 Vendor: Hitachi_HDS721075CLA332 JP3OA3EA Size: 715404MB BusType: 11
20:44:34.306 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
20:44:34.307 Disk 1 Vendor: Hitachi_HDS5C3020ALA632 ML6OA580 Size: 1907729MB BusType: 11
20:44:34.308 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-3
20:44:34.310 Disk 2 Vendor: Hitachi_HDS5C3020ALA632 ML6OA5C0 Size: 1907729MB BusType: 11
20:44:34.311 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP4T0L0-4
20:44:34.312 Disk 3 Vendor: WDC_WD20EADS-00R6B0 01.00A01 Size: 1907729MB BusType: 11
20:44:34.314 Disk 4 \Device\Harddisk4\DR4 -> \Device\Ide\IdeDeviceP1T0L0-1
20:44:34.315 Disk 4 Vendor: WDC_WD20EADS-00R6B0 01.00A01 Size: 1907729MB BusType: 11
20:44:34.383 Disk 0 MBR read successfully
20:44:34.385 Disk 0 MBR scan
20:44:34.388 Disk 0 Windows 7 default MBR code
20:44:34.391 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 715402 MB offset 2048
20:44:34.435 Disk 0 scanning C:\Windows\system32\drivers
20:44:42.022 Service scanning
20:45:00.741 Modules scanning
20:45:00.744 Disk 0 trace - called modules:
20:45:00.757 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:45:00.759 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800db23790]
20:45:00.761 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800d8e1060]
20:45:03.694 AVAST engine scan C:\Windows
20:45:07.020 AVAST engine scan C:\Windows\system32
20:47:28.794 AVAST engine scan C:\Windows\system32\drivers
20:47:51.118 AVAST engine scan C:\Users\i7-2600
20:59:43.815 AVAST engine scan C:\ProgramData
21:02:30.265 Scan finished successfully
21:04:02.076 Disk 0 MBR has been saved successfully to "C:\Users\i7-2600\Desktop\MBR.dat"
21:04:02.080 The log file has been saved successfully to "C:\Users\i7-2600\Desktop\aswMBR.txt"

more to come...

#4 asexymind

New Member

Authentic Member
7 posts

Posted 30 June 2013 - 10:27 PM

OTL logfile created on: 6/30/2013 9:08:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\i7-2600\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.97 Gb Total Physical Memory | 11.80 Gb Available Physical Memory | 73.92% Memory free
31.93 Gb Paging File | 25.81 Gb Available in Paging File | 80.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.63 Gb Total Space | 239.62 Gb Free Space | 34.30% Space Free | Partition Type: NTFS
Drive D: | 1862.89 Gb Total Space | 235.72 Gb Free Space | 12.65% Space Free | Partition Type: NTFS
Drive E: | 1862.89 Gb Total Space | 12.31 Gb Free Space | 0.66% Space Free | Partition Type: NTFS
Drive G: | 1862.89 Gb Total Space | 1404.30 Gb Free Space | 75.38% Space Free | Partition Type: NTFS
Drive H: | 1862.89 Gb Total Space | 131.52 Gb Free Space | 7.06% Space Free | Partition Type: NTFS

Computer Name: I7-2600-PC | User Name: i7-2600 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\i7-2600\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\i7-2600\Desktop\aswMBR.exe (AVAST Software)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Users\i7-2600\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Replay Telecorder for Skype\replay_telecorder_skype.exe (Applian Technologies Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Program Files (x86)\Xobni\XobniService.exe (Xobni Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Ditto\Ditto.exe ()
PRC - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Line6\GearBox\GearBox.exe (Line 6, Inc.)
PRC - C:\Program Files (x86)\Everything\Everything.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll ()
MOD - C:\Users\i7-2600\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\i7-2600\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\wincfi39.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libtidy.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libxml2.dll ()
MOD - C:\Program Files (x86)\Ditto\Ditto.exe ()
MOD - C:\Program Files (x86)\Ditto\focus.dll ()
MOD - C:\Program Files (x86)\Ditto\sqlite3.dll ()
MOD - C:\Program Files (x86)\Ditto\zlib1.dll ()
MOD - C:\Program Files (x86)\Everything\Everything.exe ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (SolutoLauncherService) -- C:\Program Files\Soluto\SolutoLauncherService.exe (Soluto)
SRV:64bit: - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)
SRV:64bit: - (SolutoRemoteService) -- C:\Program Files\Soluto\SolutoRemoteService.exe (GlavSoft LLC.)
SRV:64bit: - (CrashPlanService) -- C:\Program Files\CrashPlan\CrashPlanService.exe (CrashPlan)
SRV:64bit: - (DTSAudioService) -- C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe (DTS)
SRV:64bit: - (Intel® PROSet Monitoring Service) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (FedExShipService) -- C:\Program Files (x86)\FedEx\ShipManager\BIN\ShipEngineService.exe (FedEx Corporation)
SRV - (FedExAdminService) -- C:\Program Files (x86)\FedEx\ShipManager\BIN\AdminService.exe ()
SRV - (FedExTransactionService) -- C:\Program Files (x86)\FedEx\ShipManager\BIN\TransEngineService.exe (FedEx Corporation)
SRV - (FedExLoggingService) -- C:\Program Files (x86)\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe (FedEx Corporation)
SRV - (FedExShipnetDBService) -- C:\Program Files (x86)\FedEx\ShipManager\SQLAnywhere\Bin32\dbsrv11.exe (iAnywhere Solutions, Inc.)
SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation)
SRV - (XobniService) -- C:\Program Files (x86)\Xobni\XobniService.exe (Xobni Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (DragonSvc) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (Soluto) -- C:\Windows\SysNative\drivers\Soluto.sys (Soluto LTD.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds64.sys (Symantec Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (HssDRV6) -- C:\Windows\SysNative\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnets.sys (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (L6TPortB) -- C:\Windows\SysNative\drivers\L6TPortB64.sys (Line 6)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (AVCSTRM) -- C:\Windows\SysNative\drivers\avcstrm.sys (Microsoft Corporation)
DRV:64bit: - (MSTAPE) -- C:\Windows\SysNative\drivers\mstape.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130630.003\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130630.003\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130628.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130620.001\BHDrvx64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\SysWOW64\FsUsbExDisk.Sys ()
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...mp;sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...mp;sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.execushield.com/owa/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 E0 82 14 1F BA CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B75A5F1-56EA-42DA-81DE-5EEADC4EA7DB}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{57C1E73A-ECCD-4442-ACE7-861237053604}: "URL" = http://search.condui...;ctid=CT3220468
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ASUM_enUS501
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: %7B0113D088-8ED1-468C-B225-585A9C53B5E3%7D:1.0
FF - prefs.js..extensions.enabledAddons: wecarereminder%40bryan:4.1.20.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "http://www.google.co...ogle Search&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\i7-2600\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\i7-2600\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\i7-2600\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\i7-2600\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\i7-2600\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\i7-2600\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/06/29 20:41:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2012/12/17 14:38:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/06/24 05:03:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/26 08:41:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/26 08:41:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/06/17 21:04:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\i7-2600\AppData\Roaming\Mozilla\Extensions
[2013/06/26 14:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\i7-2600\AppData\Roaming\Mozilla\Firefox\Profiles\uyctyank.default\extensions
[2013/06/21 01:05:23 | 000,000,000 | ---D | M] (TopArcadeHits) -- C:\Users\i7-2600\AppData\Roaming\Mozilla\Firefox\Profiles\uyctyank.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}
[2013/05/25 10:30:31 | 000,304,004 | ---- | M] () (No name found) -- C:\Users\i7-2600\AppData\Roaming\Mozilla\Firefox\Profiles\uyctyank.default\extensions\jid1-zUyU7TGKwejAyA@jetpack.xpi
[2013/03/23 09:09:45 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\i7-2600\AppData\Roaming\Mozilla\Firefox\Profiles\uyctyank.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/06/18 07:31:12 | 000,001,793 | ---- | M] () -- C:\Users\i7-2600\AppData\Roaming\Mozilla\Firefox\Profiles\uyctyank.default\searchplugins\Bing.xml
[2013/05/26 08:41:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/26 08:41:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/05/26 08:41:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/26 08:41:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\I7-2600\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UYCTYANK.DEFAULT\EXTENSIONS\WECAREREMINDER@BRYAN

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{g
oogle:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:ins
tantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\i7-2600\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\i7-2600\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\i7-2600\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: ShipRush FedEx (Enabled) = C:\Users\i7-2600\AppData\Roaming\Mozilla\plugins\NPShipRush_FedEx.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
CHR - plugin: AdobeExManDetect (Enabled) = C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Citrix Online Web Deployment Plugin 1.0.0.94 (Enabled) = C:\Users\i7-2600\AppData\Local\Citrix\Plugins\94\npappdetector.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: Entanglement = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Angry Birds = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Bookmark Sentry = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga\1.7.13_0\
CHR - Extension: Speed Dial = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.5.3_0\
CHR - Extension: Facebook Power Editor = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\djicncbfodbeijpfpjjojkfhgbpjnlih\2.0.3_0\
CHR - Extension: Adobe Acrobat - Create PDF = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0\
CHR - Extension: Google Calendar = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: DFT.BA = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbkphofbaaccggenlaodfbgjjjjcgep\2_0\
CHR - Extension: Smartr Inbox for Gmail = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\gakklmehjhhdfjjgnmpkjoemjmeomnli\0.72_0\
CHR - Extension: KustomNote = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbhnopbeccehmeofkcegmekomjhdenp\1.0_0\
CHR - Extension: The QR Code Generator = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.4_0\
CHR - Extension: CircleCount.com = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfehmiknpngmjkhiieampgfppicbncid\2.3.3.2_0\
CHR - Extension: Android Push Contacts = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjljblonahjepdfnkajfieaflndmhok\1_0\
CHR - Extension: Clearly = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\9.3369.163.322_0\
CHR - Extension: Yawas - Web Highlighter = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjlghdmljfgngjdpeaiogebkiilpiimk\2.4.4_0\
CHR - Extension: FVD Video Downloader = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.2.1_0\
CHR - Extension: Yellow highlighter pen for web = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnmengjdnfjbochkdkcjbbpildacancp\1.6_0\
CHR - Extension: Poppit = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Norton Identity Protection = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.2.2_0\
CHR - Extension: AutoPager Chrome = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh\0.8.0.4_0\
CHR - Extension: Pocket (formerly Read It Later) = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.5.4_0\
CHR - Extension: Hover Zoom = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.19_0\
CHR - Extension: Buffer = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh\2.3.22_0\
CHR - Extension: Evernote Web Clipper = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.18_0\
CHR - Extension: InternetHelper3 = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjnnnhampgflieglcelomcofocioegp\10.16.4.512_1\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files (x86)\TextAloud\TAForIE.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Ditto] C:\Program Files (x86)\Ditto\Ditto.exe ()
O4 - HKCU..\Run: [ISUSPM] -scheduler File not found
O4 - HKCU..\Run: [replay_telecorder_skype] C:\Program Files (x86)\Replay Telecorder for Skype\replay_telecorder_skype.exe (Applian Technologies Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7537BC86-7ED5-4C4D-B796-7281825AE781}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\COMMON~1\JAKSTA~1\AUDIOC~1\JAUDCA~1.DLL) - C:\Program Files\Common Files\Jaksta Technologies\Audio Capture\jaudcap64.dll (Jaksta Technologies Pty Ltd)
O20 - AppInit_DLLs: (C:\PROGRA~2\COMMON~1\JAKSTA~1\AUDIOC~1\jaudcap.dll) - C:\Program Files (x86)\Common Files\Jaksta Technologies\Audio Capture\jaudcap.dll (Jaksta Technologies Pty Ltd)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\program files\soluto\soluto.exe /userinit) - c:\program files\soluto\soluto.exe (Soluto)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6b127111-fb0b-11e1-b4a2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6b127111-fb0b-11e1-b4a2-806e6f6e6963}\Shell\AutoRun\command - "" = I:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.pspgru - C:\Windows\SysWow64\PSPGRU.acm (Philips Austria GmbH - Speech Processing)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/06/30 21:05:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\i7-2600\Desktop\OTL.exe
[2013/06/30 20:37:38 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\i7-2600\Desktop\aswMBR.exe
[2013/06/26 15:11:47 | 000,000,000 | ---D | C] -- C:\Users\i7-2600\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/06/26 15:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/06/26 15:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2013/06/26 14:40:33 | 000,000,000 | ---D | C] -- C:\Users\i7-2600\AppData\Local\NPE
[2013/06/24 06:37:55 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/06/24 06:37:42 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/06/24 06:27:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2013/06/24 06:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013/06/17 21:06:49 | 000,000,000 | ---D | C] -- C:\Users\i7-2600\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProcessText Group
[2013/06/17 21:06:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABC Amber LIT Converter
[2013/06/17 21:05:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/06/17 21:04:36 | 000,000,000 | ---D | C] -- C:\Users\i7-2600\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits
[2013/06/12 16:43:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TweetAdder4
[2013/06/06 02:19:48 | 000,054,728 | ---- | C] (Soluto LTD.) -- C:\Windows\SysNative\drivers\Soluto.sys
[2013/06/06 02:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto
[2013/06/06 02:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2013/06/04 01:46:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/06/03 17:01:40 | 000,203,672 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2013/06/03 17:01:40 | 000,103,064 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2013/06/03 15:48:34 | 000,000,000 | ---D | C] -- C:\Users\i7-2600\Desktop\android apps list installed
[2013/06/03 12:37:12 | 000,000,000 | ---D | C] -- C:\Users\i7-2600\Desktop\AppBackup

========== Files - Modified Within 30 Days ==========

[2013/06/30 21:12:04 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3515159816-1691858734-4074342213-1000UA.job
[2013/06/30 21:05:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\i7-2600\Desktop\OTL.exe
[2013/06/30 21:04:32 | 000,000,590 | ---- | M] () -- C:\Users\i7-2600\Desktop\MBR.zip
[2013/06/30 21:04:02 | 000,000,512 | ---- | M] () -- C:\Users\i7-2600\Desktop\MBR.dat
[2013/06/30 20:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/30 20:39:15 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\i7-2600\Desktop\aswMBR.exe
[2013/06/30 20:36:40 | 000,890,988 | ---- | M] () -- C:\Users\i7-2600\Desktop\SecurityCheck.exe
[2013/06/30 20:20:47 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/30 20:20:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/30 08:06:44 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3515159816-1691858734-4074342213-1000Core.job
[2013/06/29 20:47:28 | 000,016,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/29 20:47:28 | 000,016,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/29 20:39:23 | 4269,117,438 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/29 19:21:04 | 000,001,456 | ---- | M] () -- C:\Users\i7-2600\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/06/29 07:37:53 | 028,801,149 | ---- | M] () -- C:\Users\i7-2600\Desktop\30 minute x 5 Action set.mp3
[2013/06/29 06:21:47 | 000,002,158 | ---- | M] () -- C:\Users\i7-2600\AppData\Roaming\SAS7_000.DAT
[2013/06/28 19:19:35 | 000,001,414 | ---- | M] () -- C:\Users\i7-2600\Desktop\GOT PPP big picture notes.rtf
[2013/06/27 16:48:41 | 1641,960,305 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/06/27 13:19:28 | 000,183,961 | ---- | M] () -- C:\Users\i7-2600\Desktop\min-site-structure-ideas.jpg
[2013/06/26 17:36:03 | 000,011,776 | ---- | M] () -- C:\Users\i7-2600\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/26 15:12:35 | 000,002,985 | ---- | M] () -- C:\Users\i7-2600\Desktop\HiJackThis.lnk
[2013/06/26 08:28:10 | 000,012,839 | ---- | M] () -- C:\Users\i7-2600\Desktop\outlook category colors keys.jpg
[2013/06/25 16:25:01 | 000,038,320 | ---- | M] () -- C:\Users\i7-2600\Desktop\jackie-agreeing-50-50-more-short-version.JPG
[2013/06/25 16:17:55 | 000,078,197 | ---- | M] () -- C:\Users\i7-2600\Desktop\jackie-agreeing-50-50-3.JPG
[2013/06/25 16:16:33 | 000,165,675 | ---- | M] () -- C:\Users\i7-2600\Desktop\jackie-agreeing-50-50-more.JPG
[2013/06/25 16:10:55 | 000,076,479 | ---- | M] () -- C:\Users\i7-2600\Desktop\jackie danny attempting to agree on equal time with sophia.pdf
[2013/06/25 16:05:06 | 000,103,283 | ---- | M] () -- C:\Users\i7-2600\Desktop\jackie-agreeing-50-50.JPG
[2013/06/25 15:59:01 | 000,107,199 | ---- | M] () -- C:\Users\i7-2600\Desktop\jackie-police-report-2.JPG
[2013/06/25 15:57:19 | 000,108,042 | ---- | M] () -- C:\Users\i7-2600\Desktop\jackie-police-report-1.JPG
[2013/06/25 15:55:22 | 000,110,235 | ---- | M] () -- C:\Users\i7-2600\Desktop\jackie-kidnapping-threat.JPG
[2013/06/24 21:04:45 | 000,038,299 | ---- | M] () -- C:\Users\i7-2600\Desktop\hgd.JPG
[2013/06/24 06:37:38 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/06/24 06:37:36 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/06/24 06:37:36 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/06/24 06:37:36 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/06/24 06:37:36 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/06/24 06:37:36 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/06/21 02:41:12 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/21 02:41:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/19 05:14:55 | 000,000,082 | ---- | M] () -- C:\Users\i7-2600\Desktop\Home Fitness Solutions.url
[2013/06/17 21:11:39 | 000,805,853 | ---- | M] () -- C:\Users\i7-2600\Desktop\Card, Orson Scott - Ender's Saga 4 - Children of the Mind.pdf
[2013/06/17 21:10:48 | 001,103,954 | ---- | M] () -- C:\Users\i7-2600\Desktop\Card, Orson Scott - Ender's Saga 3 - Xenocide.pdf
[2013/06/17 10:40:06 | 000,498,966 | ---- | M] () -- C:\Users\i7-2600\Desktop\Card, Orson Scott - Ender's Saga 5 - Ender's Shadow.lit
[2013/06/17 10:35:28 | 000,565,796 | ---- | M] () -- C:\Users\i7-2600\Desktop\Card, Orson Scott - Ender's Saga 3 - Xenocide.lit
[2013/06/17 10:35:28 | 000,437,570 | ---- | M] () -- C:\Users\i7-2600\Desktop\Card, Orson Scott - Ender's Saga 4 - Children of the Mind.lit
[2013/06/14 11:33:58 | 000,588,097 | ---- | M] () -- C:\Users\i7-2600\Desktop\WWtalk 6-1-13.pdf
[2013/06/12 18:40:50 | 001,023,788 | ---- | M] () -- C:\Users\i7-2600\Desktop\_thenapierbook Followers 2013-06-12.csv
[2013/06/09 15:16:16 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/05 16:44:16 | 006,547,330 | ---- | M] () -- C:\Users\i7-2600\Desktop\130604 Ronn present moment.mp3
[2013/06/05 16:02:31 | 420,141,893 | ---- | M] () -- C:\Users\i7-2600\Desktop\Brian L 130605 the infinite depth of reality.mp4
[2013/06/04 14:40:06 | 000,054,728 | ---- | M] (Soluto LTD.) -- C:\Windows\SysNative\drivers\Soluto.sys
[2013/06/03 18:23:20 | 000,002,896 | ---- | M] () -- C:\{46686752-F6C6-42B4-BF07-91A092A8A418}
[2013/06/03 18:21:58 | 000,002,904 | ---- | M] () -- C:\{13C87B9C-8A18-47DA-8246-B7E787C6CCBA}
[2013/06/03 11:00:43 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013/06/03 10:59:46 | 000,003,616 | ---- | M] () -- C:\{862FBEC2-2D69-455D-896B-9BD26618FF23}
[2013/06/02 21:46:52 | 101,497,553 | ---- | M] () -- C:\Users\i7-2600\Desktop\chilipepper_fall2003.m4v
[2013/06/01 08:55:05 | 000,019,934 | ---- | M] () -- C:\Users\i7-2600\Desktop\IMG_01062013_085421.png
[2013/06/01 08:54:44 | 000,922,989 | ---- | M] () -- C:\Users\i7-2600\Desktop\global-warming-projections-off-the-cuff.jpg

========== Files Created - No Company Name ==========

[2013/06/30 21:04:32 | 000,000,590 | ---- | C] () -- C:\Users\i7-2600\Desktop\MBR.zip
[2013/06/30 21:04:02 | 000,000,512 | ---- | C] () -- C:\Users\i7-2600\Desktop\MBR.dat
[2013/06/30 20:36:38 | 000,890,988 | ---- | C] () -- C:\Users\i7-2600\Desktop\SecurityCheck.exe
[2013/06/29 07:39:47 | 028,801,149 | ---- | C] () -- C:\Users\i7-2600\Desktop\30 minute x 5 Action set.mp3
[2013/06/28 19:19:35 | 000,001,414 | ---- | C] () -- C:\Users\i7-2600\Desktop\GOT PPP big picture notes.rtf
[2013/06/27 13:19:28 | 000,183,961 | ---- | C] () -- C:\Users\i7-2600\Desktop\min-site-structure-ideas.jpg
[2013/06/26 15:00:54 | 000,002,985 | ---- | C] () -- C:\Users\i7-2600\Desktop\HiJackThis.lnk
[2013/06/26 08:28:10 | 000,012,839 | ---- | C] () -- C:\Users\i7-2600\Desktop\outlook category colors keys.jpg
[2013/06/25 16:25:01 | 000,038,320 | ---- | C] () -- C:\Users\i7-2600\Desktop\jackie-agreeing-50-50-more-short-version.JPG
[2013/06/25 16:17:55 | 000,078,197 | ---- | C] () -- C:\Users\i7-2600\Desktop\jackie-agreeing-50-50-3.JPG
[2013/06/25 16:16:33 | 000,165,675 | ---- | C] () -- C:\Users\i7-2600\Desktop\jackie-agreeing-50-50-more.JPG
[2013/06/25 16:10:55 | 000,076,479 | ---- | C] () -- C:\Users\i7-2600\Desktop\jackie danny attempting to agree on equal time with sophia.pdf
[2013/06/25 16:05:06 | 000,103,283 | ---- | C] () -- C:\Users\i7-2600\Desktop\jackie-agreeing-50-50.JPG
[2013/06/25 15:59:00 | 000,107,199 | ---- | C] () -- C:\Users\i7-2600\Desktop\jackie-police-report-2.JPG
[2013/06/25 15:57:19 | 000,108,042 | ---- | C] () -- C:\Users\i7-2600\Desktop\jackie-police-report-1.JPG
[2013/06/25 15:55:21 | 000,110,235 | ---- | C] () -- C:\Users\i7-2600\Desktop\jackie-kidnapping-threat.JPG
[2013/06/24 21:04:45 | 000,038,299 | ---- | C] () -- C:\Users\i7-2600\Desktop\hgd.JPG
[2013/06/19 05:14:55 | 000,000,082 | ---- | C] () -- C:\Users\i7-2600\Desktop\Home Fitness Solutions.url
[2013/06/17 21:11:38 | 000,805,853 | ---- | C] () -- C:\Users\i7-2600\Desktop\Card, Orson Scott - Ender's Saga 4 - Children of the Mind.pdf
[2013/06/17 21:10:47 | 001,103,954 | ---- | C] () -- C:\Users\i7-2600\Desktop\Card, Orson Scott - Ender's Saga 3 - Xenocide.pdf
[2013/06/17 21:10:05 | 000,565,796 | ---- | C] () -- C:\Users\i7-2600\Desktop\Card, Orson Scott - Ender's Saga 3 - Xenocide.lit
[2013/06/17 21:10:05 | 000,498,966 | ---- | C] () -- C:\Users\i7-2600\Desktop\Card, Orson Scott - Ender's Saga 5 - Ender's Shadow.lit
[2013/06/17 21:10:05 | 000,437,570 | ---- | C] () -- C:\Users\i7-2600\Desktop\Card, Orson Scott - Ender's Saga 4 - Children of the Mind.lit
[2013/06/14 11:31:40 | 000,588,097 | ---- | C] () -- C:\Users\i7-2600\Desktop\WWtalk 6-1-13.pdf
[2013/06/12 18:40:50 | 001,023,788 | ---- | C] () -- C:\Users\i7-2600\Desktop\_thenapierbook Followers 2013-06-12.csv
[2013/06/06 00:26:12 | 000,438,637 | ---- | C] () -- C:\Users\i7-2600\Desktop\Speaker for the Dead - Orson Scott Card.epub
[2013/06/06 00:26:10 | 000,630,460 | ---- | C] () -- C:\Users\i7-2600\Desktop\Speaker for the Dead - Orson Scott Card.mobi
[2013/06/05 16:44:03 | 006,547,330 | ---- | C] () -- C:\Users\i7-2600\Desktop\130604 Ronn present moment.mp3
[2013/06/05 15:48:30 | 420,141,893 | ---- | C] () -- C:\Users\i7-2600\Desktop\Brian L 130605 the infinite depth of reality.mp4
[2013/06/03 18:23:06 | 000,002,896 | ---- | C] () -- C:\{46686752-F6C6-42B4-BF07-91A092A8A418}
[2013/06/03 18:21:58 | 000,002,904 | ---- | C] () -- C:\{13C87B9C-8A18-47DA-8246-B7E787C6CCBA}
[2013/06/03 11:00:43 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013/06/03 10:59:45 | 000,003,616 | ---- | C] () -- C:\{862FBEC2-2D69-455D-896B-9BD26618FF23}
[2013/06/02 21:28:45 | 101,497,553 | ---- | C] () -- C:\Users\i7-2600\Desktop\chilipepper_fall2003.m4v
[2013/06/01 08:55:03 | 000,019,934 | ---- | C] () -- C:\Users\i7-2600\Desktop\IMG_01062013_085421.png
[2013/06/01 08:54:41 | 000,922,989 | ---- | C] () -- C:\Users\i7-2600\Desktop\global-warming-projections-off-the-cuff.jpg
[2013/04/24 09:45:08 | 000,113,224 | ---- | C] () -- C:\Users\i7-2600\g2ax_customer_downloadhelper_win32_x86.exe
[2013/04/19 12:10:31 | 000,000,072 | ---- | C] () -- C:\Windows\ANS2000.INI
[2013/04/19 12:10:31 | 000,000,020 | -H-- | C] () -- C:\Windows\akebook.ini
[2013/04/19 12:10:31 | 000,000,004 | -H-- | C] () -- C:\Windows\a3kebook.ini
[2013/03/08 06:17:39 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013/03/08 06:17:39 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2013/01/23 15:28:35 | 000,000,017 | ---- | C] () -- C:\Users\i7-2600\AppData\Local\resmon.resmoncfg
[2012/10/29 13:09:28 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/10/29 13:09:28 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/10/29 13:09:28 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/10/29 13:09:28 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/10/29 13:09:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/10/11 17:28:51 | 000,000,242 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/10/11 17:28:51 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/10/11 17:28:17 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/10/11 17:28:17 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/10/11 17:26:43 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/10/11 14:06:05 | 000,061,304 | ---- | C] () -- C:\Users\i7-2600\g2mdlhlpx.exe
[2012/10/10 16:07:20 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/10/09 19:28:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/10/09 19:25:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012/09/26 09:35:31 | 000,011,776 | ---- | C] () -- C:\Users\i7-2600\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/25 10:32:25 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2012/09/24 06:14:59 | 000,002,158 | ---- | C] () -- C:\Users\i7-2600\AppData\Roaming\SAS7_000.DAT
[2012/09/16 12:36:40 | 000,000,361 | ---- | C] () -- C:\Windows\GearBox.ini
[2012/09/16 10:33:22 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/11 22:23:13 | 000,001,456 | ---- | C] () -- C:\Users\i7-2600\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012/09/10 08:17:39 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/09/10 00:41:35 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/09/09 23:53:44 | 000,044,881 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/09/09 23:46:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/09/09 23:46:48 | 000,030,672 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/09/22 16:23:38 | 000,000,000 | ---D | M] -- C:\Users\i7-2600\AppData\Roaming\Audacity
[2012/10/24 06:31:08 | 000,000,000 | ---D | M] -- C:\Users\i7-2600\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/09/10 15:31:47 | 000,000,000 | ---D | M] -- C:\Users\i7-2600\AppData\Roaming\CrashPlan
[2013/04/24 08:06:01 | 000,000,000 | ---D | M] -- C:\Users\i7-2600\AppData\Roaming\Downloaded Installations
[2013/06/30 20:22:27 | 000,000,000 | ---D | M] -- C:\Users\i7-2600\AppData\Roaming\Dropbox
[2012/09/10 00:26:35 | 000,000,000 | ---D | M] -- C:\Users\i7-2600\AppData\Roaming\FreeCommander
[2012/09/17 05:53:57 | 000,000,000 | ---D | M] -- C:\Users\i7-2600\AppData\Roaming\ID Vault
[2013/06/24 05:03:40 | 000,000,000 | ---D | M] -- C:\Users\i7-2600\AppData\Roaming\IrfanView
[2012/12/09 08:48:28 | 000,000,000 | ---D | M] -- C:\Users\i7-2600\AppData\Roaming\JRT Studio
[2012/09/16 12:04:55 | 000,000,000 | ---D | M] -- C:\Users\i7-2600\AppData\Roaming\Line 6
[2012/11/06 11:04:38 | 000,000,000 | ---D | M] -- C:\Users\i7-2600\AppData\Roaming\Nico Mak Computing
[2012/09/14 13:23:46 | 000,000,000 | ---D | M] -- C:\Users\i7-2600\AppData\Roaming\Nuance
[2012/09/10 11:10:59 | 000,000,000 | ---D | M] -- C:\Users\i7-2600\AppData\Roaming\Opera
[2012/09/14 05:58:46 | 000,000,000 | ---D | M] -- C:\Users\i7-2600\AppData\Roaming\PACE Anti-Piracy
[2013/05/28 16:27:00 | 000,000,000 | ---D | M] -- C:\Users\i7-2600\AppData\Roaming\Replay Media Catcher 5
[2012/12/14 11:05:30 | 000,000,000 | ---D | M] -- C:\Users\i7-2600\AppData\Roaming\Samsung
[2012/09/25 10:49:12 | 000,000,000 | ---D | M] -- C:\Users\i7-2600\AppData\Roaming\ScanSoft
[2013/02/11 08:20:34 | 000,000,000 | ---D | M] -- C:\Users\i7-2600\AppData\Roaming\SolidDocuments
[2012/09/14 13:36:17 | 000,000,000 | ---D | M] -- C:\Users\i7-2600\AppData\Roaming\Soluto
[2012/09/16 11:34:02 | 000,000,000 | ---D | M] -- C:\Users\i7-2600\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/01/17 11:11:35 | 000,000,000 | ---D | M] -- C:\Users\i7-2600\AppData\Roaming\TeamViewer
[2012/11/25 13:55:33 | 000,000,000 | ---D | M] -- C:\Users\i7-2600\AppData\Roaming\TheBrain
[2013/06/12 18:40:38 | 000,000,000 | ---D | M] -- C:\Users\i7-2600\AppData\Roaming\TweetAdder3
[2013/06/21 01:06:08 | 000,000,000 | ---D | M] -- C:\Users\i7-2600\AppData\Roaming\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.ADML >
[2009/07/13 19:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2009/06/10 13:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

< MD5 for: EXPLORER.EXE >
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: EXPLORER.EXE 15 12 2012 16 17 10.DMP >
[2012/12/15 17:18:11 | 496,225,102 | ---- | M] () MD5=3972AA4B3C05446ECD5069028CD06116 -- C:\Users\i7-2600\AppData\Local\ftopia\SocialFolders\Explorer.EXE 15 12 2012 16 17 10.dmp

< MD5 for: EXPLORER.EXE 21 1 2013 12 50 33.DMP >
[2013/01/21 13:50:57 | 323,410,895 | ---- | M] () MD5=228654D25186BEA9208C0B74FD76CE92 -- C:\Users\i7-2600\AppData\Local\ftopia\SocialFolders\Explorer.EXE 21 1 2013 12 50 33.dmp

< MD5 for: EXPLORER.EXE.MUI >
[2009/07/13 19:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/13 19:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/13 19:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/13 19:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

< MD5 for: EXPLORER.EXE-7A3328DA.PF >
[2013/06/29 22:43:01 | 000,207,948 | ---- | M] () MD5=272BD218106E2E694832CD543FCA0D5C -- C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf

< MD5 for: IEXPLORE.EXE >
[2013/01/08 18:53:45 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=0100BCF23941C83462E4A70F94C3392E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_0d2c5bc980874648\iexplore.exe
[2012/11/13 19:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_178ed6e5b4dd3857\iexplore.exe
[2012/09/11 03:12:58 | 000,754,784 | ---- | M] (Microsoft Corporation) MD5=1223ACBFC1093852DFF039E189599BBD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_0d45fcc9807373c2\iexplore.exe
[2012/06/27 00:05:59 | 000,696,408 | ---- | M] (Microsoft Corporation) MD5=156169FAD6DEACEEF4BAFFEE8A662C4F -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17051_none_0f81e75a3e642ff5\iexplore.exe
[2012/08/24 00:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_1787d4dfb4e386f6\iexplore.exe
[2013/02/22 00:04:50 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=25B53709A37C3FD814B68EA0A92D18F9 -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/02/22 00:04:50 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=25B53709A37C3FD814B68EA0A92D18F9 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_0d238c71808d94e7\iexplore.exe
[2012/10/08 01:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_178cd651b4df05a9\iexplore.exe
[2009/07/13 18:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2012/08/24 04:23:44 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=2D53C5F71653EF94E7829846405D4ED2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_0d332a8d8082c4fb\iexplore.exe
[2013/02/21 21:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/02/21 21:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_177836c3b4ee56e2\iexplore.exe
[2013/02/21 21:10:31 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=4145E2B5663F6FACC08EFDB17B658BB2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_17f703a2ce14129d\iexplore.exe
[2012/10/08 05:29:46 | 000,754,848 | ---- | M] (Microsoft Corporation) MD5=49442BA6DCE4B4E3C1CB0AB193FE29AD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_0d382bff807e43ae\iexplore.exe
[2012/06/27 00:06:52 | 000,696,408 | ---- | M] (Microsoft Corporation) MD5=5421E66F9F91F221B9B88AAE11B0CFE7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21245_none_101a571f57761651\iexplore.exe
[2012/06/26 23:05:29 | 000,672,856 | ---- | M] (Microsoft Corporation) MD5=555D62228092C7F87B9930F85F833297 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17051_none_19d691ac72c4f1f0\iexplore.exe
[2012/08/24 03:49:07 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=5A150AFABB25BEA50CEDC8650A7B8A9E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_0dc3c95e999a1626\iexplore.exe
[2012/08/24 00:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_181873b0cdfad821\iexplore.exe
[2013/01/08 15:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe
[2010/11/20 06:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2012/09/11 03:12:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_179aa71bb4d435bd\iexplore.exe
[2012/06/26 23:11:42 | 000,672,832 | ---- | M] (Microsoft Corporation) MD5=9B80D4B1CAD7C4160D9B2D65D468E336 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21245_none_1a6f01718bd6d84c\iexplore.exe
[2012/11/15 20:08:58 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=AC4957E154F750DF54F36ADC8E3E040D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_0db6f8de99a3ff69\iexplore.exe
[2013/02/22 00:17:45 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=B21A57AA4CB928059A0C0C58A9E77A02 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_0da2595099b350a2\iexplore.exe
[2010/11/20 05:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2012/10/08 01:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_1808a252ce07755f\iexplore.exe
[2013/01/08 17:51:57 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=EF1F6F41FB2C9BBB484B21017F380201 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_0daa285e99ade8ac\iexplore.exe
[2013/01/08 14:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_17fed2b0ce0eaaa7\iexplore.exe
[2009/07/13 18:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2012/10/08 04:09:10 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=F61714ABCF9BF0CEF0A6249AD4FD490B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_0db3f80099a6b364\iexplore.exe
[2012/11/13 19:19:28 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F691418EE9A6344AEB5C1B0518FBF8AE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_180ba330ce04c164\iexplore.exe
[2012/11/14 00:11:18 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=FD0D2E1FAEBAE5031BE2EB8000D973F1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_0d3a2c93807c765c\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2012/09/11 03:12:58 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2012/09/11 03:12:58 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2012/09/11 03:12:58 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2012/09/11 03:12:58 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2009/07/13 19:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/13 19:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/13 19:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
[2009/07/13 19:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-F6A52C86.PF >
[2013/06/29 06:35:36 | 000,206,552 | ---- | M] () MD5=E8E52359CBCF63CBD103BD3556C76F40 -- C:\Windows\Prefetch\IEXPLORE.EXE-F6A52C86.pf

< MD5 for: SERVICES >
[2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.AIP >
[2012/11/21 02:48:54 | 000,382,616 | ---- | M] (Adobe Systems Incorporated) MD5=1D5858087466C4751477FEF489C32444 -- C:\Program Files (x86)\Adobe\Adobe Illustrator CS6\Plug-ins\Extensions\Services.aip
[2012/11/21 03:20:44 | 000,476,824 | ---- | M] (Adobe Systems Incorporated) MD5=F0BDB0494D54BBA849D18A1FED4D09B7 -- C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Plug-ins\Extensions\Services.aip

< MD5 for: SERVICES.CFG >
[2012/09/23 21:43:36 | 000,603,848 | ---- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
[2012/09/23 20:43:52 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA3301FFFF7706000000000060\11.0.0\services.cfg
[2013/05/11 03:38:00 | 000,558,990 | ---- | M] () MD5=FE8FB005031C2574E990DAC1F9F5ACF8 -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 19:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\i7-2600\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 19:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 19:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: WINLOGON.ADML >
[2009/07/13 19:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2009/06/10 14:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2010/11/20 06:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/20 06:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2009/07/13 19:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui

< MD5 for: WINLOGON.MFL >
[2009/07/13 19:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/13 19:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2009/07/13 13:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 13:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2013/06/26 14:50:51 | 000,016,171 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2010/11/20 05:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2012/09/09 23:49:21 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2013/04/23 10:48:08 | 007,877,746 | ---- | M] () -- C:\FSMMSILog.txt
[2013/06/29 20:39:23 | 4269,117,438 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/29 20:38:57 | 4260,503,549 | -HS- | M] () -- C:\pagefile.sys
[2012/09/09 23:57:30 | 000,002,142 | ---- | M] () -- C:\RHDSetup.log
[2013/06/03 18:21:58 | 000,002,904 | ---- | M] () -- C:\{13C87B9C-8A18-47DA-8246-B7E787C6CCBA}
[2013/06/03 18:23:20 | 000,002,896 | ---- | M] () -- C:\{46686752-F6C6-42B4-BF07-91A092A8A418}
[2013/06/03 10:59:46 | 000,003,616 | ---- | M] () -- C:\{862FBEC2-2D69-455D-896B-9BD26618FF23}

< %systemroot%\Fonts\*.com >
[2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is 700g
Volume Serial Number is 86F7-87F9
Directory of C:\
07/13/2009 10:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 10:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 10:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 10:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 10:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 10:08 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 10:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 10:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 10:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 10:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 10:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 10:08 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 10:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 10:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 10:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 10:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 10:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 10:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 10:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 10:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 10:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 10:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 10:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 10:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 10:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\i7-2600
09/09/2012 11:41 PM <JUNCTION> Application Data [C:\Users\i7-2600\AppData\Roaming]
09/09/2012 11:41 PM <JUNCTION> Cookies [C:\Users\i7-2600\AppData\Roaming\Microsoft\Windows\Cookies]
09/09/2012 11:41 PM <JUNCTION> Local Settings [C:\Users\i7-2600\AppData\Local]
09/09/2012 11:41 PM <JUNCTION> My Documents [C:\Users\i7-2600\Documents]
09/09/2012 11:41 PM <JUNCTION> NetHood [C:\Users\i7-2600\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/09/2012 11:41 PM <JUNCTION> PrintHood [C:\Users\i7-2600\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/09/2012 11:41 PM <JUNCTION> Recent [C:\Users\i7-2600\AppData\Roaming\Microsoft\Windows\Recent]
09/09/2012 11:41 PM <JUNCTION> SendTo [C:\Users\i7-2600\AppData\Roaming\Microsoft\Windows\SendTo]
09/09/2012 11:41 PM <JUNCTION> Start Menu [C:\Users\i7-2600\AppData\Roaming\Microsoft\Windows\Start Menu]
09/09/2012 11:41 PM <JUNCTION> Templates [C:\Users\i7-2600\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\i7-2600\AppData\Local
09/09/2012 11:41 PM <JUNCTION> Application Data [C:\Users\i7-2600\AppData\Local]
09/09/2012 11:41 PM <JUNCTION> History [C:\Users\i7-2600\AppData\Local\Microsoft\Windows\History]
09/09/2012 11:41 PM <JUNCTION> Temporary Internet Files [C:\Users\i7-2600\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\i7-2600\Documents
09/09/2012 11:41 PM <JUNCTION> My Music [C:\Users\i7-2600\Music]
09/09/2012 11:41 PM <JUNCTION> My Pictures [C:\Users\i7-2600\Pictures]
09/09/2012 11:41 PM <JUNCTION> My Videos [C:\Users\i7-2600\Videos]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser
09/10/2012 12:29 AM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]
09/10/2012 12:29 AM <JUNCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
09/10/2012 12:29 AM <JUNCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]
09/10/2012 12:29 AM <JUNCTION> My Documents [C:\Users\UpdatusUser\Documents]
09/10/2012 12:29 AM <JUNCTION> NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/10/2012 12:29 AM <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/10/2012 12:29 AM <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
09/10/2012 12:29 AM <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
09/10/2012 12:29 AM <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
09/10/2012 12:29 AM <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\AppData\Local
09/10/2012 12:29 AM <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Local]
09/10/2012 12:29 AM <JUNCTION> History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
09/10/2012 12:29 AM <JUNCTION> Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\UpdatusUser\Documents
09/10/2012 12:29 AM <JUNCTION> My Music [C:\Users\UpdatusUser\Music]
09/10/2012 12:29 AM <JUNCTION> My Pictures [C:\Users\UpdatusUser\Pictures]
09/10/2012 12:29 AM <JUNCTION> My Videos [C:\Users\UpdatusUser\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
09/17/2012 06:44 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
09/17/2012 06:44 AM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
09/17/2012 06:44 AM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
09/17/2012 06:44 AM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
09/17/2012 06:44 AM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/17/2012 06:44 AM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/17/2012 06:44 AM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
09/17/2012 06:44 AM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
09/17/2012 06:44 AM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
09/17/2012 06:44 AM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
09/17/2012 06:44 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
09/17/2012 06:44 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
09/17/2012 06:44 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
09/17/2012 06:44 AM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
09/17/2012 06:44 AM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
09/17/2012 06:44 AM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
09/17/2012 06:44 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
09/17/2012 06:44 AM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
09/17/2012 06:44 AM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
09/17/2012 06:44 AM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
09/17/2012 06:44 AM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/17/2012 06:44 AM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/17/2012 06:44 AM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
09/17/2012 06:44 AM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
09/17/2012 06:44 AM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
09/17/2012 06:44 AM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
09/17/2012 06:44 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
09/17/2012 06:44 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
09/17/2012 06:44 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
09/17/2012 06:44 AM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
09/17/2012 06:44 AM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
09/17/2012 06:44 AM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
95 Dir(s) 254,470,701,056 bytes free

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/05/06 12:20:27 | 000,000,221 | -HS- | M] () -- C:\Users\i7-2600\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2013/06/30 20:39:15 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\i7-2600\Desktop\aswMBR.exe
[2013/06/30 21:05:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\i7-2600\Desktop\OTL.exe
[2013/06/30 20:36:40 | 000,890,988 | ---- | M] () -- C:\Users\i7-2600\Desktop\SecurityCheck.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Base Services ==========
SRV:64bit: - [2009/07/13 18:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/20 06:25:40 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 18:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 06:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 15:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/06/01 22:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/06/01 21:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 06:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 05:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/02 23:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 18:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 18:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 18:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 06:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 18:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 18:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 18:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 18:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 10:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 04:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/10 23:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 18:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 06:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 06:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 06:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 06:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 06:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 05:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 06:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 06:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 05:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 22:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 06:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 06:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 06:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 06:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 06:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 06:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 06:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 06:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 05:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 15:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 06:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 06:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HDS721075CLA332 ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HDS5C3020ALA632 ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HDS5C3020ALA632 ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD20EADS-00R6B0 ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD20EADS-00R6B0 ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE5 -
Interface type: USB
Media Type:
Model: Brother MFC-290C USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 699.00GB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #1, Partition #0
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,863.00GB
Starting Offset: 135266304
Hidden sectors: 0

DeviceID: Disk #2, Partition #0
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,863.00GB
Starting Offset: 135266304
Hidden sectors: 0

DeviceID: Disk #3, Partition #0
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,863.00GB
Starting Offset: 135266304
Hidden sectors: 0

DeviceID: Disk #4, Partition #0
PartitionType: GPT: Basic Data
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,863.00GB
Starting Offset: 135266304
Hidden sectors: 0

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >

#5 asexymind

New Member

Authentic Member
7 posts

Posted 30 June 2013 - 10:27 PM

OTL Extras logfile created on: 6/30/2013 9:08:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\i7-2600\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.97 Gb Total Physical Memory | 11.80 Gb Available Physical Memory | 73.92% Memory free
31.93 Gb Paging File | 25.81 Gb Available in Paging File | 80.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.63 Gb Total Space | 239.62 Gb Free Space | 34.30% Space Free | Partition Type: NTFS
Drive D: | 1862.89 Gb Total Space | 235.72 Gb Free Space | 12.65% Space Free | Partition Type: NTFS
Drive E: | 1862.89 Gb Total Space | 12.31 Gb Free Space | 0.66% Space Free | Partition Type: NTFS
Drive G: | 1862.89 Gb Total Space | 1404.30 Gb Free Space | 75.38% Space Free | Partition Type: NTFS
Drive H: | 1862.89 Gb Total Space | 131.52 Gb Free Space | 7.06% Space Free | Partition Type: NTFS

Computer Name: I7-2600-PC | User Name: i7-2600 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05E14F14-7F1B-49EA-B5ED-0132E036855C}" = lport=445 | protocol=6 | dir=in | app=system |
"{11BD5797-54BB-433B-B5C8-BDF9B58F487E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{19F5BDE9-5AA8-42A6-BC7E-B624B0CB4B58}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{20274741-9490-4D61-B01C-F76B0FA95D1D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{24C671B5-FDD2-4A90-B73F-EE366D8D4C07}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2863DB1A-6F64-41FD-81AA-54AC0DB4C31B}" = rport=445 | protocol=6 | dir=out | app=system |
"{290217E5-9CA0-4BEC-86E3-A7E08A9B4A2D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{292EF472-4F49-4A36-8656-C0F7172F2AF5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2EE6555E-59F8-4AAA-8BC8-0336F10C3200}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31F5C7A5-1836-4220-ADE2-30284C4FF902}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{341CFC6D-2AE8-4604-8A1D-96E25F2678A3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{36144C2D-315A-42B9-9A8F-F51BFFE4ECAF}" = lport=139 | protocol=6 | dir=in | app=system |
"{3BD6CDDB-AEA5-445A-8F8A-87AAD1FC9878}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3DA82A73-B399-4845-B5DD-CC42DCB64CF0}" = rport=137 | protocol=17 | dir=out | app=system |
"{3F0ECE0A-2A86-4EF8-ACB5-4A0EF100E64C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{46E7378C-AE8E-4495-BDBF-9BE05FCB58C3}" = rport=138 | protocol=17 | dir=out | app=system |
"{4F4519CE-DA30-4227-94A4-08EDFFF22C69}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{53C945ED-4F4F-43A2-917E-2414BBDA6CD0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5AADEC9C-0CD3-4413-8347-9231C9CCFDA3}" = lport=137 | protocol=17 | dir=in | app=system |
"{60EB5DF9-34D5-4EE6-AD42-1D8F100B4BE1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{64D6FED6-AE81-4553-A575-4A3D317503D8}" = lport=138 | protocol=17 | dir=in | app=system |
"{7B638AA0-802D-41DF-B422-FE2D667AEC8A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7BF5D280-8A85-47E2-A118-C498122352E2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8829E46C-907A-46EE-B1E0-55FDEB0EE2E6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{974258C3-FCC1-47EA-827C-518AB70F2980}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A477FCA8-063E-45C5-9229-5B4D24DD6445}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A675F3E3-D723-4411-B155-2F89AED6B5E9}" = rport=139 | protocol=6 | dir=out | app=system |
"{A7A3A951-10CB-477A-BE24-6F99396FD441}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C7CD6925-B388-4941-995D-003FDC18F0C3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD2F2552-3F65-40F4-B93E-EB33851E9870}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D48026E5-886D-4837-88C2-D3A7C6331F66}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D843DFF5-D9AD-49EC-ACC6-64348662F308}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DF7EBAF6-7DF8-424F-84C2-D7C63F861F13}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server |
"{E7E0F5E4-45E3-4EFB-999F-27DCB18CB764}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{057B6168-749E-4CAF-8633-D52E1C54B576}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{05B4E303-DEAF-41CC-A7D8-4E96DB8A6706}" = dir=in | app=c:\program files\soluto\solutoservice.exe |
"{0761F816-05F5-4126-9D9B-C0F1C6695AE7}" = protocol=17 | dir=in | app=c:\program files (x86)\tango\tango.exe |
"{0AAF6B31-F238-473E-B416-D864287FE9A5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0ABFD0BE-949C-4018-AE66-847B4A7B1DF7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1A4806EE-46F7-4045-83F4-EE39701D545F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1ACB2048-89A9-45E4-80D7-EBFDED2537D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1BAC44C1-F4D1-42E5-9801-96578D1A1213}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1E1168AD-39AB-4300-A4A3-0F176E577F8D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{255C1EF7-9828-4D7E-8B27-F3AA598CB21E}" = protocol=17 | dir=in | app=c:\program files (x86)\applian technologies\replay media catcher 5\aria2c.exe |
"{2C7C36ED-44A1-4EBA-AA84-531C34358B26}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{325C56A3-EE01-4ABD-BBE7-1F17E1C34F06}" = protocol=6 | dir=in | app=c:\users\i7-2600\appdata\roaming\dropbox\bin\dropbox.exe |
"{33C8BAEF-FFA7-4037-AB52-D4D49FAF659C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{34E66005-4F57-4763-BAA1-67F1C19895B0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{36108D05-B96A-4505-A56F-666E2D4351EA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{36AAD225-CA41-4471-8F78-8879A41CDD23}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{397F9BF5-B3AE-4312-8E1F-1EC01C511581}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3BD31F28-B1E1-4BBB-A97A-678A1CC8ACFF}" = protocol=6 | dir=in | app=c:\program files (x86)\fedex\shipmanager\bin\ldsedit.exe |
"{3DAE4D4B-8777-43AD-9A70-4BFAB7AA187F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3EFD81C7-EC4F-4581-9AC6-4BA774FA8D57}" = protocol=17 | dir=in | app=c:\program files (x86)\fedex\shipmanager\bin\reportprocessing.exe |
"{4058B544-9AC1-4FD5-8A2A-A5B90EC7E822}" = dir=in | app=c:\program files\soluto\solutocleanup.exe |
"{41872EA0-77D7-4A3A-B2D0-DB845595C2E2}" = protocol=6 | dir=in | app=c:\program files (x86)\applian technologies\replay media catcher 5\aria2c.exe |
"{4452BBF9-6CF0-469B-9AC2-75EAAD29E45D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{46F08FE3-E102-47F6-8187-D207C6B0F0E1}" = dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{476D79A5-57A0-4FB4-912A-0841EC047B13}" = protocol=6 | dir=in | app=c:\program files (x86)\fedex\shipmanager\bin\adminservice.exe |
"{4F2A7118-0207-4281-AD19-E625B1D25C60}" = protocol=17 | dir=in | app=c:\users\i7-2600\appdata\local\opera\opera\temporary_downloads\solutoinstaller-wc27fbzw5z_u11383238.exe |
"{503626FA-0AC9-45AB-93D0-7C8BF14C8381}" = protocol=17 | dir=in | app=c:\users\i7-2600\appdata\roaming\dropbox\bin\dropbox.exe |
"{5702B716-96FF-4069-81DD-FA5171F4934A}" = protocol=6 | dir=in | app=c:\program files (x86)\fedex\shipmanager\bin\gsmcommsetup.exe |
"{591C4B8F-6688-4299-B5D0-E003D44D9000}" = protocol=6 | dir=in | app=c:\users\i7-2600\appdata\local\opera\opera\temporary_downloads\solutoinstaller-wc27fbzw5z_u11383238.exe |
"{5BA2729A-7312-4643-91BA-E0CB1E224BF2}" = protocol=6 | dir=in | app=c:\program files (x86)\tango\tango.exe |
"{5C9EBB6C-A2C7-418A-92B9-962961B319E5}" = protocol=17 | dir=in | app=c:\program files (x86)\fedex\shipmanager\bin\fedex.gsm.cafe.applicationengine.gui.exe |
"{5EB1B658-8714-4C78-93D8-C8A522EA2CB6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5F65DC48-8183-4120-BCD6-E0D00E0C1057}" = protocol=6 | dir=in | app=c:\users\i7-2600\appdata\roaming\dropbox\bin\dropbox.exe |
"{64C11A01-4EE5-4269-BA0D-BCF900A0BE30}" = protocol=17 | dir=in | app=c:\program files (x86)\fedex\shipmanager\bin\ldsedit.exe |
"{6C99E509-11F6-4F09-9B61-D48B95A714A6}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{6CD7E342-3C9A-4363-9B21-40F8FDFBC467}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{6D327F15-8CFA-4CE0-A0CC-3884B2DAA0CF}" = protocol=6 | dir=in | app=c:\program files\crashplan\crashplanservice.exe |
"{7083A8E8-6124-471C-A7D6-45C33131D37E}" = protocol=6 | dir=in | app=c:\program files (x86)\fedex\shipmanager\bin\fedex.gsm.cafe.applicationengine.gui.exe |
"{713815C1-C80B-4219-BCAE-AB19FF9184FD}" = protocol=6 | dir=out | app=system |
"{72233F18-F834-49C6-A01B-E41BC1C55836}" = dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{755503A2-F488-4152-8045-283F657642D3}" = protocol=17 | dir=in | app=c:\program files (x86)\fedex\shipmanager\bin\transengineservice.exe |
"{768E859E-FE49-4A9E-83E5-5315DBBE773A}" = protocol=6 | dir=in | app=c:\program files (x86)\applian technologies\replay media catcher 5\qtcopy.exe |
"{77E523E9-C8B3-4CA0-9705-D8EE334AF501}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{786A6E5A-2B8E-4F9B-93D6-80568F5A1D2A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7F90694D-ACDB-4984-B672-D9356A9D06E9}" = protocol=6 | dir=in | app=c:\program files (x86)\fedex\shipmanager\bin\fsmregistration.exe |
"{833A1456-EB6D-434E-A4DE-4A70AE0A40CA}" = protocol=17 | dir=in | app=c:\program files (x86)\fedex\shipmanager\bin\fsmregistration.exe |
"{8B745DD4-E406-4B59-9BC6-ABD9D48C496B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{8ECB5A5C-E94E-401B-97AF-A65189FB71B5}" = protocol=17 | dir=in | app=c:\program files (x86)\fedex\shipmanager\bin\shipengineservice.exe |
"{96172726-CF97-4615-B280-98A1AF5C35D7}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{9DCDB75C-B052-4470-959D-B0B3306CCA2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A00CC8A7-AC09-4B0C-BC3E-03E644FA6F01}" = protocol=17 | dir=in | app=c:\program files (x86)\fedex\shipmanager\bin\gsmcommsetup.exe |
"{A06BBC2A-339D-41A1-9690-5C0C444996B8}" = protocol=6 | dir=in | app=c:\program files (x86)\fedex\shipmanager\bin\transengineservice.exe |
"{A2E28038-3B18-4245-8810-B6B2A33DA71A}" = protocol=6 | dir=in | app=c:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe |
"{A7DA23F7-7B34-4855-8E4E-2A2BC65B7AEA}" = protocol=6 | dir=in | app=c:\program files (x86)\fedex\shipmanager\bin\shipengineservice.exe |
"{B46101B1-5B2B-4FA6-891D-7FEE48B85BD6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B4F7D275-EC76-4275-B604-42DD844E36A6}" = protocol=17 | dir=in | app=c:\program files (x86)\fedex\shipmanager\bin\adminservice.exe |
"{B675319F-46FC-4A05-9493-E6374DCEE1D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C20EE78E-0A75-40B1-BFB6-5A2457F6E727}" = protocol=6 | dir=in | app=c:\program files (x86)\fedex\shipmanager\bin\reportprocessing.exe |
"{C264A6A4-58B1-44F1-B8B1-255455542C82}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{C6808954-B407-4386-8660-88F7962AF6FA}" = protocol=6 | dir=in | app=c:\users\i7-2600\downloads\solutoinstaller.exe |
"{C89056B1-E123-4002-B8E8-9AA6A35256E0}" = protocol=17 | dir=in | app=c:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe |
"{CCBF6948-4371-4F8F-818E-4DFD13E0B11F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CD465F77-3716-4247-9D83-4AC7FBABC52C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{D1E3FF86-1081-476B-9C38-9F747CCC27B2}" = protocol=17 | dir=in | app=c:\users\i7-2600\downloads\solutoinstaller.exe |
"{D4A1F67F-2CAE-4CE8-B9CE-DEA8CD260733}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{D61B9EE6-95B3-402F-AC6D-09C2DA62C4A2}" = protocol=17 | dir=in | app=c:\program files\crashplan\crashplanservice.exe |
"{D7C3780B-D057-4DD0-8E75-2D94137025A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D97D5C81-B7B4-47C8-BAB4-F43BC1F22F4F}" = dir=in | app=c:\program files\soluto\soluto.exe |
"{E0093E10-BF05-4EBB-86F6-BA11D02D662E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E089715D-93C0-4868-9B27-8B8E26B99585}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E1778EA6-2A30-42EB-8F57-C508F08CF399}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{EC8706D5-672C-49A2-BDED-FFE0E3C748DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EDCB2E54-B910-4E0C-BC4E-93893E8D75B0}" = protocol=17 | dir=in | app=c:\program files (x86)\applian technologies\replay media catcher 5\qtcopy.exe |
"{F69B7999-74AB-434B-9E21-53F3B984CE32}" = protocol=17 | dir=in | app=c:\users\i7-2600\appdata\roaming\dropbox\bin\dropbox.exe |
"{FA6607F8-5ED3-4FA4-A9E6-773F27A6E69F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{FB70ADAF-EA80-4A26-9C00-1EF75133BAA4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FCB963E4-78DC-455D-8A87-972A1BA5635F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{23605DC8-BA42-4A01-AF9F-7CFCD7A4414D}C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe |
"TCP Query User{5578357F-524F-4A1B-BAAA-EB7B808CD65E}C:\program files (x86)\bdwm\clipsync server\clipsync server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bdwm\clipsync server\clipsync server.exe |
"TCP Query User{61AA8D92-F110-4F3B-AFFC-3205F3313464}C:\program files (x86)\filezilla\filezilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\filezilla\filezilla.exe |
"TCP Query User{72DFAD96-FF0F-4F7E-A15D-C0E023C87B62}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{72E2D421-9F85-43FD-93DE-F25B0DF4D1D7}C:\users\i7-2600\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\i7-2600\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{132EB1C2-D295-43A7-B4DB-AB34F00C7FAF}C:\users\i7-2600\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\i7-2600\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{19CE1752-225B-49E7-AC0B-61BE918B3077}C:\program files (x86)\filezilla\filezilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\filezilla\filezilla.exe |
"UDP Query User{B7AE15BB-5DCB-4033-9FC6-F3D88E411F4A}C:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jrt studio\cheetah sync\cheetahsync.exe |
"UDP Query User{BDF7D804-5655-4F6B-91BC-32D7AF3C564E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{FB19082B-572D-4478-B32F-5F210D677D78}C:\program files (x86)\bdwm\clipsync server\clipsync server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bdwm\clipsync server\clipsync server.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1" = Open Freely
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{36E47D1C-2AD0-429C-8C1A-91A23C949B54}" = Soluto
"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel® Network Connections 15.6.25.0
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D377B43D-DF58-4D54-A809-781D4F576FE6}" = CrashPlan
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"PROSetDX" = Intel® Network Connections 15.6.25.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0600EEDA-11EA-4588-81F3-8F1D89FC83DE}" = Cheetah Sync
"{07E80932-FFB1-402D-9198-18C58EBAF216}" = Adobe Encore CS6 Library
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15B144B8-53F3-489E-A84E-8D872BCD348F}" = FedEx Ship Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23D3F585-AE29-4670-8E3E-64A0EFB29240}" = Adobe Acrobat XI Pro
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2B784A7D-424B-2ECB-D2DF-7AA7540B917D}" = Adobe® Content Viewer
"{2E4AB750-27D1-4D7E-BD37-BC69FD8D341E}" = ClipSync Server
"{30FD541D-3C9D-41C4-B240-A994EE4E0231}" = Adobe Audition CS6
"{35A99070-E9E0-42BB-8F8B-C00854A03E59}" = NextUp.com-NeoSpeech Kate16 Voice
"{36A52BCF-AC3D-32F1-AD5F-A09769EB8887}" = Google Talk Plugin
"{37B03AA0-B125-4649-900C-F26E1081F163}" = Camtasia Studio 7
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{4869414E-7AEA-4C8E-BE1C-8D40977FD517}" = Adobe Illustrator CS6
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-290C
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5D97F812-3F0D-4AFE-A377-27DD67DE9079}" = NextUp.com-NeoSpeech Paul16 Voice
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6A725C8E-E4E1-474A-A2B1-C17CCC48EC01}" = Adobe Edge Animate
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7176B973-6011-43C1-AEBC-2D73FE7C6982}" = Adobe Premiere Pro CS6
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8F881647-AC08-4E13-9782-D347FBA634AD}" = ShipRush for FedEx - Ecommerce Edition
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A554C9D-E12D-4205-8101-9F4337CD5673}" = Adobe Muse
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}" = Adobe Dreamweaver CS6
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C6D8FEFD-CF99-AD3C-3D2F-47F23CF2C5B1}" = Adobe Muse
"{CFB770D7-8D43-1014-922B-CC2715FADE3F}" = Adobe InDesign CS6
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DED01768-E634-11E1-AEB0-984BE15F174E}" = Evernote v. 4.5.8
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F587CC88-D29F-40DA-9268-EEE18D2AF426}" = TweetDeck
"{FBB02B04-C034-4382-A3F6-57416E2752C4}" = Adobe Creative Suite 5 Master Collection
"1190-3857-8766-9166" = TheBrain 7
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AdobeMuse" = Adobe Muse
"Aimersoft iPhone Video Converter_is1" = Aimersoft iPhone Video Converter(Build 2.4.3.2)
"Applian Director2.10" = Applian Director
"AudibleManager" = AudibleManager
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe® Content Viewer
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"Ditto_is1" = Ditto 3.17.0.17
"Everything" = Everything 1.2.1.371
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FileZilla" = FileZilla (remove only)
"FreeCommander_is1" = FreeCommander 2009.02a
"GoldWave v5.69" = GoldWave v5.69
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InternetHelper3 Chrome Toolbar" = InternetHelper3 Chrome Toolbar
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Line 6 Uninstaller" = Line 6 Uninstaller
"MagniDriver" = marvell 91xx driver
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"N360" = Norton Security Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.15.1748" = Opera 12.15
"PROR" = Microsoft Office Professional 2007
"Replay Media Catcher 5" = Replay Media Catcher 5 (5.0.0.89)
"Replay Telecorder for Skype_is1" = Replay Telecorder for Skype 1.3.0.18
"SocialFolders" = SocialFolders
"TeamViewer 8" = TeamViewer 8
"TextAloud MP3_is1" = TextAloud
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.6
"WinMerge_is1" = WinMerge 2.12.4
"WinPcapInst" = WinPcap 4.1.2
"XobniMain" = Xobni

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2ec9e9d1bf522caa" = FedEx Desktop Customer Tools
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 5.5.0.1132
"MyFreeCodec" = MyFreeCodec
"Tango" = Tango

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/28/2013 2:03:51 PM | Computer Name = i7-2600-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5023

Error - 6/28/2013 2:03:52 PM | Computer Name = i7-2600-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/28/2013 2:03:52 PM | Computer Name = i7-2600-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6022

Error - 6/28/2013 2:03:52 PM | Computer Name = i7-2600-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6022

Error - 6/28/2013 2:03:53 PM | Computer Name = i7-2600-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/28/2013 2:03:53 PM | Computer Name = i7-2600-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7020

Error - 6/28/2013 2:03:53 PM | Computer Name = i7-2600-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7020

Error - 6/28/2013 2:03:54 PM | Computer Name = i7-2600-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/28/2013 2:03:54 PM | Computer Name = i7-2600-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8019

Error - 6/28/2013 2:03:54 PM | Computer Name = i7-2600-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8019

[ OSession Events ]
Error - 1/24/2013 4:26:11 PM | Computer Name = i7-2600-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 24568
seconds with 5400 seconds of active time. This session ended with a crash.

Error - 3/1/2013 4:24:31 PM | Computer Name = i7-2600-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 191081
seconds with 8940 seconds of active time. This session ended with a crash.

Error - 4/5/2013 3:24:37 PM | Computer Name = i7-2600-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 82414
seconds with 3840 seconds of active time. This session ended with a crash.

Error - 4/10/2013 9:13:55 PM | Computer Name = i7-2600-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 126176
seconds with 6480 seconds of active time. This session ended with a crash.

Error - 4/30/2013 10:56:43 AM | Computer Name = i7-2600-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 54590
seconds with 480 seconds of active time. This session ended with a crash.

Error - 5/1/2013 9:12:40 AM | Computer Name = i7-2600-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 73138
seconds with 2160 seconds of active time. This session ended with a crash.

Error - 5/12/2013 4:28:17 PM | Computer Name = i7-2600-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 82423
seconds with 4140 seconds of active time. This session ended with a crash.

Error - 5/25/2013 6:57:01 PM | Computer Name = i7-2600-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2347
seconds with 720 seconds of active time. This session ended with a crash.

Error - 5/27/2013 4:53:04 PM | Computer Name = i7-2600-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 190
seconds with 60 seconds of active time. This session ended with a crash.

Error - 5/29/2013 3:33:18 PM | Computer Name = i7-2600-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 30571
seconds with 2280 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/8/2013 7:35:15 AM | Computer Name = i7-2600-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 2/8/2013 7:35:15 AM | Computer Name = i7-2600-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 2/9/2013 7:16:26 AM | Computer Name = i7-2600-PC | Source = Service Control Manager | ID = 7000
Description = The iPodDrv service failed to start due to the following error: %%2

Error - 2/9/2013 7:24:48 AM | Computer Name = i7-2600-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 2/9/2013 7:24:48 AM | Computer Name = i7-2600-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 2/9/2013 2:30:44 PM | Computer Name = i7-2600-PC | Source = DCOM | ID = 10010
Description =

Error - 2/9/2013 2:32:39 PM | Computer Name = i7-2600-PC | Source = Service Control Manager | ID = 7000
Description = The iPodDrv service failed to start due to the following error: %%2

Error - 2/9/2013 2:50:44 PM | Computer Name = i7-2600-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 2/9/2013 2:50:44 PM | Computer Name = i7-2600-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 2/9/2013 3:33:32 PM | Computer Name = i7-2600-PC | Source = bowser | ID = 8003
Description =

< End of report >

#6 OCD

SuperHelper

Malware Team
5,574 posts

Posted 30 June 2013 - 10:47 PM

Hi asexymind,

1 P2P - (Peer to Peer)

I see you have/had P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall this now.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

uTorrent

If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

=========================

2. AdwCleaner

Locate this log and post in your next reply - C:\AdwCleaner[S1].txt

=========================

3. Run OTL.exe

Windows Vista and Windows 7 users Right Click and select "Run as Administrator"

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:OTL
IE - HKCU\..\SearchScopes\{57C1E73A-ECCD-4442-ACE7-861237053604}: "URL" = http://search.conduit.com/ResultsExt.aspx?...;ctid=CT3220468
[2013/06/21 01:05:23 | 000,000,000 | ---D | M] (TopArcadeHits) -- C:\Users\i7-2600\AppData\Roaming\Mozilla\Firefox\Profiles\uyctyank.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}
O15 - HKCU\..Trusted Domains: line6.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)

:Files
ipconfig /flushdns /c

:Commands
[purity]
[createrestorepoint]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

=========================

In your next post please provide the following:
AdwCleaner[S1].txt
OTL.txt
What symptoms are you experiencing?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#7 asexymind

New Member

Authentic Member
7 posts

Posted 30 June 2013 - 10:52 PM

# AdwCleaner v2.303 - Logfile created 06/26/2013 at 14:50:16 # Updated 08/06/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : i7-2600 - I7-2600-PC # Boot Mode : Normal # Running from : C:\Users\i7-2600\Downloads\adwcleaner.exe # Option [Delete] ***** [Services] ***** Stopped & Deleted : CltMngSvc ***** [Files / Folders] ***** File Deleted : C:\END File Deleted : C:\Users\i7-2600\AppData\Roaming\Mozilla\Firefox\Profiles\uyctyank.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi File Deleted : C:\Users\i7-2600\AppData\Roaming\Mozilla\Firefox\Profiles\uyctyank.default\searchplugins\Conduit.xml File Deleted : C:\Users\i7-2600\AppData\Roaming\Mozilla\Firefox\Profiles\uyctyank.default\searchplugins\SweetIm.xml Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com Folder Deleted : C:\Program Files (x86)\SearchProtect Folder Deleted : C:\Program Files (x86)\SweetIM Folder Deleted : C:\Program Files (x86)\uTorrentControl_v2 Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer Folder Deleted : C:\Program Files\Updater By SweetPacks Folder Deleted : C:\ProgramData\WeCareReminder Folder Deleted : C:\Users\i7-2600\AppData\Local\Conduit Folder Deleted : C:\Users\i7-2600\AppData\LocalLow\Conduit Folder Deleted : C:\Users\i7-2600\AppData\LocalLow\SweetIM Folder Deleted : C:\Users\i7-2600\AppData\LocalLow\uTorrentControl_v2 Folder Deleted : C:\Users\i7-2600\AppData\Roaming\Conduit Folder Deleted : C:\Users\i7-2600\AppData\Roaming\Mozilla\Firefox\Profiles\uyctyank.default\CT3220468 Folder Deleted : C:\Users\i7-2600\AppData\Roaming\Mozilla\Firefox\Profiles\uyctyank.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} Folder Deleted : C:\Users\i7-2600\AppData\Roaming\Mozilla\Firefox\Profiles\uyctyank.default\extensions\wecarereminder@bryan Folder Deleted : C:\Users\i7-2600\AppData\Roaming\Mozilla\Firefox\Profiles\uyctyank.default\jetpack Folder Deleted : C:\Users\i7-2600\AppData\Roaming\Mozilla\Firefox\Profiles\uyctyank.default\Smartbar Folder Deleted : C:\Users\i7-2600\AppData\Roaming\OpenCandy Folder Deleted : C:\Users\i7-2600\AppData\Roaming\SearchProtect Folder Deleted : C:\Windows\SysWOW64\WNLT ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v2 Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473B6BD-4691-4744-A82B-7854EB3D70B6} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKCU\Software\SearchProtect Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C} Key Deleted : HKLM\Software\SearchProtect Key Deleted : HKLM\Software\uTorrentControl_v2 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{537F4F0B-3542-4C7D-A3E5-CF121482696C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D2138CE-E6FC-439F-B19D-F2C3E5CD80B4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2DC80F4-8302-4B06-AE95-E36266733F87} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}] ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16476 [OK] Registry is clean. -\\ Mozilla Firefox v21.0 (en-US) File : C:\Users\i7-2600\AppData\Roaming\Mozilla\Firefox\Profiles\uyctyank.default\prefs.js C:\Users\i7-2600\AppData\Roaming\Mozilla\Firefox\Profiles\uyctyank.default\user.js ... Deleted ! Deleted : user_pref("CT3220468.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM1NzQ5MTQ3NCwidXVpZCI6MTU0NDg1NDQ4MjUwNTA3LCJ[...] Deleted : user_pref("CT3220468.CBOpenMAMSettings.enc", "MA=="); Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...] Deleted : user_pref("CT3220468.FirstTime", "true"); Deleted : user_pref("CT3220468.FirstTimeFF3", "true"); Deleted : user_pref("CT3220468.LoginRevertSettingsEnabled", true); Deleted : user_pref("CT3220468.RevertSettingsEnabled", true); Deleted : user_pref("CT3220468.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...] Deleted : user_pref("CT3220468.UserID", "UN58275736815040485"); Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true"); Deleted : user_pref("CT3220468.autoDisableScopes", -1); Deleted : user_pref("CT3220468.browser.search.defaultthis.engineName", true); Deleted : user_pref("CT3220468.cb_experience_000.enc", "MTA="); Deleted : user_pref("CT3220468.cb_firstuse0100.enc", "MQ=="); Deleted : user_pref("CT3220468.cb_user_id_000.enc", "Q0I4OTA5MTA2ODM2OTlfMTM1NzA5MDgxNjM1OF9GaXJlZm94"); Deleted : user_pref("CT3220468.cbcountry_001.enc", "VVM="); Deleted : user_pref("CT3220468.cbfirsttime.enc", "RnJpIE5vdiAwOSAyMDEyIDEyOjE1OjI0IEdNVC0wODAwIChQYWNpZmljIFN0[...] Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...] Deleted : user_pref("CT3220468.enableAlerts", "always"); Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "true"); Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true"); Deleted : user_pref("CT3220468.fixPageNotFoundError", "true"); Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true"); Deleted : user_pref("CT3220468.fixUrls", true); Deleted : user_pref("CT3220468.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_ FEATURES", "op[...] Deleted : user_pref("CT3220468.hxxp___youtube_conduitapps_com_v3_3_0.APP_WIN_FEATURES.enc", "c2F2ZXJlc2l6ZWRza[...] Deleted : user_pref("CT3220468.installId", "fft3739.tmp.exe"); Deleted : user_pref("CT3220468.installType", "XPE"); Deleted : user_pref("CT3220468.isCheckedStartAsHidden", true); Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3220468.isFirstTimeToolbarLoading", "false"); Deleted : user_pref("CT3220468.isNewTabEnabled", true); Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true"); Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); Deleted : user_pref("CT3220468.keyword", true); Deleted : user_pref("CT3220468.migrateAppsAndComponents", true); Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...] Deleted : user_pref("CT3220468.openThankYouPage", "true"); Deleted : user_pref("CT3220468.openUninstallPage", "FALSE"); Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747"); Deleted : user_pref("CT3220468.search.searchCount", "0"); Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true"); Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...] Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...] Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...] Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...] Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...] Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...] Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...] Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1357157747728"); Deleted : user_pref("CT3220468.serviceLayer_services_appTracking_lastUpdate", "1357491597803"); Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1357491597798"); Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1356557763013"); Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1353338919305"); Deleted : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1357491597561"); Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1356557763061"); Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1357491597800"); Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1357491597794"); Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1356557762933"); Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1357491597780"); Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1357491597822"); Deleted : user_pref("CT3220468.settingsINI", true); Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false"); Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468"); Deleted : user_pref("CT3220468.smartbar.Uninstall", "0"); Deleted : user_pref("CT3220468.smartbar.homepage", true); Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 "); Deleted : user_pref("CT3220468.startPage", "userChanged"); Deleted : user_pref("CT3220468.toolbarBornServerTime", "9-11-2012"); Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "6-1-2013"); Deleted : user_pref("CT3220468.toolbarDisabled", "true"); Deleted : user_pref("CT3220468.upgradeFromClearSBVersion", true); Deleted : user_pref("CT3220468.url_history0001.enc", "aHR0cDovL3d3dy5uYXBpZXJib29rLmNvbS93cC1hZG1pbi90aGVtZXMu[...] Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...] Deleted : user_pref("Smartbar.ConduitHomepagesList", ""); Deleted : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentControl_v2 Customized Web Search"); Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468[...] Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&[...] Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220468"); Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...] Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...] -\\ Google Chrome v27.0.1453.116 File : C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.10201] : urls_to_restore_on_startup = [ "hxxps://my.simpleology.com/", "hxxp://start.sweetpacks.com/?s[...] -\\ Opera v12.15.1748.0 File : C:\Users\i7-2600\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[S1].txt - [16052 octets] - [26/06/2013 14:50:16] ########## EOF - C:\AdwCleaner[S1].txt - [16113 octets] ##########

#8 asexymind

New Member

Authentic Member
7 posts

Posted 30 June 2013 - 11:34 PM

latest OTL file after OTL fix.

OTL logfile created on: 6/30/2013 10:14:12 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\i7-2600\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.97 Gb Total Physical Memory | 12.29 Gb Available Physical Memory | 76.98% Memory free
31.93 Gb Paging File | 27.94 Gb Available in Paging File | 87.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.63 Gb Total Space | 235.65 Gb Free Space | 33.73% Space Free | Partition Type: NTFS
Drive D: | 1862.89 Gb Total Space | 235.72 Gb Free Space | 12.65% Space Free | Partition Type: NTFS
Drive E: | 1862.89 Gb Total Space | 12.31 Gb Free Space | 0.66% Space Free | Partition Type: NTFS
Drive G: | 1862.89 Gb Total Space | 1404.30 Gb Free Space | 75.38% Space Free | Partition Type: NTFS
Drive H: | 1862.89 Gb Total Space | 131.52 Gb Free Space | 7.06% Space Free | Partition Type: NTFS

Computer Name: I7-2600-PC | User Name: i7-2600 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\i7-2600\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Users\i7-2600\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Replay Telecorder for Skype\replay_telecorder_skype.exe (Applian Technologies Inc.)
PRC - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Program Files (x86)\Xobni\XobniService.exe (Xobni Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Ditto\Ditto.exe ()
PRC - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Line6\GearBox\GearBox.exe (Line 6, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll ()
MOD - C:\Users\i7-2600\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\i7-2600\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\wincfi39.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libtidy.dll ()
MOD - C:\Program Files (x86)\Evernote\Evernote\libxml2.dll ()
MOD - C:\Program Files (x86)\Ditto\Ditto.exe ()
MOD - C:\Program Files (x86)\Ditto\focus.dll ()
MOD - C:\Program Files (x86)\Ditto\sqlite3.dll ()
MOD - C:\Program Files (x86)\Ditto\zlib1.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (SolutoLauncherService) -- C:\Program Files\Soluto\SolutoLauncherService.exe (Soluto)
SRV:64bit: - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)
SRV:64bit: - (SolutoRemoteService) -- C:\Program Files\Soluto\SolutoRemoteService.exe (GlavSoft LLC.)
SRV:64bit: - (CrashPlanService) -- C:\Program Files\CrashPlan\CrashPlanService.exe (CrashPlan)
SRV:64bit: - (DTSAudioService) -- C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe (DTS)
SRV:64bit: - (Intel® PROSet Monitoring Service) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (FedExShipService) -- C:\Program Files (x86)\FedEx\ShipManager\BIN\ShipEngineService.exe (FedEx Corporation)
SRV - (FedExAdminService) -- C:\Program Files (x86)\FedEx\ShipManager\BIN\AdminService.exe ()
SRV - (FedExTransactionService) -- C:\Program Files (x86)\FedEx\ShipManager\BIN\TransEngineService.exe (FedEx Corporation)
SRV - (FedExLoggingService) -- C:\Program Files (x86)\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe (FedEx Corporation)
SRV - (FedExShipnetDBService) -- C:\Program Files (x86)\FedEx\ShipManager\SQLAnywhere\Bin32\dbsrv11.exe (iAnywhere Solutions, Inc.)
SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation)
SRV - (XobniService) -- C:\Program Files (x86)\Xobni\XobniService.exe (Xobni Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Commnucations)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (DragonSvc) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (Soluto) -- C:\Windows\SysNative\drivers\Soluto.sys (Soluto LTD.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds64.sys (Symantec Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (HssDRV6) -- C:\Windows\SysNative\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnets.sys (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (L6TPortB) -- C:\Windows\SysNative\drivers\L6TPortB64.sys (Line 6)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (AVCSTRM) -- C:\Windows\SysNative\drivers\avcstrm.sys (Microsoft Corporation)
DRV:64bit: - (MSTAPE) -- C:\Windows\SysNative\drivers\mstape.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130630.003\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130630.003\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130628.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130620.001\BHDrvx64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\SysWOW64\FsUsbExDisk.Sys ()
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...mp;sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...mp;sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://mail.execushield.com/owa/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 E0 82 14 1F BA CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B75A5F1-56EA-42DA-81DE-5EEADC4EA7DB}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ASUM_enUS501
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: %7B0113D088-8ED1-468C-B225-585A9C53B5E3%7D:1.0
FF - prefs.js..extensions.enabledAddons: wecarereminder%40bryan:4.1.20.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "http://www.google.co...ogle Search&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\i7-2600\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\i7-2600\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\i7-2600\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\i7-2600\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\i7-2600\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\i7-2600\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/06/30 22:03:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2012/12/17 14:38:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/06/24 05:03:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/26 08:41:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/26 08:41:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/06/17 21:04:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\i7-2600\AppData\Roaming\Mozilla\Extensions
[2013/06/26 14:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\i7-2600\AppData\Roaming\Mozilla\Firefox\Profiles\uyctyank.default\extensions
[2013/05/25 10:30:31 | 000,304,004 | ---- | M] () (No name found) -- C:\Users\i7-2600\AppData\Roaming\Mozilla\Firefox\Profiles\uyctyank.default\extensions\jid1-zUyU7TGKwejAyA@jetpack.xpi
[2013/03/23 09:09:45 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\i7-2600\AppData\Roaming\Mozilla\Firefox\Profiles\uyctyank.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/06/18 07:31:12 | 000,001,793 | ---- | M] () -- C:\Users\i7-2600\AppData\Roaming\Mozilla\Firefox\Profiles\uyctyank.default\searchplugins\Bing.xml
[2013/05/26 08:41:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/26 08:41:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/05/26 08:41:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/26 08:41:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\I7-2600\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UYCTYANK.DEFAULT\EXTENSIONS\{0113D088-8ED1-468C-B225-585A9C53B5E3}
File not found (No name found) -- C:\USERS\I7-2600\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UYCTYANK.DEFAULT\EXTENSIONS\WECAREREMINDER@BRYAN

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{g
oogle:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:ins
tantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\i7-2600\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\i7-2600\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\i7-2600\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: ShipRush FedEx (Enabled) = C:\Users\i7-2600\AppData\Roaming\Mozilla\plugins\NPShipRush_FedEx.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
CHR - plugin: AdobeExManDetect (Enabled) = C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Citrix Online Web Deployment Plugin 1.0.0.94 (Enabled) = C:\Users\i7-2600\AppData\Local\Citrix\Plugins\94\npappdetector.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: Entanglement = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Angry Birds = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Bookmark Sentry = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga\1.7.13_0\
CHR - Extension: Speed Dial = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.5.3_0\
CHR - Extension: Facebook Power Editor = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\djicncbfodbeijpfpjjojkfhgbpjnlih\2.0.3_0\
CHR - Extension: Adobe Acrobat - Create PDF = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0\
CHR - Extension: Google Calendar = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: DFT.BA = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbkphofbaaccggenlaodfbgjjjjcgep\2_0\
CHR - Extension: Smartr Inbox for Gmail = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\gakklmehjhhdfjjgnmpkjoemjmeomnli\0.72_0\
CHR - Extension: KustomNote = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbhnopbeccehmeofkcegmekomjhdenp\1.0_0\
CHR - Extension: The QR Code Generator = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.4_0\
CHR - Extension: CircleCount.com = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfehmiknpngmjkhiieampgfppicbncid\2.3.3.2_0\
CHR - Extension: Android Push Contacts = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjljblonahjepdfnkajfieaflndmhok\1_0\
CHR - Extension: Clearly = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\9.3369.163.322_0\
CHR - Extension: Yawas - Web Highlighter = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjlghdmljfgngjdpeaiogebkiilpiimk\2.4.4_0\
CHR - Extension: FVD Video Downloader = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.2.1_0\
CHR - Extension: Yellow highlighter pen for web = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnmengjdnfjbochkdkcjbbpildacancp\1.6_0\
CHR - Extension: Poppit = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Norton Identity Protection = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.2.2_0\
CHR - Extension: AutoPager Chrome = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh\0.8.0.4_0\
CHR - Extension: Pocket (formerly Read It Later) = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.5.4_0\
CHR - Extension: Hover Zoom = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.19_0\
CHR - Extension: Buffer = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh\2.3.22_0\
CHR - Extension: Evernote Web Clipper = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.18_0\
CHR - Extension: InternetHelper3 = C:\Users\i7-2600\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjnnnhampgflieglcelomcofocioegp\10.16.4.512_1\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files (x86)\TextAloud\TAForIE.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Ditto] C:\Program Files (x86)\Ditto\Ditto.exe ()
O4 - HKCU..\Run: [ISUSPM] -scheduler File not found
O4 - HKCU..\Run: [replay_telecorder_skype] C:\Program Files (x86)\Replay Telecorder for Skype\replay_telecorder_skype.exe (Applian Technologies Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7537BC86-7ED5-4C4D-B796-7281825AE781}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\COMMON~1\JAKSTA~1\AUDIOC~1\JAUDCA~1.DLL) - C:\Program Files\Common Files\Jaksta Technologies\Audio Capture\jaudcap64.dll (Jaksta Technologies Pty Ltd)
O20 - AppInit_DLLs: (C:\PROGRA~2\COMMON~1\JAKSTA~1\AUDIOC~1\jaudcap.dll) - C:\Program Files (x86)\Common Files\Jaksta Technologies\Audio Capture\jaudcap.dll (Jaksta Technologies Pty Ltd)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\program files\soluto\soluto.exe /userinit) - c:\program files\soluto\soluto.exe (Soluto)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6b127111-fb0b-11e1-b4a2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6b127111-fb0b-11e1-b4a2-806e6f6e6963}\Shell\AutoRun\command - "" = I:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/30 21:55:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/30 21:05:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\i7-2600\Desktop\OTL.exe
[2013/06/30 20:37:38 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\i7-2600\Desktop\aswMBR.exe
[2013/06/26 15:11:47 | 000,000,000 | ---D | C] -- C:\Users\i7-2600\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/06/26 15:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/06/26 15:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2013/06/26 14:40:33 | 000,000,000 | ---D | C] -- C:\Users\i7-2600\AppData\Local\NPE
[2013/06/24 06:37:55 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/06/24 06:37:42 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/06/24 06:27:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2013/06/24 06:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2013/06/17 21:06:49 | 000,000,000 | ---D | C] -- C:\Users\i7-2600\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProcessText Group
[2013/06/17 21:06:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABC Amber LIT Converter
[2013/06/17 21:05:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/06/17 21:04:36 | 000,000,000 | ---D | C] -- C:\Users\i7-2600\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TopArcadeHits
[2013/06/12 16:43:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TweetAdder4
[2013/06/06 02:19:48 | 000,054,728 | ---- | C] (Soluto LTD.) -- C:\Windows\SysNative\drivers\Soluto.sys
[2013/06/06 02:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto
[2013/06/06 02:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2013/06/04 01:46:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/06/03 17:01:40 | 000,203,672 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2013/06/03 17:01:40 | 000,103,064 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2013/06/03 15:48:34 | 000,000,000 | ---D | C] -- C:\Users\i7-2600\Desktop\android apps list installed
[2013/06/03 12:37:12 | 000,000,000 | ---D | C] -- C:\Users\i7-2600\Desktop\AppBackup

========== Files - Modified Within 30 Days ==========

[2013/06/30 22:12:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3515159816-1691858734-4074342213-1000UA.job
[2013/06/30 22:07:39 | 000,016,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/30 22:07:39 | 000,016,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/30 21:59:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/30 21:59:54 | 4269,117,438 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/30 21:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/30 21:20:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/30 21:05:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\i7-2600\Desktop\OTL.exe
[2013/06/30 21:04:32 | 000,000,590 | ---- | M] () -- C:\Users\i7-2600\Desktop\MBR.zip
[2013/06/30 21:04:02 | 000,000,512 | ---- | M] () -- C:\Users\i7-2600\Desktop\MBR.dat
[2013/06/30 20:39:15 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\i7-2600\Desktop\aswMBR.exe
[2013/06/30 20:36:40 | 000,890,988 | ---- | M] () -- C:\Users\i7-2600\Desktop\SecurityCheck.exe
[2013/06/30 08:06:44 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3515159816-1691858734-4074342213-1000Core.job
[2013/06/29 19:21:04 | 000,001,456 | ---- | M] () -- C:\Users\i7-2600\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/06/29 07:37:53 | 028,801,149 | ---- | M] () -- C:\Users\i7-2600\Desktop\30 minute x 5 Action set.mp3
[2013/06/29 06:21:47 | 000,002,158 | ---- | M] () -- C:\Users\i7-2600\AppData\Roaming\SAS7_000.DAT
[2013/06/28 19:19:35 | 000,001,414 | ---- | M] () -- C:\Users\i7-2600\Desktop\GOT PPP big picture notes.rtf
[2013/06/27 16:48:41 | 1641,960,305 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/06/27 13:19:28 | 000,183,961 | ---- | M] () -- C:\Users\i7-2600\Desktop\min-site-structure-ideas.jpg
[2013/06/26 17:36:03 | 000,011,776 | ---- | M] () -- C:\Users\i7-2600\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/26 15:12:35 | 000,002,985 | ---- | M] () -- C:\Users\i7-2600\Desktop\HiJackThis.lnk
[2013/06/26 08:28:10 | 000,012,839 | ---- | M] () -- C:\Users\i7-2600\Desktop\outlook category colors keys.jpg
[2013/06/25 16:25:01 | 000,038,320 | ---- | M] () -- C:\Users\i7-2600\Desktop\jackie-agreeing-50-50-more-short-version.JPG
[2013/06/25 16:17:55 | 000,078,197 | ---- | M] () -- C:\Users\i7-2600\Desktop\jackie-agreeing-50-50-3.JPG
[2013/06/25 16:16:33 | 000,165,675 | ---- | M] () -- C:\Users\i7-2600\Desktop\jackie-agreeing-50-50-more.JPG
[2013/06/25 16:10:55 | 000,076,479 | ---- | M] () -- C:\Users\i7-2600\Desktop\jackie danny attempting to agree on equal time with sophia.pdf
[2013/06/25 16:05:06 | 000,103,283 | ---- | M] () -- C:\Users\i7-2600\Desktop\jackie-agreeing-50-50.JPG
[2013/06/25 15:59:01 | 000,107,199 | ---- | M] () -- C:\Users\i7-2600\Desktop\jackie-police-report-2.JPG
[2013/06/25 15:57:19 | 000,108,042 | ---- | M] () -- C:\Users\i7-2600\Desktop\jackie-police-report-1.JPG
[2013/06/25 15:55:22 | 000,110,235 | ---- | M] () -- C:\Users\i7-2600\Desktop\jackie-kidnapping-threat.JPG
[2013/06/24 21:04:45 | 000,038,299 | ---- | M] () -- C:\Users\i7-2600\Desktop\hgd.JPG
[2013/06/24 06:37:38 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/06/24 06:37:36 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/06/24 06:37:36 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/06/24 06:37:36 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/06/24 06:37:36 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/06/24 06:37:36 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/06/21 02:41:12 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/21 02:41:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/19 05:14:55 | 000,000,082 | ---- | M] () -- C:\Users\i7-2600\Desktop\Home Fitness Solutions.url
[2013/06/17 21:11:39 | 000,805,853 | ---- | M] () -- C:\Users\i7-2600\Desktop\Card, Orson Scott - Ender's Saga 4 - Children of the Mind.pdf
[2013/06/17 21:10:48 | 001,103,954 | ---- | M] () -- C:\Users\i7-2600\Desktop\Card, Orson Scott - Ender's Saga 3 - Xenocide.pdf
[2013/06/17 10:40:06 | 000,498,966 | ---- | M] () -- C:\Users\i7-2600\Desktop\Card, Orson Scott - Ender's Saga 5 - Ender's Shadow.lit
[2013/06/17 10:35:28 | 000,565,796 | ---- | M] () -- C:\Users\i7-2600\Desktop\Card, Orson Scott - Ender's Saga 3 - Xenocide.lit
[2013/06/17 10:35:28 | 000,437,570 | ---- | M] () -- C:\Users\i7-2600\Desktop\Card, Orson Scott - Ender's Saga 4 - Children of the Mind.lit
[2013/06/14 11:33:58 | 000,588,097 | ---- | M] () -- C:\Users\i7-2600\Desktop\WWtalk 6-1-13.pdf
[2013/06/12 18:40:50 | 001,023,788 | ---- | M] () -- C:\Users\i7-2600\Desktop\_thenapierbook Followers 2013-06-12.csv
[2013/06/09 15:16:16 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/05 16:44:16 | 006,547,330 | ---- | M] () -- C:\Users\i7-2600\Desktop\130604 Ronn present moment.mp3
[2013/06/05 16:02:31 | 420,141,893 | ---- | M] () -- C:\Users\i7-2600\Desktop\Brian L 130605 the infinite depth of reality.mp4
[2013/06/04 14:40:06 | 000,054,728 | ---- | M] (Soluto LTD.) -- C:\Windows\SysNative\drivers\Soluto.sys
[2013/06/03 18:23:20 | 000,002,896 | ---- | M] () -- C:\{46686752-F6C6-42B4-BF07-91A092A8A418}
[2013/06/03 18:21:58 | 000,002,904 | ---- | M] () -- C:\{13C87B9C-8A18-47DA-8246-B7E787C6CCBA}
[2013/06/03 11:00:43 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013/06/03 10:59:46 | 000,003,616 | ---- | M] () -- C:\{862FBEC2-2D69-455D-896B-9BD26618FF23}
[2013/06/02 21:46:52 | 101,497,553 | ---- | M] () -- C:\Users\i7-2600\Desktop\chilipepper_fall2003.m4v
[2013/06/01 08:55:05 | 000,019,934 | ---- | M] () -- C:\Users\i7-2600\Desktop\IMG_01062013_085421.png
[2013/06/01 08:54:44 | 000,922,989 | ---- | M] () -- C:\Users\i7-2600\Desktop\global-warming-projections-off-the-cuff.jpg

========== Files Created - No Company Name ==========

[2013/06/30 21:04:32 | 000,000,590 | ---- | C] () -- C:\Users\i7-2600\Desktop\MBR.zip
[2013/06/30 21:04:02 | 000,000,512 | ---- | C] () -- C:\Users\i7-2600\Desktop\MBR.dat
[2013/06/30 20:36:38 | 000,890,988 | ---- | C] () -- C:\Users\i7-2600\Desktop\SecurityCheck.exe
[2013/06/29 07:39:47 | 028,801,149 | ---- | C] () -- C:\Users\i7-2600\Desktop\30 minute x 5 Action set.mp3
[2013/06/28 19:19:35 | 000,001,414 | ---- | C] () -- C:\Users\i7-2600\Desktop\GOT PPP big picture notes.rtf
[2013/06/27 13:19:28 | 000,183,961 | ---- | C] () -- C:\Users\i7-2600\Desktop\min-site-structure-ideas.jpg
[2013/06/26 15:00:54 | 000,002,985 | ---- | C] () -- C:\Users\i7-2600\Desktop\HiJackThis.lnk
[2013/06/26 08:28:10 | 000,012,839 | ---- | C] () -- C:\Users\i7-2600\Desktop\outlook category colors keys.jpg
[2013/06/25 16:25:01 | 000,038,320 | ---- | C] () -- C:\Users\i7-2600\Desktop\jackie-agreeing-50-50-more-short-version.JPG
[2013/06/25 16:17:55 | 000,078,197 | ---- | C] () -- C:\Users\i7-2600\Desktop\jackie-agreeing-50-50-3.JPG
[2013/06/25 16:16:33 | 000,165,675 | ---- | C] () -- C:\Users\i7-2600\Desktop\jackie-agreeing-50-50-more.JPG
[2013/06/25 16:10:55 | 000,076,479 | ---- | C] () -- C:\Users\i7-2600\Desktop\jackie danny attempting to agree on equal time with sophia.pdf
[2013/06/25 16:05:06 | 000,103,283 | ---- | C] () -- C:\Users\i7-2600\Desktop\jackie-agreeing-50-50.JPG
[2013/06/25 15:59:00 | 000,107,199 | ---- | C] () -- C:\Users\i7-2600\Desktop\jackie-police-report-2.JPG
[2013/06/25 15:57:19 | 000,108,042 | ---- | C] () -- C:\Users\i7-2600\Desktop\jackie-police-report-1.JPG
[2013/06/25 15:55:21 | 000,110,235 | ---- | C] () -- C:\Users\i7-2600\Desktop\jackie-kidnapping-threat.JPG
[2013/06/24 21:04:45 | 000,038,299 | ---- | C] () -- C:\Users\i7-2600\Desktop\hgd.JPG
[2013/06/19 05:14:55 | 000,000,082 | ---- | C] () -- C:\Users\i7-2600\Desktop\Home Fitness Solutions.url
[2013/06/17 21:11:38 | 000,805,853 | ---- | C] () -- C:\Users\i7-2600\Desktop\Card, Orson Scott - Ender's Saga 4 - Children of the Mind.pdf
[2013/06/17 21:10:47 | 001,103,954 | ---- | C] () -- C:\Users\i7-2600\Desktop\Card, Orson Scott - Ender's Saga 3 - Xenocide.pdf
[2013/06/17 21:10:05 | 000,565,796 | ---- | C] () -- C:\Users\i7-2600\Desktop\Card, Orson Scott - Ender's Saga 3 - Xenocide.lit
[2013/06/17 21:10:05 | 000,498,966 | ---- | C] () -- C:\Users\i7-2600\Desktop\Card, Orson Scott - Ender's Saga 5 - Ender's Shadow.lit
[2013/06/17 21:10:05 | 000,437,570 | ---- | C] () -- C:\Users\i7-2600\Desktop\Card, Orson Scott - Ender's Saga 4 - Children of the Mind.lit
[2013/06/14 11:31:40 | 000,588,097 | ---- | C] () -- C:\Users\i7-2600\Desktop\WWtalk 6-1-13.pdf
[2013/06/12 18:40:50 | 001,023,788 | ---- | C] () -- C:\Users\i7-2600\Desktop\_thenapierbook Followers 2013-06-12.csv
[2013/06/06 00:26:12 | 000,438,637 | ---- | C] () -- C:\Users\i7-2600\Desktop\Speaker for the Dead - Orson Scott Card.epub
[2013/06/06 00:26:10 | 000,630,460 | ---- | C] () -- C:\Users\i7-2600\Desktop\Speaker for the Dead - Orson Scott Card.mobi
[2013/06/05 16:44:03 | 006,547,330 | ---- | C] () -- C:\Users\i7-2600\Desktop\130604 Ronn present moment.mp3
[2013/06/05 15:48:30 | 420,141,893 | ---- | C] () -- C:\Users\i7-2600\Desktop\Brian L 130605 the infinite depth of reality.mp4
[2013/06/03 18:23:06 | 000,002,896 | ---- | C] () -- C:\{46686752-F6C6-42B4-BF07-91A092A8A418}
[2013/06/03 18:21:58 | 000,002,904 | ---- | C] () -- C:\{13C87B9C-8A18-47DA-8246-B7E787C6CCBA}
[2013/06/03 11:00:43 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013/06/03 10:59:45 | 000,003,616 | ---- | C] () -- C:\{862FBEC2-2D69-455D-896B-9BD26618FF23}
[2013/06/02 21:28:45 | 101,497,553 | ---- | C] () -- C:\Users\i7-2600\Desktop\chilipepper_fall2003.m4v
[2013/06/01 08:55:03 | 000,019,934 | ---- | C] () -- C:\Users\i7-2600\Desktop\IMG_01062013_085421.png
[2013/06/01 08:54:41 | 000,922,989 | ---- | C] () -- C:\Users\i7-2600\Desktop\global-warming-projections-off-the-cuff.jpg
[2013/04/24 09:45:08 | 000,113,224 | ---- | C] () -- C:\Users\i7-2600\g2ax_customer_downloadhelper_win32_x86.exe
[2013/04/19 12:10:31 | 000,000,072 | ---- | C] () -- C:\Windows\ANS2000.INI
[2013/04/19 12:10:31 | 000,000,020 | -H-- | C] () -- C:\Windows\akebook.ini
[2013/04/19 12:10:31 | 000,000,004 | -H-- | C] () -- C:\Windows\a3kebook.ini
[2013/03/08 06:17:39 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013/03/08 06:17:39 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2013/01/23 15:28:35 | 000,000,017 | ---- | C] () -- C:\Users\i7-2600\AppData\Local\resmon.resmoncfg
[2012/10/29 13:09:28 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/10/29 13:09:28 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/10/29 13:09:28 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/10/29 13:09:28 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/10/29 13:09:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/10/11 17:28:51 | 000,000,242 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/10/11 17:28:51 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/10/11 17:28:17 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/10/11 17:28:17 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/10/11 17:26:43 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/10/11 14:06:05 | 000,061,304 | ---- | C] () -- C:\Users\i7-2600\g2mdlhlpx.exe
[2012/10/10 16:07:20 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/10/09 19:28:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/10/09 19:25:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012/09/26 09:35:31 | 000,011,776 | ---- | C] () -- C:\Users\i7-2600\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/25 10:32:25 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2012/09/24 06:14:59 | 000,002,158 | ---- | C] () -- C:\Users\i7-2600\AppData\Roaming\SAS7_000.DAT
[2012/09/16 12:36:40 | 000,000,361 | ---- | C] () -- C:\Windows\GearBox.ini
[2012/09/16 10:33:22 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/11 22:23:13 | 000,001,456 | ---- | C] () -- C:\Users\i7-2600\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012/09/10 08:17:39 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/09/10 00:41:35 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/09/09 23:53:44 | 000,044,881 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/09/09 23:46:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/09/09 23:46:48 | 000,030,672 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >

#9 asexymind

New Member

Authentic Member
7 posts

Posted 30 June 2013 - 11:37 PM

The only Symptoms i am having are 1. the sweetpacks tabs opens whenever I open google chrome 2. google chrome does not accept my changes when I attempt to change my default open pages. I change them, delete sweetpacks, close chrome. when I open Chrome again, sweetpacks is back and auto opens its tab.

#10 OCD

SuperHelper

Malware Team
5,574 posts

Posted 30 June 2013 - 11:43 PM

Hi asexymind,

1. Delete cache and other browser data in Chrome

Click the Chrome menu on the browser toolbar.
Select Tools.
Select Clear browsing data.
In the dialogue that appears, select the highlighted check-boxes for the types of information that you want to remove.
- Clear browsing history
- Clear download history
- Empty the cache
- Delete cookies and other site and plug-in data
- Clear saved passwords
- Clear saved Autofill form data
- Clear data from hosted apps
- Deauthorize content licenses
Use the menu at the top to select the amount of data that you want to delete. Select beginning of time to delete everything.
Click Clear browsing data.

=========================

Any change?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#11 OCD

SuperHelper

Malware Team
5,574 posts

Posted 04 July 2013 - 11:10 AM

Hi asexymind,

Just checking in to see if you still need help?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#12 OCD

SuperHelper

Malware Team
5,574 posts

Posted 06 July 2013 - 07:57 PM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

Body Background

skin color theme