Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Various programs installed; computer not running good performance


  • This topic is locked This topic is locked
10 replies to this topic

#1 cburson1112

cburson1112

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 04 January 2014 - 10:26 AM

Various programs installed; computer not running good performance

OTL

OTL logfile created on: 1/4/2014 10:09:05 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ChristiB\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.45 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 42.55% Memory free
3.65 Gb Paging File | 1.53 Gb Available in Paging File | 41.95% Paging File free
Paging file location(s): c:\pagefile.sys 200 2998 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.93 Gb Total Space | 312.02 Gb Free Space | 68.44% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 405.33 Gb Free Space | 43.51% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIB-PC | User Name: ChristiB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\ChristiB\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\ChristiB\Downloads\HiJackThis.exe (Trend Micro Inc.)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe (Apple Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe (RealNetworks, Inc.)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft MapPoint 2011\StreetsOlkShim.exe (Microsoft)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\31.0.1650.63\libegl.dll ()
MOD - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ()
MOD - C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Microsoft Office\Office14\OUTLCTL.DLL ()
MOD - C:\Windows\System32\wxvault.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (CAATT) -- C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe /n CAATT File not found
SRV - (ATTRcAppSvc) -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe /n ATTRcAppSvc File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (Web Assistant Updater) -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
SRV - (DTSRVC) -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
SRV - (SMManager) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe (IDT, Inc.)
SRV - (dcpsysmgrsvc) -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)
SRV - (PdiService) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)
SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (buttonsvc32) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (LBTServ) -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (tcpipBM) -- C:\Windows\system32\drivers\tcpipBM.sys File not found
DRV - (PCTINDIS5) -- C:\Windows\system32\PCTINDIS5.SYS File not found
DRV - (NvtSp50) -- System32\Drivers\NvtSp50.sys File not found
DRV - (MpKsled7b911f) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{839E37A1-6B14-45E1-A06B-DF2AC1E063AE}\MpKsled7b911f.sys File not found
DRV - (MpKslcde7d9f5) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5414B5DA-1541-4075-AF39-38D77F94074E}\MpKslcde7d9f5.sys File not found
DRV - (MpKslbc4c2182) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FE612EBE-E197-48DD-959D-72CA3B283B47}\MpKslbc4c2182.sys File not found
DRV - (MpKsl9332f2a5) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FE612EBE-E197-48DD-959D-72CA3B283B47}\MpKsl9332f2a5.sys File not found
DRV - (MpKsl9113aa39) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8A99B91A-1326-4886-BF89-BBA3122128AF}\MpKsl9113aa39.sys File not found
DRV - (MpKsl8d329cfd) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FE612EBE-E197-48DD-959D-72CA3B283B47}\MpKsl8d329cfd.sys File not found
DRV - (MpKsl6baef586) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C71B285-904C-4FD6-AC89-B2DDDC12CC57}\MpKsl6baef586.sys File not found
DRV - (MpKsl575be974) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C0D7941C-B1EF-4971-8F58-F4397E782FEF}\MpKsl575be974.sys File not found
DRV - (MpKsl49c395f4) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5CE8F995-C65E-4E0C-A503-A1521A11F009}\MpKsl49c395f4.sys File not found
DRV - (MpKsl315d7f7b) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC67A18E-AF96-4B94-B9E9-371F0114F100}\MpKsl315d7f7b.sys File not found
DRV - (MpKsl063bae14) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC1B7ACA-0E24-4F17-9420-C3641F3C3463}\MpKsl063bae14.sys File not found
DRV - (MpKsl054aed27) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{36FC2FDB-22BF-450F-AF6A-1E513DF3CB2C}\MpKsl054aed27.sys File not found
DRV - (lmimirr) -- system32\DRIVERS\lmimirr.sys File not found
DRV - (catchme) -- C:\Users\ChristiB\AppData\Local\Temp\catchme.sys File not found
DRV - (BMLoad) -- system32\drivers\BMLoad.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (FNETTHJM_152D) -- C:\Windows\System32\drivers\fnetthjm_152D.sys (FNet Co., Ltd.)
DRV - (e1yexpress) -- C:\Windows\System32\drivers\e1y6232.sys (Intel Corporation)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (vpcuxd) -- C:\Windows\System32\drivers\vpcuxd.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (Leapfrog-USBLAN) -- C:\Windows\System32\drivers\btblan.sys (Belcarra Technologies)
DRV - (SSLDrv) -- C:\Windows\System32\drivers\SSLDrv.sys (Cavium Networks)
DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (USBPNPA) -- C:\Windows\System32\drivers\CM108.sys (C-Media Electronics Inc)
DRV - (SWNC8U12) -- C:\Windows\System32\drivers\swnc8u12.sys (Sierra Wireless Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (WavxDMgr) -- C:\Windows\System32\drivers\WavxDMgr.sys (Wave Systems Corp.)
DRV - (swumx12) -- C:\Windows\System32\drivers\swumx12.sys (Sierra Wireless Inc.)
DRV - (PdiPorts) -- C:\Windows\System32\drivers\PdiPorts.sys (Portrait Displays, Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (acpials) -- C:\Windows\System32\drivers\acpials.sys (Microsoft Corporation)
DRV - (rixdpcie) -- C:\Windows\System32\drivers\rixdpe86.sys (REDC)
DRV - (rimspci) -- C:\Windows\System32\drivers\rimspe86.sys (REDC)
DRV - (risdpcie) -- C:\Windows\System32\drivers\risdpe86.sys (REDC)
DRV - (cvusbdrv) -- C:\Windows\System32\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV - (PBADRV) -- C:\Windows\System32\drivers\PBADRV.sys (Dell Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{2F2C6E1F-FD1F-4A7E-838D-17A8F5231706}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7102}: "URL" = http://search.jzip.c...q={searchTerms}
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\ChristiB\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://rllogin.wal-...me/default.aspx
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {19747E20-062B-4A42-A97E-D231A90BE1D7}
IE - HKCU\..\SearchScopes\{19747E20-062B-4A42-A97E-D231A90BE1D7}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Conduit Search"
FF - prefs.js..browser.startup.homepage: "http://search.condui...A7CA7720&SSPV="
FF - prefs.js..extensions.enabledAddons: %7B6e84150a-d526-41f1-a480-a67d3fed910d%7D:1.5.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.update: false
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\ChristiB\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\ChristiB\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ChristiB\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ChristiB\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/15 15:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/06/05 17:11:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/26 14:03:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/26 14:03:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/19 19:19:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/18 12:01:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/15 15:04:42 | 000,000,000 | ---D | M]
 
[2012/06/22 12:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ChristiB\AppData\Roaming\Mozilla\Extensions
[2014/01/04 09:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ChristiB\AppData\Roaming\Mozilla\Firefox\Profiles\ba9i760v.default\extensions
[2014/01/02 18:00:11 | 000,000,000 | ---D | M] (Value Apps) -- C:\Users\ChristiB\AppData\Roaming\Mozilla\Firefox\Profiles\ba9i760v.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}
[2012/06/08 09:45:59 | 000,000,000 | ---D | M] (wxDfast) -- C:\Users\ChristiB\AppData\Roaming\Mozilla\Firefox\Profiles\ba9i760v.default\extensions\4fce8fe742a1f@4fce8fe742a58.info
[2013/01/26 15:00:59 | 000,003,958 | ---- | M] () (No name found) -- C:\Users\ChristiB\AppData\Roaming\Mozilla\Firefox\Profiles\ba9i760v.default\extensions\{062c9079-db58-4492-8589-ca90cd00a2d1}.xpi
[2013/03/24 20:09:53 | 000,111,028 | ---- | M] () (No name found) -- C:\Users\ChristiB\AppData\Roaming\Mozilla\Firefox\Profiles\ba9i760v.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi
[2014/01/04 09:21:40 | 000,000,861 | ---- | M] () -- C:\Users\ChristiB\AppData\Roaming\Mozilla\Firefox\Profiles\ba9i760v.default\searchplugins\conduit-search.xml
[2012/06/05 17:11:15 | 000,002,203 | ---- | M] () -- C:\Users\ChristiB\AppData\Roaming\Mozilla\Firefox\Profiles\ba9i760v.default\searchplugins\MyStart Search.xml
[2013/06/19 19:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/06/19 19:18:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
[2013/06/19 19:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/19 19:19:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/23 20:36:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2013/12/23 20:36:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
[2013/12/23 20:36:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2013/12/23 20:37:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/26 14:02:30 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011/03/23 06:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchquWebSearch.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00C2\u2122 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\ChristiB\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\ChristiB\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Google Docs = C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Bookmark Sentry (scanner) = C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga\1.7.18_0\
CHR - Extension: wxDfast = C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgheeokdipjeglcbeilamhlkegaiponb\1.0_0\
CHR - Extension: YouTube = C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Web Assistant = C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.439_0\
CHR - Extension: iCloud Bookmarks = C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah\1.2.12_0\
CHR - Extension: RealDownloader = C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: Value apps = C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\
CHR - Extension: Google Wallet = C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/01/04 09:25:51 | 000,449,836 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll File not found
O3 - HKLM\..\Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Cm108Sound] RunDll32 cm108.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon] C:\Users\ChristiB\AppData\Roaming\ValueApps\CH\TBVerifier.dll (Conduit Ltd.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpUninstallCleanUp] REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f File not found
O4 - Startup: C:\Users\ChristiB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Export to Microsoft Excel - res://C:\Program Files\Microsoft Office\OFFICE12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: 1sync.org ([item.prod] https in Trusted sites)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: dns-ok.us ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: dns-ok.us ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: doesntexist.com ([fishinco] https in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: gotomeeting.com ([www1] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ieframe.dll ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: imdb.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: logmein.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: metrolyrics.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: npr.org ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: pandora.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: pandora.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: showmypc.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: showmypc.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: signupsecurity.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: wal-mart.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: wal-mart.com ([coman] https in Trusted sites)
O15 - HKCU\..Trusted Domains: wal-mart.com ([retaillink] https in Trusted sites)
O15 - HKCU\..Trusted Domains: wal-mart.com ([rllogin] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {19DFFB5D-E30A-4E3B-8524-0AD8F4D88D32} https://fishinco.doe...com/XTunnel.cab (VPLaunch Class)
O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} https://fishinco.doe...acheCleaner.cab (WebCacheCleaner Class)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.c...stem/iCloud.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29465F31-6103-4BD7-B2E6-6C1F1FD0ABC1}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36C51CBC-060C-48AE-ACDA-7D1F0DCF4383}: DhcpNameServer = 172.16.206.215 172.16.206.215
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{790B665E-3AD4-4D0E-9DBF-6C4692B10A23}: NameServer = 172.16.206.215 172.16.206.215
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD12F98D-1D60-45EC-99A6-686024840D22}: NameServer = 172.16.206.215 172.16.206.215
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCE835DB-CE42-49B0-9139-6FD2562B548E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/02 18:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2014/01/02 18:00:16 | 000,000,000 | ---D | C] -- C:\Users\ChristiB\AppData\Roaming\ValueApps
[2014/01/02 17:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter
[2014/01/02 17:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\InstallConverter
[2013/12/16 14:11:04 | 000,000,000 | ---D | C] -- C:\Users\ChristiB\AppData\Local\{EB3A4E83-FC3D-4514-94E0-D379D4D37336}
[2013/12/12 14:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013/12/12 03:05:25 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/12/12 03:05:25 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/12/12 03:05:24 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/12/12 03:05:24 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/12/12 03:05:24 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2013/12/12 03:05:23 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/12/12 03:05:23 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2013/12/12 03:05:23 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/12/12 03:05:23 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/12/12 03:05:22 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/12/12 03:05:22 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2013/12/12 03:05:22 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2013/12/12 03:05:20 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/12/12 03:05:18 | 004,243,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/12/12 03:01:28 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013/12/11 03:08:44 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013/12/11 03:08:43 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/12/11 03:08:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/12/11 03:08:39 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/12/11 03:08:39 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013/12/11 03:08:38 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/04 10:06:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2009092001-3919513084-3943380105-1000UA.job
[2014/01/04 09:58:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/04 09:25:51 | 000,449,836 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/01/04 09:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/04 09:15:08 | 000,020,720 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/04 09:15:08 | 000,020,720 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/04 09:12:27 | 000,369,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/04 09:12:27 | 000,061,900 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/04 09:09:47 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/04 09:09:45 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2014/01/04 09:08:02 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2014/01/04 09:08:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2009092001-3919513084-3943380105-1000Core.job
[2014/01/04 09:07:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/04 09:07:49 | 2780,745,728 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/03 13:47:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2014/01/03 10:45:57 | 000,352,256 | ---- | M] () -- C:\Users\ChristiB\Documents\Christi iCloud Calendar.mdb
[2014/01/03 10:45:57 | 000,000,028 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/01/03 10:45:35 | 000,013,044 | ---- | M] () -- C:\Users\ChristiB\AppData\Roaming\Microsoft Access 97-2003.CAL
[2014/01/02 17:59:38 | 000,001,916 | ---- | M] () -- C:\Users\Public\Desktop\InstallConverter.lnk
[2013/12/29 16:40:02 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/12/29 16:40:02 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/12/27 11:21:27 | 000,027,872 | ---- | M] () -- C:\Windows\UninstallVTPassage.exe
[2013/12/27 11:21:27 | 000,018,656 | ---- | M] (Cavium Networks) -- C:\Windows\ssldrv.sys
[2013/12/27 11:21:27 | 000,010,670 | ---- | M] () -- C:\Windows\ssldrv.cat
[2013/12/24 06:12:30 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/17 13:59:43 | 000,195,837 | ---- | M] () -- C:\Users\ChristiB\Documents\HoJo Receipt.pdf
[2013/12/12 03:23:03 | 000,465,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/12/12 03:05:39 | 004,243,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/12/12 03:05:39 | 001,928,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/12/12 03:05:39 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2013/12/12 03:05:39 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/12/12 03:05:39 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2013/12/12 03:05:39 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2013/12/12 03:05:39 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/12/12 03:05:39 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2013/12/12 03:05:38 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/12/12 03:05:38 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/12/12 03:05:38 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/12/12 03:05:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/12/12 03:05:38 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/12/12 03:05:38 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/12/12 03:04:51 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013/12/12 03:04:48 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/12/12 03:04:44 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/12/12 03:04:35 | 002,349,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/12/12 03:01:39 | 012,625,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013/12/09 07:34:55 | 000,031,107 | ---- | M] () -- C:\Users\ChristiB\Desktop\Twila Heart of Christmas.png
[2013/12/05 20:14:02 | 000,206,762 | ---- | M] () -- C:\Users\ChristiB\Desktop\Charter Speed  Test 12-05-13.png
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/01/03 10:45:01 | 000,013,044 | ---- | C] () -- C:\Users\ChristiB\AppData\Roaming\Microsoft Access 97-2003.CAL
[2014/01/03 10:44:52 | 000,352,256 | ---- | C] () -- C:\Users\ChristiB\Documents\Christi iCloud Calendar.mdb
[2014/01/02 17:59:38 | 000,001,916 | ---- | C] () -- C:\Users\Public\Desktop\InstallConverter.lnk
[2013/12/17 13:59:43 | 000,195,837 | ---- | C] () -- C:\Users\ChristiB\Documents\HoJo Receipt.pdf
[2013/12/09 07:34:55 | 000,031,107 | ---- | C] () -- C:\Users\ChristiB\Desktop\Twila Heart of Christmas.png
[2013/12/05 20:14:02 | 000,206,762 | ---- | C] () -- C:\Users\ChristiB\Desktop\Charter Speed  Test 12-05-13.png
[2013/09/04 09:05:33 | 000,102,248 | ---- | C] () -- C:\Users\ChristiB\GoToAssistDownloadHelper.exe
[2013/05/16 09:11:00 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/12/24 14:23:41 | 000,552,960 | -H-- | C] () -- C:\Windows\System32\Cmeau108.exe
[2012/12/24 14:23:41 | 000,143,360 | -H-- | C] () -- C:\Windows\Vmix108.dll
[2012/12/24 14:23:41 | 000,000,237 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2012/12/24 14:23:38 | 000,303,104 | -H-- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2012/12/24 14:23:38 | 000,007,055 | ---- | C] () -- C:\Windows\Cm108.ini.imi
[2012/12/24 14:23:38 | 000,002,029 | -H-- | C] () -- C:\Windows\Cm108.ini.cfg
[2012/12/24 14:23:37 | 000,001,151 | -H-- | C] () -- C:\Windows\_cm108.ini
[2012/12/24 14:23:37 | 000,001,102 | -H-- | C] () -- C:\Windows\cm108.ini
[2012/07/30 12:34:17 | 000,130,890 | ---- | C] () -- C:\Windows\hpoins18.dat
[2012/07/10 19:07:22 | 000,000,600 | ---- | C] () -- C:\Users\ChristiB\PUTTY.RND
[2012/06/22 13:26:24 | 000,005,115 | ---- | C] () -- C:\Windows\wininit.ini
[2012/06/22 12:54:35 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/06/05 17:16:30 | 000,000,953 | ---- | C] () -- C:\Users\ChristiB\wxDownloadFast.ini
[2012/05/04 08:12:31 | 000,038,438 | ---- | C] () -- C:\Users\ChristiB\AppData\Roaming\Comma Separated Values (DOS).ADR
[2012/05/04 08:10:16 | 000,011,413 | ---- | C] () -- C:\Users\ChristiB\AppData\Roaming\Comma Separated Values (DOS).TSK
[2012/05/03 15:01:40 | 000,012,964 | ---- | C] () -- C:\Users\ChristiB\AppData\Roaming\Comma Separated Values (DOS).CAL
[2011/07/07 11:14:37 | 000,012,963 | ---- | C] () -- C:\Users\ChristiB\AppData\Roaming\Microsoft Excel 97-2003.CAL
[2011/03/14 07:42:42 | 000,000,600 | ---- | C] () -- C:\Users\ChristiB\AppData\Local\PUTTY.RND
[2010/12/26 17:12:39 | 000,022,711 | ---- | C] () -- C:\Users\ChristiB\Resetting Belkin Router.pdf
[2010/11/02 10:25:31 | 000,038,502 | ---- | C] () -- C:\Users\ChristiB\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010/02/20 11:14:29 | 000,039,019 | ---- | C] () -- C:\Users\ChristiB\AppData\Roaming\Comma Separated Values (Windows).ADR
[2010/02/13 08:35:41 | 000,007,605 | ---- | C] () -- C:\Users\ChristiB\AppData\Local\resmon.resmoncfg
[2010/02/08 17:02:05 | 000,000,000 | ---- | C] () -- C:\Users\ChristiB\AppData\Local\WavXMapDrive.bat
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/09/11 02:03:41 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/11/30 13:19:35 | 000,000,000 | ---D | M] -- C:\Users\ChristiB\AppData\Roaming\.minecraft
[2013/03/24 21:05:32 | 000,000,000 | ---D | M] -- C:\Users\ChristiB\AppData\Roaming\Azureus
[2010/02/08 17:02:04 | 000,000,000 | ---D | M] -- C:\Users\ChristiB\AppData\Roaming\Broadcom
[2010/10/22 06:37:02 | 000,000,000 | ---D | M] -- C:\Users\ChristiB\AppData\Roaming\Bytemobile
[2012/11/12 16:31:07 | 000,000,000 | ---D | M] -- C:\Users\ChristiB\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/09/19 11:48:44 | 000,000,000 | ---D | M] -- C:\Users\ChristiB\AppData\Roaming\Decipher Media
[2011/12/21 14:07:37 | 000,000,000 | ---D | M] -- C:\Users\ChristiB\AppData\Roaming\DisplayTune
[2010/10/29 09:02:53 | 000,000,000 | ---D | M] -- C:\Users\ChristiB\AppData\Roaming\Leadertech
[2010/11/22 16:46:48 | 000,000,000 | ---D | M] -- C:\Users\ChristiB\AppData\Roaming\NetDrive
[2012/12/21 17:54:50 | 000,000,000 | ---D | M] -- C:\Users\ChristiB\AppData\Roaming\OpenCandy
[2012/05/10 06:30:51 | 000,000,000 | ---D | M] -- C:\Users\ChristiB\AppData\Roaming\OpenOffice.org
[2011/03/13 15:41:01 | 000,000,000 | ---D | M] -- C:\Users\ChristiB\AppData\Roaming\TightVNC
[2014/01/02 18:00:16 | 000,000,000 | ---D | M] -- C:\Users\ChristiB\AppData\Roaming\ValueApps
[2010/02/08 17:02:05 | 000,000,000 | ---D | M] -- C:\Users\ChristiB\AppData\Roaming\Wave Systems Corp
[2012/08/17 09:06:35 | 000,000,000 | ---D | M] -- C:\Users\ChristiB\AppData\Roaming\webex
[2010/12/04 13:56:29 | 000,000,000 | ---D | M] -- C:\Users\ChristiB\AppData\Roaming\WindSolutions
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2009/07/13 20:07:10 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\PolicyDefinitions\en-US\Explorer.adml
[2009/07/13 20:07:10 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\x86_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_22d6d5b5cba907ce\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009/06/10 15:34:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
[2009/06/10 15:34:46 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\x86_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_1590ffd752297581\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2010/02/02 21:53:02 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010/02/02 21:53:05 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/02/02 21:53:05 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2010/02/02 21:53:02 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2009/07/13 20:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/13 20:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_05c8dd40d4f56065\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE-D5E97654.PF  >
[2014/01/04 09:11:08 | 000,099,384 | ---- | M] () MD5=8F680328BCE127E3F1D4871D84EF184A -- C:\Windows\Prefetch\EXPLORER.EXE-D5E97654.pf
 
< MD5 for: IEXPLORE.EXE  >
[2012/06/14 02:01:14 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=0129BB16161C2FD9A6B19111AB047198 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_b12560b1c817cfde\iexplore.exe
[2013/06/12 02:00:55 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=07DFD28E57879554D054464EE4A5662D -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_ba6545dc65e543de\iexplore.exe
[2010/09/07 22:36:39 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=14803EA3E5DD7CB37CB446C74CFDA38F -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_b3c5cc459f4108f2\iexplore.exe
[2012/09/22 02:01:00 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_b1148f09c82553c5\iexplore.exe
[2012/05/17 16:59:46 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=268982F1FD671A077C6A2AF41E351436 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_b19f2c1ee1420ce6\iexplore.exe
[2012/11/16 03:01:46 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_b119907bc820d278\iexplore.exe
[2013/06/11 22:41:27 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=2A5F565327BFD679EC5F790DC15BBF25 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_a38ffdc27f91d847\iexplore.exe
[2009/07/13 19:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_b346f9b4861b55c2\iexplore.exe
[2013/07/11 02:06:58 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=30E7CA4620500FE012EB464F0E1DE91E -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_ba672fa865e3902d\iexplore.exe
[2013/04/11 02:03:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_b104f0edc83023b1\iexplore.exe
[2012/07/11 05:45:22 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_b12660fbc816e935\iexplore.exe
[2013/09/11 02:04:24 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=37287D98A1BF5D56AA729CEB9B27C6B1 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_ba6c1a5265df2881\iexplore.exe
[2013/05/16 19:57:28 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=3902E280F6117A468D5573343A7AA1F6 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_a38c5d6c7f953fa9\iexplore.exe
[2013/05/15 02:07:42 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=3F00BE80B9CEA20B7FE7363D15EDDB94 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16483_none_b0f72023c83af39d\iexplore.exe
[2013/02/21 22:10:31 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=4145E2B5663F6FACC08EFDB17B658BB2 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_b183bdcce155df6c\iexplore.exe
[2013/08/09 23:13:42 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=48A1306191216997F717C451B8D15139 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_a394d1a47f8d8a3c\iexplore.exe
[2010/11/03 23:54:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=58CF468D3FF4CF830339FE5E45356355 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_b3987f3a85deec23\iexplore.exe
[2010/09/07 22:31:24 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=61EDBCE47ADF3E52AB0B9F49EE4AEBB8 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_b34dce2a8616cbea\iexplore.exe
[2012/08/24 01:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_b1a52ddae13ca4f0\iexplore.exe
[2013/02/14 03:03:36 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_b10dc045c829d512\iexplore.exe
[2010/11/03 23:54:59 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6B2258FF6D2332073FE9E90122FA4168 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_b402ac8b9f13f917\iexplore.exe
[2013/08/15 02:01:22 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=7BA1862B8A5698DC5FCFDFF3BC359DE9 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_ba6aa26e65e05c0d\iexplore.exe
[2011/06/01 17:43:47 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_b135ff17c80c1949\iexplore.exe
[2010/12/17 23:32:25 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=9321CF0D023528C71E3645F8433C86C8 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_b3e23cc79f2c4cea\iexplore.exe
[2012/08/16 02:01:13 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_b1276145c816028c\iexplore.exe
[2013/10/12 01:16:06 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=9DFE1678738DD968D7BA5559B52706D1 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_a384a5267f9a8dfe\iexplore.exe
[2013/02/01 22:19:03 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=A285E1965C115031DA02B777EE9D7689 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_b17dbc10e15b4762\iexplore.exe
[2010/12/17 23:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AA08B68EF4E35EFA170CF85A44B23B70 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_b384dff685ed56b3\iexplore.exe
[2013/05/25 02:01:35 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_ba75e9f465d7f339\iexplore.exe
[2011/02/23 23:45:11 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AB2BB40A5FE49AD236791AC22BD08869 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_b42a203b9ef553cc\iexplore.exe
[2009/04/20 12:56:28 | 000,031,232 | ---- | M] (NirSoft) MD5=AE72E8619CB31D84DA25E2435E55003C -- C:\cf\iexplore.exe
[2012/12/13 03:03:24 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=B201AF83DF2E85323E29EB83E4046810 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_b11b910fc81f0526\iexplore.exe
[2012/06/02 02:51:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=BE967C74B89577B78FB57C061E12B04C -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_b1a12cb2e1403f94\iexplore.exe
[2013/04/04 15:55:02 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=C036AB1ED8BAC04FE4A349BA263077BB -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20593_none_b175ed02e160af58\iexplore.exe
[2012/11/15 21:08:47 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=C0BA71C1B3FB6E3DD432FF3CCAEBDC62 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20565_none_b1985d5ae1468e33\iexplore.exe
[2010/11/20 06:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_b5780d7c8309d95c\iexplore.exe
[2011/02/23 23:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C6697A46554E36541E81182B258A19D6 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_b35da16e860a2bd3\iexplore.exe
[2013/11/26 03:01:16 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/11/26 03:01:16 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_1eeed3e40a768844\iexplore.exe
[2012/10/08 02:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_b1955c7ce149422e\iexplore.exe
[2013/10/09 02:07:22 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=D6B7DDB68436F13C3CAE2B92524F1FEC -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_ba5bba9265ec2c43\iexplore.exe
[2013/11/14 03:03:41 | 000,770,736 | ---- | M] (Microsoft Corporation) MD5=D7D5768B8A697FCBAEE2CFE137070F02 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_ba5c48f465ebc5bf\iexplore.exe
[2013/09/22 18:01:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=DB352EBF77E8655E0C46B6923F3C9950 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_a38444547f9ac140\iexplore.exe
[2013/03/14 02:01:31 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=DDE5A0DFAF7C6370FB36402D7A746ED3 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_b0feef31c8358ba7\iexplore.exe
[2013/07/25 23:09:39 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=E70D60B3A350BD09D86CDAD9CF55F36B -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_a39175a67f90a4bb\iexplore.exe
[2012/06/28 17:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_b1a22cfce13f58eb\iexplore.exe
[2013/01/08 15:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_b18b8cdae1507776\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2013/11/26 03:01:16 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/11/26 03:01:16 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_189b695b4223c92b\iexplore.exe.mui
[2011/06/01 17:43:47 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_aae2948effb95a30\iexplore.exe.mui
[2013/05/25 02:01:35 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_b41defe19d893548\iexplore.exe.mui
[2009/07/13 20:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_acf38f2bbdc896a9\iexplore.exe.mui
[2009/07/13 20:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_af24a2f3bab71a43\iexplore.exe.mui
 
< MD5 for: IEXPLORE.EXE-058FE8F5.PF  >
[2014/01/04 09:55:31 | 000,175,390 | ---- | M] () MD5=E098066AB45E1B4BA780555F67EDF0F8 -- C:\Windows\Prefetch\IEXPLORE.EXE-058FE8F5.pf
 
< MD5 for: SERVICES  >
[2009/06/10 15:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 15:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 19:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 19:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009/07/13 20:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/13 20:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/13 22:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 22:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 15:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 15:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 14:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 14:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
 
< MD5 for: SERVICES.RDB  >
[2012/08/13 10:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
[2012/08/13 10:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files\OpenOffice.org 3\program\services.rdb
[2012/08/10 15:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
 
< MD5 for: SERVICES.SBS  >
[2013/07/16 12:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs
 
< MD5 for: WINLOGON.ADML  >
[2009/07/13 20:05:00 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\PolicyDefinitions\en-US\WinLogon.adml
[2009/07/13 20:05:00 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_94da67ab3e358f3a\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009/06/10 15:43:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
[2009/06/10 15:43:18 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_7ae3b2e5da95d117\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/27 23:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 06:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 06:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 19:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2010/11/20 06:12:53 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=65C2C2EE8F334EE07F66876551DE1827 -- C:\Windows\System32\en-US\winlogon.exe.mui
[2010/11/20 06:12:53 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=65C2C2EE8F334EE07F66876551DE1827 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_ccfffb7662588b45\winlogon.exe.mui
[2009/07/13 20:05:28 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=DB61D28A59DEE68F77811B291D83AD1B -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_cacee7ae656a07ab\winlogon.exe.mui
 
< MD5 for: WINLOGON.MFL  >
[2009/07/13 20:09:40 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\System32\wbem\en-US\winlogon.mfl
[2009/07/13 20:09:40 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2891397980a26140\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009/07/13 14:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\System32\wbem\winlogon.mof
[2009/07/13 14:37:34 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_800f1ff3d73b72d9\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2011/02/15 11:36:30 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/05/04 04:36:09 | 000,020,580 | ---- | M] () -- C:\1020.log
[2009/06/10 15:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 15:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/02/02 21:54:56 | 000,004,906 | RH-- | M] () -- C:\dell.sdr
[2014/01/04 09:07:49 | 2780,745,728 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/22 13:28:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/03/29 12:09:59 | 1368,072,344 | ---- | M] () -- C:\MP2011.exe
[2012/06/22 13:28:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/09/02 10:00:18 | 000,164,940 | ---- | M] () -- C:\ndsvc.log
[2014/01/04 09:07:55 | 209,715,200 | -HS- | M] () -- C:\pagefile.sys
[2012/03/15 09:12:44 | 000,000,510 | ---- | M] () -- C:\settings.ini
[2012/06/05 17:11:40 | 000,000,454 | ---- | M] () -- C:\user.js
 
< %systemroot%\Fonts\*.com >
[2009/07/13 22:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 15:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/13 19:15:26 | 000,280,064 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzppw71.dll
[2009/07/13 19:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2010/07/09 07:31:14 | 000,082,184 | ---- | M] (Microsoft Corporation.) -- C:\Windows\system32\spool\prtprocs\w32x86\lmdippr8.dll
[2010/11/20 06:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\winprint.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2012/03/08 17:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
[2013/01/26 15:15:03 | 000,001,702 | -HS- | M] () -- C:\Users\ChristiB\AppData\Roaming\Microsoft\LastFlashConfig.wfc
 
< %PROGRAMFILES%\*.* >
[2009/07/13 22:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2012/04/20 10:10:39 | 003,723,881 | ---- | M] () -- C:\Program Files\ShilohQuickSQL7617.xls
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is OS
 Volume Serial Number is 9434-A400
 Directory of C:\
07/13/2009  10:53 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/13/2009  10:53 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  10:53 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  10:53 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  10:53 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  10:53 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  10:53 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/13/2009  10:53 PM    <SYMLINKD>     All Users [C:\ProgramData]
07/13/2009  10:53 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/13/2009  10:53 PM    <JUNCTION>     Application Data [C:\ProgramData]
07/13/2009  10:53 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/13/2009  10:53 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/13/2009  10:53 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/13/2009  10:53 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009  10:53 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\ChristiB
02/08/2010  05:01 PM    <JUNCTION>     PrintHood [C:\Users\ChristiB\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/08/2010  05:01 PM    <JUNCTION>     Recent [C:\Users\ChristiB\AppData\Roaming\Microsoft\Windows\Recent]
02/08/2010  05:01 PM    <JUNCTION>     SendTo [C:\Users\ChristiB\AppData\Roaming\Microsoft\Windows\SendTo]
02/08/2010  05:01 PM    <JUNCTION>     Start Menu [C:\Users\ChristiB\AppData\Roaming\Microsoft\Windows\Start Menu]
02/08/2010  05:01 PM    <JUNCTION>     Templates [C:\Users\ChristiB\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\ChristiB\AppData\Local
02/08/2010  05:01 PM    <JUNCTION>     Application Data [C:\Users\ChristiB\AppData\Local]
02/08/2010  05:01 PM    <JUNCTION>     History [C:\Users\ChristiB\AppData\Local\Microsoft\Windows\History]
02/08/2010  05:01 PM    <JUNCTION>     Temporary Internet Files [C:\Users\ChristiB\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\ChristiB\Documents
02/08/2010  05:01 PM    <JUNCTION>     My Music [C:\Users\ChristiB\Music]
02/08/2010  05:01 PM    <JUNCTION>     My Pictures [C:\Users\ChristiB\Pictures]
02/08/2010  05:01 PM    <JUNCTION>     My Videos [C:\Users\ChristiB\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/13/2009  10:53 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009  10:53 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009  10:53 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/13/2009  10:53 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/13/2009  10:53 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009  10:53 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009  10:53 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009  10:53 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009  10:53 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009  10:53 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/13/2009  10:53 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/13/2009  10:53 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009  10:53 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/13/2009  10:53 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/13/2009  10:53 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/13/2009  10:53 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\iTunes Test
01/03/2013  03:19 PM    <JUNCTION>     Application Data [C:\Users\iTunes Test\AppData\Roaming]
01/03/2013  03:19 PM    <JUNCTION>     Cookies [C:\Users\iTunes Test\AppData\Roaming\Microsoft\Windows\Cookies]
01/03/2013  03:19 PM    <JUNCTION>     Local Settings [C:\Users\iTunes Test\AppData\Local]
01/03/2013  03:19 PM    <JUNCTION>     My Documents [C:\Users\iTunes Test\Documents]
01/03/2013  03:19 PM    <JUNCTION>     NetHood [C:\Users\iTunes Test\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/03/2013  03:19 PM    <JUNCTION>     PrintHood [C:\Users\iTunes Test\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/03/2013  03:19 PM    <JUNCTION>     Recent [C:\Users\iTunes Test\AppData\Roaming\Microsoft\Windows\Recent]
01/03/2013  03:19 PM    <JUNCTION>     SendTo [C:\Users\iTunes Test\AppData\Roaming\Microsoft\Windows\SendTo]
01/03/2013  03:19 PM    <JUNCTION>     Start Menu [C:\Users\iTunes Test\AppData\Roaming\Microsoft\Windows\Start Menu]
01/03/2013  03:19 PM    <JUNCTION>     Templates [C:\Users\iTunes Test\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\iTunes Test\AppData\Local
01/03/2013  03:19 PM    <JUNCTION>     Application Data [C:\Users\iTunes Test\AppData\Local]
01/03/2013  03:19 PM    <JUNCTION>     History [C:\Users\iTunes Test\AppData\Local\Microsoft\Windows\History]
01/03/2013  03:19 PM    <JUNCTION>     Temporary Internet Files [C:\Users\iTunes Test\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\iTunes Test\Documents
01/03/2013  03:19 PM    <JUNCTION>     My Music [C:\Users\iTunes Test\Music]
01/03/2013  03:19 PM    <JUNCTION>     My Pictures [C:\Users\iTunes Test\Pictures]
01/03/2013  03:19 PM    <JUNCTION>     My Videos [C:\Users\iTunes Test\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/13/2009  10:53 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/13/2009  10:53 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/13/2009  10:53 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              61 Dir(s)  334,913,576,960 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/04/22 06:16:49 | 000,000,221 | -HS- | M] () -- C:\Users\ChristiB\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-12-12 09:05:48
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:B7CDF4DB
 
< End of report >

OTL Extras logfile created on: 1/4/2014 10:09:05 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ChristiB\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.45 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 42.55% Memory free
3.65 Gb Paging File | 1.53 Gb Available in Paging File | 41.95% Paging File free
Paging file location(s): c:\pagefile.sys 200 2998 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.93 Gb Total Space | 312.02 Gb Free Space | 68.44% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 405.33 Gb Free Space | 43.51% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIB-PC | User Name: ChristiB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B24CA65-E03D-4382-9AE1-884AFA3E68C3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{0B4395EF-12C0-49D9-BB7F-7398A14774CA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{0FCB019A-5959-4394-B7C8-90A4719EB186}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{15FBFF16-8E75-4BD4-8FE2-5A5AD9184344}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1A13B4D9-0534-4D39-B6BD-46AFD0227C6F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{1CBE6B56-32A3-41B1-AF90-C8EBD3DFDD55}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1CBF01EB-AC5F-4A93-BDE5-F1138A2B9DC1}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1DBF12EF-80A8-41DE-B42A-09F75E6A6D8E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{254A58B9-0BC8-4D4E-991A-33C99FD1F241}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2C887E9E-518B-495A-9319-D6FE0C7D7986}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4227A9A3-37CF-4984-A22C-380E1A389AA8}" = rport=445 | protocol=6 | dir=out | app=system | 
"{476E9786-FBB5-44FA-88B6-1F81425C2520}" = lport=443 | protocol=6 | dir=in | app=system | 
"{4A0601B3-00CB-46CE-BDFD-B944EA5B61D0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4B656E7C-6370-4C5F-834C-CBFCD2231546}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{54C45645-7655-4E37-A3FA-6A867F2BEB1D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5FD08F27-E053-4661-B176-2CC7D6FBFE5B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{77936DC6-3ED0-41AB-9B63-5955297B1716}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7F8663CE-647A-41C4-B0FB-7630BE933ECD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8D313597-1446-4DE3-8FA8-5F7CA4570458}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{94D2C909-56BC-481F-9335-BBED0381FF92}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{95E2BFE6-6BD4-40F2-B078-6DA19B351CEB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9B494B0C-7638-481C-9301-723729FEE018}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A0F48C79-833B-498E-8A40-5213B31B160C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B9FB94C2-BCF3-4A81-AA8E-B382DC1F6ABF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{C21230A4-C2C1-44B0-8080-6C8A5D9E00E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CBF9942B-CDA8-4DB9-9DA7-6CE77F9FECAB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CD9B2669-0043-4CC6-BF4D-C578F4354326}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D86B7FBA-4607-4E77-BB05-3760F3E48207}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{DF4C7C65-D19D-4460-BCA7-A76A9130AFFA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{DF505D5C-C613-4792-B08A-DA8685EB06F4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E135B763-83E8-48F1-B06F-28123733A2AA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F0953EED-30D4-4140-8612-B8B11E411C15}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F2EA6C4C-490F-42CA-A563-02772046E994}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F42DBE64-E7C2-4828-9042-A8AAD3551AC3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F8814EC6-D833-4B76-B9BF-864924C98167}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F9BCFDC9-CA2F-4772-88F1-7E9CC843B37F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{FD4689FB-C2FB-413F-BCE1-D6C2E97F748E}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A562FE-C230-4FB4-BBC9-E0FCA4A89933}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{08EB1D3D-0300-4543-B1C1-ACD4A7AD72C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0BA766D2-7C18-4EE0-A340-6CC8C49D47EB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{0C36F3F7-264D-4A04-A589-B0D77AC1D0FF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{0F746589-E227-4D9A-9980-389B3B3928CB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{173B7E4F-D040-4D57-9875-95745F3080A8}" = protocol=6 | dir=in | app=f:\vuze downloads\azureus.exe | 
"{1754B462-64E7-4D24-BF18-F657C52ED950}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{180AEBEB-908E-4A43-AEE4-CCE00FED6F9E}" = protocol=6 | dir=in | app=c:\program files\macrodata inc\netdrive\ndsvc.exe | 
"{1931DCB8-22CC-4166-9464-472F19C1E3F5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1B94B7CD-0E26-4CE9-AFC9-07C2D316B49A}" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"{23CC44D0-6172-4C2E-9C66-2B354F39E635}" = protocol=17 | dir=in | app=c:\program files\macrodata inc\netdrive\ndsvc.exe | 
"{23EB098E-E5DE-4076-9FF4-588DE013F1EB}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{245A0EE2-1CD8-468E-99C0-A8AE554B2680}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{274E38DF-4B25-477A-A38C-3FBD4BC550BA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2A12B6BB-E8E9-46FD-839B-D86413922556}" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"{33139A05-705E-4D36-8EF3-598BFFBA990A}" = protocol=17 | dir=in | app=f:\vuze downloads\azureus.exe | 
"{36A7F1A1-7960-4B1F-A905-2C610BEB9357}" = protocol=17 | dir=in | app=f:\vuze downloads\azureus.exe | 
"{3D16FCBA-FB73-4394-A2F7-151DC6C70F80}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{40F9D9ED-E250-406D-8362-CAA6793CA87E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4385C0B0-768B-4BD3-9F3F-3D1219B9F5E8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{49D11CBA-E6E0-4F00-955A-322827FB645E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4E158E6C-7353-4BF0-AED9-1442AE434264}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{5411EF7A-5502-43C9-A95C-20DF9E22DA13}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{58383F55-0047-4CBC-A7FA-3329DCBD8989}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{59A3AD73-3A33-48DC-A9AA-EAFFE947AF4E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{59D39D3B-5ABF-40FD-A85C-B647AFDA2933}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5D035686-1C81-4DE4-8E08-FE98E75E003E}" = protocol=6 | dir=in | app=f:\appdata\microsoft office\office14\onenote.exe | 
"{6369F6E7-E90D-4E97-9AF2-901946A85531}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{6AF2B933-EF9B-46B2-9B1A-6F9D2C9ACCAC}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{70AA0C46-C2C1-43DB-AB75-425BC3062D62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{722DF62D-3069-40DB-AE24-A80A24182A03}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{73463A40-4182-4F62-9869-25EDD7F9C402}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{765B5A2D-D328-4F95-A86C-27E8AF05566F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{76683DD8-D1ED-4859-95FC-503D2D4AC95D}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{7B6B2F61-4111-453A-B0FF-B5C15F273836}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | 
"{7D629590-249C-483E-8C70-3A42724F3C7F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{815B323D-4C12-409E-ACA7-FE9D4014E83A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8BAB64F3-C731-45DA-A68A-C3C89C87AECF}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | 
"{8D71A413-D824-4BF3-854D-BD98267C8622}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{91A821CD-5904-4FDC-988E-D0C0886AF1F4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{95EE6A22-3784-4107-8E90-87DE905F8CA1}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{96714C7D-7D97-4C2A-BEF1-BF29156401B7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{9B5CDDF8-87C3-49B3-ACD8-B8ABA19965DD}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{A26673A6-78A1-4CD4-A962-06D0AC4706A4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe | 
"{A7831A8A-9F64-4E8A-AFD2-207E205B1BE6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{A89EA446-13B7-4C16-984B-0C6E4D704260}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{ABDA3000-9355-4509-82DA-B597B53D0A29}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{AC0ECC6A-FA14-49F9-A93B-6C8E52E2C505}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe | 
"{B03688BB-C2F3-42EC-9F32-53708246D716}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{B2248C32-9123-4385-99B9-A632AB32F35F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{B44DE955-5DFE-4F46-B112-D132272339BC}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{B7EF0FA4-2ECA-400E-ABA5-3D6577EF3431}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{B89BAAC4-4536-44D5-A55D-915F7983854D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BACB3FF8-9BAD-4222-B1D5-D489D5D8F8C6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BB67BF9D-37E1-4DE5-873D-3C29A8234D65}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BFA0CBD7-F157-421B-9541-18ADE04601D6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{C3EFE934-E064-4148-A5DD-A0D9D2F2EA0E}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{C89F2180-E055-431C-997E-3CEC2A5F5994}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CC32498A-54D3-49B9-BE67-4B06379D2950}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CEC0EEE5-ED88-4C2E-AA55-2C50061BF026}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{D025574C-E6B1-471A-8628-F8BAFB9F635F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{D35488B6-0C90-4E07-A03B-369BA4C82B6F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DEFAF4A8-753E-426F-A097-1C5C9D895B42}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E1C76EC3-D5C6-49E9-AF3E-7A2324DC3E02}" = protocol=17 | dir=in | app=f:\appdata\microsoft office\office14\onenote.exe | 
"{E70C9597-0722-4CD8-99D4-A7EF32AC472E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{E7E2D817-22E3-4473-861A-776804CFB28F}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{EABFCDC6-0F7D-4C80-8D97-90B1C03A655E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{ED5D235E-21FD-4C19-B5D2-06A28ECD4B76}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{F6E76DD2-9AC9-4B88-AB5C-3C15C009DAC4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F7A7C415-6F35-45F7-821A-5FE5CE8C66D0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{F9CDB9E8-61E6-4293-9BE0-A2C02381D0E1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{FCFD92D5-228B-464F-9588-41B1B56319D8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{FE02075C-4071-4E07-BEDC-3153F609E259}" = protocol=6 | dir=in | app=f:\vuze downloads\azureus.exe | 
"{FE8BBD98-DB3C-41B4-9F9B-CB657E9A9239}" = protocol=6 | dir=out | app=system | 
"TCP Query User{1D95481D-367B-4E61-B3D6-937D4542F0B9}C:\users\christib\appdata\local\temp\ixp002.tmp\smpcsetup.exe" = protocol=6 | dir=in | app=c:\users\christib\appdata\local\temp\ixp002.tmp\smpcsetup.exe | 
"TCP Query User{2EB03672-52B0-4542-9A4F-AEB0974B0CEE}C:\program files\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe | 
"TCP Query User{3107A047-0567-439E-939B-D1C915DD52CB}C:\users\christib\desktop\pfportchecker\pfportchecker.exe" = protocol=6 | dir=in | app=c:\users\christib\desktop\pfportchecker\pfportchecker.exe | 
"TCP Query User{51E85174-D027-46CE-84CB-CE4B7053521A}C:\users\christib\appdata\local\temp\ixp000.tmp\smpcsetup.exe" = protocol=6 | dir=in | app=c:\users\christib\appdata\local\temp\ixp000.tmp\smpcsetup.exe | 
"TCP Query User{5EA00E09-07DB-421F-95F9-8FD4EB487D2A}C:\users\christib\appdata\roaming\allmyapps\allmyapps.exe" = protocol=6 | dir=in | app=c:\users\christib\appdata\roaming\allmyapps\allmyapps.exe | 
"TCP Query User{6A5902E0-8345-4CD8-A185-B10B1588B6AC}C:\program files\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe | 
"TCP Query User{6CFC3D65-E4F2-47FD-9405-0AB4BAC694DF}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{6DB46C57-DB4C-4A2A-97ED-BB130B72E8AC}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{8339EA2D-66FB-4FB7-8019-C27F73A7B9BE}C:\users\christib\appdata\local\temp\showmypc\-----------showmypc3105 (1)\smpcsetup.exe" = protocol=6 | dir=in | app=c:\users\christib\appdata\local\temp\showmypc\-----------showmypc3105 (1)\smpcsetup.exe | 
"TCP Query User{86CB4F60-C8CE-4305-95EC-26CC04E1119D}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{8759510F-BD2F-4395-B6D5-3CF83C56663A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{89807D27-8063-4CDE-BA0F-2F2E400376B0}C:\users\christib\appdata\local\temp\ixp002.tmp\smwinvnc.exe" = protocol=6 | dir=in | app=c:\users\christib\appdata\local\temp\ixp002.tmp\smwinvnc.exe | 
"TCP Query User{8F215471-AD2A-401C-86F4-5835540144B9}C:\users\christib\appdata\local\temp\ixp001.tmp\smpcsetup.exe" = protocol=6 | dir=in | app=c:\users\christib\appdata\local\temp\ixp001.tmp\smpcsetup.exe | 
"TCP Query User{905F4568-7A2E-446B-A058-277BB2C8FADE}C:\users\christib\appdata\local\temp\showmypc\-----------showmypc3105\smpcsetup.exe" = protocol=6 | dir=in | app=c:\users\christib\appdata\local\temp\showmypc\-----------showmypc3105\smpcsetup.exe | 
"TCP Query User{AE787BD3-8BC0-489E-AB0B-B1A818AFF078}C:\users\christib\appdata\roaming\allmyapps\allmyapps.exe" = protocol=6 | dir=in | app=c:\users\christib\appdata\roaming\allmyapps\allmyapps.exe | 
"TCP Query User{B49DB89F-4396-4437-A39F-D494AD357FB6}C:\program files\showmypcservice\tvnserver.exe" = protocol=6 | dir=in | app=c:\program files\showmypcservice\tvnserver.exe | 
"TCP Query User{DD79FBAB-469C-4AC6-836E-D287CAC3A42B}C:\users\christib\appdata\local\temp\ixp001.tmp\smwinvnc.exe" = protocol=6 | dir=in | app=c:\users\christib\appdata\local\temp\ixp001.tmp\smwinvnc.exe | 
"TCP Query User{E26088F1-8BA5-4773-BF15-B8240DD44FF2}C:\users\christib\appdata\local\temp\ixp000.tmp\smwinvnc.exe" = protocol=6 | dir=in | app=c:\users\christib\appdata\local\temp\ixp000.tmp\smwinvnc.exe | 
"TCP Query User{F48DFFE5-447C-4BD4-B552-7B89FE7D13E0}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{02BE26B2-5F8C-4637-9CE4-7BEC8F0B7C5C}C:\users\christib\appdata\local\temp\ixp001.tmp\smwinvnc.exe" = protocol=17 | dir=in | app=c:\users\christib\appdata\local\temp\ixp001.tmp\smwinvnc.exe | 
"UDP Query User{0DD1555C-E4D1-430D-88A4-A69EA63C95BE}C:\users\christib\appdata\local\temp\showmypc\-----------showmypc3105\smpcsetup.exe" = protocol=17 | dir=in | app=c:\users\christib\appdata\local\temp\showmypc\-----------showmypc3105\smpcsetup.exe | 
"UDP Query User{10ECA6A1-002D-49FF-80F5-DBEEF733FC49}C:\users\christib\appdata\local\temp\ixp000.tmp\smwinvnc.exe" = protocol=17 | dir=in | app=c:\users\christib\appdata\local\temp\ixp000.tmp\smwinvnc.exe | 
"UDP Query User{1288E1F1-A5D0-493F-88D3-3C0E60DF4A63}C:\users\christib\appdata\local\temp\ixp002.tmp\smpcsetup.exe" = protocol=17 | dir=in | app=c:\users\christib\appdata\local\temp\ixp002.tmp\smpcsetup.exe | 
"UDP Query User{12CF8E52-FAE7-4B5E-9DEF-15D4D769DEF1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{2FF49E0D-1261-4754-A434-57C72B46A04E}C:\program files\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe | 
"UDP Query User{5A748F38-21E4-46D9-BB90-81BE9F1B952D}C:\users\christib\appdata\local\temp\ixp000.tmp\smpcsetup.exe" = protocol=17 | dir=in | app=c:\users\christib\appdata\local\temp\ixp000.tmp\smpcsetup.exe | 
"UDP Query User{6355CDBC-69EB-49EE-A7A8-B3F9E126D0BE}C:\users\christib\desktop\pfportchecker\pfportchecker.exe" = protocol=17 | dir=in | app=c:\users\christib\desktop\pfportchecker\pfportchecker.exe | 
"UDP Query User{6E79C2E9-519D-4BA8-9A3D-9E3319532F84}C:\users\christib\appdata\local\temp\showmypc\-----------showmypc3105 (1)\smpcsetup.exe" = protocol=17 | dir=in | app=c:\users\christib\appdata\local\temp\showmypc\-----------showmypc3105 (1)\smpcsetup.exe | 
"UDP Query User{82C6068D-8078-4D7A-BDBB-E101AF5A4F0A}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{860BB5FC-E13C-4B35-A212-6134116C2788}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{87F44E3C-B3E0-49FC-B393-49033C916D01}C:\users\christib\appdata\local\temp\ixp001.tmp\smpcsetup.exe" = protocol=17 | dir=in | app=c:\users\christib\appdata\local\temp\ixp001.tmp\smpcsetup.exe | 
"UDP Query User{90A7E8EE-5B1F-402A-824B-8E6F52D2D3A0}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{98B95B61-96E2-4B40-BD77-D8A6F56A89D1}C:\program files\showmypcservice\tvnserver.exe" = protocol=17 | dir=in | app=c:\program files\showmypcservice\tvnserver.exe | 
"UDP Query User{A6E21A8A-A152-43EA-B969-EDA0C4591312}C:\program files\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe | 
"UDP Query User{AF0FA806-3C85-43F5-9052-C2EB87FCF256}C:\users\christib\appdata\roaming\allmyapps\allmyapps.exe" = protocol=17 | dir=in | app=c:\users\christib\appdata\roaming\allmyapps\allmyapps.exe | 
"UDP Query User{CC5DDC73-1D80-4BD3-A3D0-1C579D398BA9}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{DD30A043-E861-4790-9B0B-8C68D171D053}C:\users\christib\appdata\roaming\allmyapps\allmyapps.exe" = protocol=17 | dir=in | app=c:\users\christib\appdata\roaming\allmyapps\allmyapps.exe | 
"UDP Query User{EEBFA3DF-FEF7-4C7A-AA29-B39548926CA5}C:\users\christib\appdata\local\temp\ixp002.tmp\smwinvnc.exe" = protocol=17 | dir=in | app=c:\users\christib\appdata\local\temp\ixp002.tmp\smwinvnc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00A61104-74B5-4056-AD00-4397EF4FB141}" = iCloud
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11DB380B-48CF-46EA-8B03-51874E2733C9}" = Dell Control Point
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12E25026-B99F-451C-9D41-2B8FD19F6050}" = Shiloh
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{26A24AE4-039D-4CA4-87B4-2F83216024F0}" = Java™ 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216038FF}" = Java™ 6 Update 38
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3237887D-8AC4-4C27-BDF4-57D7CB0351D6}" = SO32MMWrapper
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.439
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{71084075-ABA7-48BC-9733-F56A9ABD184D}" = DCP32MMWrapper
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{731B0E4D-F4C7-450C-95B0-E1A3176B1C75}" = Dell Backup and Recovery Manager
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79B520D5-CE72-4661-A054-804BC3412516}" = Wave Infrastructure Installer
"{81860953-8A77-4ED5-B57C-F35D703D9489}" = Dell ControlVault Host Components Installer
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{907611B4-1B1B-4810-88CD-965FA49F35F6}" = C5200
"{9143F2FA-BF20-4311-8618-4CCF51B1B80C}" = Dell ControlPoint System Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EDA3DD1-130D-4EE1-A3D2-5A3D795CC8C9}" = MFCLOC
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat  9 Standard - English, Français, Deutsch
"{AC76BA86-1033-F400-BA7E-000000000004}_955" = Adobe Acrobat 9.5.5 - CPSID_83708
"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat  9 Standard - English, Français, Deutsch
"{ACA283A7-AE25-4D18-BACE-6145DD847D50}" = PerfectSuite Plus
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BCC7E198-1D10-4B55-956E-550A196F8056}" = Microsoft Office Live Meeting 2007
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C82185E8-C27B-4EF4-2011-1111BC2C2B6D}" = Microsoft MapPoint North America 2011
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCC68887-6E07-4438-A035-7C22EFBDC15E}" = Intel® Network Connections 14.6.9.0
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{cef78f86-19a8-4bbd-91fa-e9b6b2d37348}" = C5200_Help
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU 
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF2035BE-5820-4965-BD97-7FAF8D4A7879}" = Microsoft_VC90_CRT_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E63A7E64-AD93-47E7-AC5C-BA042AA740CA}" = Dell ControlPoint Connection Manager
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU 
"1SYNC Spreadsheet Load Tool_is1" = 1SYNC-SLT v7.5
"8461-7759-5462-8226" = Vuze
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"C-Media CM108 Like Sound Driver" = SteelSeries USB Sound Card Win7 v1.10
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DW WLAN Card Utility" = DW WLAN Card Utility
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallConverter" = InstallConverter
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.7.0 (Standard)
"LeapsterExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Minecraft_is1" = Minecraft version 1.4.6
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PROSetDX" = Intel® Network Connections 14.6.9.0
"RealPlayer 16.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"UPCShell" = LeapFrog Connect
"Verbatim Turbo USB 2.0_is1" = Verbatim Turbo USB 2.0
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"bd4d3a0508d364f5" = Dell Driver Download Manager
"GoToMeeting" = GoToMeeting 4.5.0.457
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/3/2014 9:01:50 AM | Computer Name = ChristiB-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ValueApps.exe, version: 1.3.1.1, time stamp:
 0x52b6c58f  Faulting module name: ValueApps.exe, version: 1.3.1.1, time stamp: 0x52b6c58f
Exception
 code: 0xc0000005  Fault offset: 0x00032e83  Faulting process id: 0x5b88  Faulting application
 start time: 0x01cf0881c2ffbbcd  Faulting application path: C:\Users\ChristiB\AppData\Local\Conduit\ValueApps\IE\ValueApps.exe
Faulting
 module path: C:\Users\ChristiB\AppData\Local\Conduit\ValueApps\IE\ValueApps.exe
Report
 Id: 357c1be8-7477-11e3-95fd-0026b9a2ddc6
 
Error - 1/3/2014 9:05:54 AM | Computer Name = ChristiB-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ValueApps.exe, version: 1.3.1.1, time stamp:
 0x52b6c58f  Faulting module name: ValueApps.exe, version: 1.3.1.1, time stamp: 0x52b6c58f
Exception
 code: 0xc0000005  Fault offset: 0x00032e91  Faulting process id: 0x5ce8  Faulting application
 start time: 0x01cf08841778fe0c  Faulting application path: C:\Users\ChristiB\AppData\Local\Conduit\ValueApps\IE\ValueApps.exe
Faulting
 module path: C:\Users\ChristiB\AppData\Local\Conduit\ValueApps\IE\ValueApps.exe
Report
 Id: c6ba1b29-7477-11e3-95fd-0026b9a2ddc6
 
Error - 1/3/2014 9:12:47 AM | Computer Name = ChristiB-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ValueApps.exe, version: 1.3.1.1, time stamp:
 0x52b6c58f  Faulting module name: ValueApps.exe, version: 1.3.1.1, time stamp: 0x52b6c58f
Exception
 code: 0xc0000005  Fault offset: 0x00032e91  Faulting process id: 0x5ce8  Faulting application
 start time: 0x01cf0884d0d8c16d  Faulting application path: C:\Users\ChristiB\AppData\Local\Conduit\ValueApps\IE\ValueApps.exe
Faulting
 module path: C:\Users\ChristiB\AppData\Local\Conduit\ValueApps\IE\ValueApps.exe
Report
 Id: bd1a3977-7478-11e3-95fd-0026b9a2ddc6
 
Error - 1/3/2014 9:13:41 AM | Computer Name = ChristiB-PC | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 14.0.7109.5000 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1784    Start
 Time: 01cf07b80677a399    Termination Time: 20    Application Path: C:\Program Files\Microsoft
 Office\Office14\OUTLOOK.EXE    Report Id: d4516f2f-7478-11e3-95fd-0026b9a2ddc6  
 
Error - 1/3/2014 9:20:17 AM | Computer Name = ChristiB-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ValueApps.exe, version: 1.3.1.1, time stamp:
 0x52b6c58f  Faulting module name: ValueApps.exe, version: 1.3.1.1, time stamp: 0x52b6c58f
Exception
 code: 0xc0000005  Fault offset: 0x00032e91  Faulting process id: 0x5b68  Faulting application
 start time: 0x01cf0886504ff605  Faulting application path: C:\Users\ChristiB\AppData\Local\Conduit\ValueApps\IE\ValueApps.exe
Faulting
 module path: C:\Users\ChristiB\AppData\Local\Conduit\ValueApps\IE\ValueApps.exe
Report
 Id: c92894c6-7479-11e3-95fd-0026b9a2ddc6
 
Error - 1/3/2014 9:22:37 AM | Computer Name = ChristiB-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ValueApps.exe, version: 1.3.1.1, time stamp:
 0x52b6c58f  Faulting module name: ValueApps.exe, version: 1.3.1.1, time stamp: 0x52b6c58f
Exception
 code: 0xc0000005  Fault offset: 0x00032e91  Faulting process id: 0x10b8  Faulting application
 start time: 0x01cf0886c9c71e52  Faulting application path: C:\Users\ChristiB\AppData\Local\Conduit\ValueApps\IE\ValueApps.exe
Faulting
 module path: C:\Users\ChristiB\AppData\Local\Conduit\ValueApps\IE\ValueApps.exe
Report
 Id: 1caf2d7b-747a-11e3-95fd-0026b9a2ddc6
 
Error - 1/3/2014 9:30:53 AM | Computer Name = ChristiB-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ValueApps.exe, version: 1.3.1.1, time stamp:
 0x52b6c58f  Faulting module name: ValueApps.exe, version: 1.3.1.1, time stamp: 0x52b6c58f
Exception
 code: 0xc0000005  Fault offset: 0x00032e91  Faulting process id: 0x5950  Faulting application
 start time: 0x01cf088759981156  Faulting application path: C:\Users\ChristiB\AppData\Local\Conduit\ValueApps\IE\ValueApps.exe
Faulting
 module path: C:\Users\ChristiB\AppData\Local\Conduit\ValueApps\IE\ValueApps.exe
Report
 Id: 4463d460-747b-11e3-95fd-0026b9a2ddc6
 
Error - 1/3/2014 10:59:37 AM | Computer Name = ChristiB-PC | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 14.0.7109.5000 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 66a8    Start
 Time: 01cf0885cd69533a    Termination Time: 31    Application Path: C:\Program Files\Microsoft
 Office\Office14\OUTLOOK.EXE    Report Id: 3562c5e5-7487-11e3-95fd-0026b9a2ddc6  
 
Error - 1/4/2014 11:06:36 AM | Computer Name = ChristiB-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ValueApps.exe, version: 1.3.1.1, time stamp:
 0x52b6c58f  Faulting module name: ValueApps.exe, version: 1.3.1.1, time stamp: 0x52b6c58f
Exception
 code: 0xc0000005  Fault offset: 0x00032e91  Faulting process id: 0xe54c  Faulting application
 start time: 0x01cf095da950930b  Faulting application path: C:\Users\ChristiB\AppData\Local\Conduit\ValueApps\IE\ValueApps.exe
Faulting
 module path: C:\Users\ChristiB\AppData\Local\Conduit\ValueApps\IE\ValueApps.exe
Report
 Id: cdb68990-7551-11e3-95fd-0026b9a2ddc6
 
Error - 1/4/2014 12:01:09 PM | Computer Name = ChristiB-PC | Source = Windows Backup | ID = 4103
Description = 
 
[ Media Center Events ]
Error - 3/4/2011 5:25:58 AM | Computer Name = ChristiB-PC | Source = MCUpdate | ID = 0
Description = 3:25:58 AM - Error connecting to the internet.  3:25:58 AM -     Unable
 to contact server..  
 
Error - 3/11/2011 8:42:55 AM | Computer Name = ChristiB-PC | Source = MCUpdate | ID = 0
Description = 6:42:55 AM - Error connecting to the internet.  6:42:55 AM -     Unable
 to contact server..  
 
Error - 12/12/2011 5:12:29 AM | Computer Name = ChristiB-PC | Source = MCUpdate | ID = 0
Description = 3:12:28 AM - Error connecting to the internet.  3:12:28 AM -     Unable
 to contact server..  
 
Error - 12/12/2011 6:12:36 AM | Computer Name = ChristiB-PC | Source = MCUpdate | ID = 0
Description = 4:12:36 AM - Error connecting to the internet.  4:12:36 AM -     Unable
 to contact server..  
 
Error - 12/12/2011 7:17:41 AM | Computer Name = ChristiB-PC | Source = MCUpdate | ID = 0
Description = 5:17:41 AM - Error connecting to the internet.  5:17:41 AM -     Unable
 to contact server..  
 
Error - 12/12/2011 8:17:49 AM | Computer Name = ChristiB-PC | Source = MCUpdate | ID = 0
Description = 6:17:49 AM - Error connecting to the internet.  6:17:49 AM -     Unable
 to contact server..  
 
Error - 7/27/2012 11:19:26 PM | Computer Name = ChristiB-PC | Source = MCUpdate | ID = 0
Description = 10:19:26 PM - Error connecting to the internet.  10:19:26 PM -     Unable
 to contact server..  
 
Error - 7/27/2012 11:19:33 PM | Computer Name = ChristiB-PC | Source = MCUpdate | ID = 0
Description = 10:19:31 PM - Error connecting to the internet.  10:19:31 PM -     Unable
 to contact server..  
 
Error - 7/28/2012 9:24:14 AM | Computer Name = ChristiB-PC | Source = MCUpdate | ID = 0
Description = 8:24:14 AM - Error connecting to the internet.  8:24:14 AM -     Unable
 to contact server..  
 
Error - 8/9/2012 7:36:41 AM | Computer Name = ChristiB-PC | Source = MCUpdate | ID = 0
Description = 6:36:40 AM - Error connecting to the internet.  6:36:40 AM -     Unable
 to contact server..  
 
[ System Events ]
Error - 12/12/2013 7:54:14 AM | Computer Name = ChristiB-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\DR0.
 
Error - 12/12/2013 6:24:44 PM | Computer Name = ChristiB-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   tcpipBM
 
Error - 12/18/2013 7:57:38 PM | Computer Name = ChristiB-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   tcpipBM
 
Error - 12/19/2013 10:40:40 PM | Computer Name = ChristiB-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.165.174.0     Update Source: %%859     Update Stage:
 %%852     Source Path: http://www.microsoft.com     Signature Type: %%800     Update Type: %%803
 
User:
 NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10201.0
 
Error
 code: 0x8024402c     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support. 
 
Error - 12/25/2013 4:19:12 AM | Computer Name = ChristiB-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 12/27/2013 1:21:47 PM | Computer Name = ChristiB-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{72E5DA0B-80DE-4465-95A8-05A97BBB089A}
 because another computer on the network has the same name.  The server could not
 start.
 
Error - 12/29/2013 6:37:33 PM | Computer Name = ChristiB-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   tcpipBM
 
Error - 12/31/2013 12:00:26 PM | Computer Name = ChristiB-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   tcpipBM
 
Error - 1/4/2014 11:08:01 AM | Computer Name = ChristiB-PC | Source = volsnap | ID = 393222
Description = The shadow copy of volume F: could not create a new paged heap.  The
 system may be low on virtual memory.
 
Error - 1/4/2014 11:08:07 AM | Computer Name = ChristiB-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   tcpipBM
 
 
< End of report >
HijackThis Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:05:55 AM, on 1/4/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Microsoft MapPoint 2011\StreetsOlkShim.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ChristiB\Downloads\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://rllogin.wal-...me/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (file missing)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (file missing)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (file missing)
O3 - Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O3 - Toolbar: (no name) - !{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
O3 - Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Cm108Sound] RunDll32 cm108.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [SpUninstallCleanUp] REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon] "C:\Windows\system32\Rundll32.exe" "C:\Users\ChristiB\AppData\Roaming\ValueApps\CH\TBVerifier.dll",RunConduitFloatingPlugin lcnnhcneegeeojhgpfijnlnocjdmlaon
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Export to Microsoft Excel - res://C:\Program Files\Microsoft Office\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O15 - Trusted Zone: http://www.dns-ok.us
O15 - Trusted Zone: *.dns-ok.us
O15 - Trusted Zone: *.ieframe.dll
O15 - Trusted Zone: *.pandora.com
O15 - Trusted Zone: *.showmypc.com
O15 - Trusted Zone: *.wal-mart.com
O16 - DPF: {19DFFB5D-E30A-4E3B-8524-0AD8F4D88D32} (VPLaunch Class) - https://fishinco.doe...com/XTunnel.cab
O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} (WebCacheCleaner Class) - https://fishinco.doe...acheCleaner.cab
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} (iCloud Web App Plugin) - https://www.icloud.c...stem/iCloud.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://akamaicdn.we...nt/ieatgpc1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{790B665E-3AD4-4D0E-9DBF-6C4692B10A23}: NameServer = 172.16.206.215 172.16.206.215
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD12F98D-1D60-45EC-99A6-686024840D22}: NameServer = 172.16.206.215 172.16.206.215
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - Unknown owner - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: AT&T Con App Svc (CAATT) - Unknown owner - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
 
--
End of file - 11526 bytes
 

 


    Advertisements

Register to Remove


#2 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,063 posts
  • Interests:Boo!....
  • MVP

Posted 04 January 2014 - 01:46 PM

Hi and welcome

I spotted a couple of nasties here.....



-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

Vista / 7 / 8 users:
You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

bf_new.gif Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
  • Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    please post:
    AdwCleaner[S1].txt
    JRT.txt
    MBAM log

    Tell me what the computer is doing now?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If there are internet issues afterward:

*In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,063 posts
  • Interests:Boo!....
  • MVP

Posted 07 January 2014 - 06:45 AM

It's been a couple of days since you were last here, Do you still need help?
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#4 cburson1112

cburson1112

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 07 January 2014 - 08:00 AM

Hi Juliet

I'm sorry I have not replied yet. I was downloading the applications you told me too and guess I clicked the wrong link. I had a million things added to my programs that I have been trying to get rid of, (while I am working). I will attempt again to download those two items you mentioned and will get back to you with the logs ASAP.



#5 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,063 posts
  • Interests:Boo!....
  • MVP

Posted 07 January 2014 - 08:49 AM

which link did I supply that installed these items?
of course don't click on it again, I checked again and they were ok?
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#6 cburson1112

cburson1112

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 07 January 2014 - 09:41 AM

Hi Juliet

It was actually an advertisement. I just wasn't paying attention. I think I have it all cleaned up except this Conduit. I have uninstalled a million different pieces of it but it is still showing up as my default browser page.

Below are the log files.

 

# AdwCleaner v3.016 - Report created 07/01/2014 at 08:04:21
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : ChristiB - CHRISTIB-PC
# Running from : C:\Users\ChristiB\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Web Assistant Updater

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\VisualBee
Folder Deleted : C:\ProgramData\wxDfast
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\Program Files\Windows jZip Toolbar
Folder Deleted : C:\Program Files\Vuze
Folder Deleted : C:\Users\ChristiB\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\ChristiB\AppData\Local\Mobogenie
Folder Deleted : C:\Users\ChristiB\AppData\Local\PackageAware
Folder Deleted : C:\Users\ChristiB\AppData\Local\visi_coupon
Folder Deleted : C:\Users\ChristiB\AppData\Local\visualbeeexe
Folder Deleted : C:\Users\ChristiB\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\ChristiB\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\ChristiB\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\ChristiB\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\ChristiB\AppData\Roaming\ValueApps
Folder Deleted : C:\Users\ChristiB\Documents\Mobogenie
Folder Deleted : C:\Users\ChristiB\AppData\Roaming\Mozilla\Firefox\Profiles\ba9i760v.default\Extensions\{94CD2CC3-083F-49BA-A218-4CDA4B4829FD}
Folder Deleted : C:\Users\ChristiB\AppData\Roaming\Mozilla\Firefox\Profiles\ba9i760v.default\Extensions\4fce8fe742a1f@4fce8fe742a58.info
Folder Deleted : C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb
Folder Deleted : C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgheeokdipjeglcbeilamhlkegaiponb
File Deleted : C:\Users\ChristiB\AppData\Roaming\Mozilla\Firefox\Profiles\ba9i760v.default\searchplugins\conduit-search.xml
File Deleted : C:\Users\ChristiB\AppData\Roaming\Mozilla\Firefox\Profiles\ba9i760v.default\searchplugins\MyStart Search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
File Deleted : C:\Users\ChristiB\AppData\Roaming\Mozilla\Firefox\Profiles\ba9i760v.default\user.js
File Deleted : C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Deleted : C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Deleted : C:\Users\ChristiB\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Deleted : C:\Users\ChristiB\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Deleted : C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Deleted : C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\Tasks\PC Optimizer Pro Updates.job
File Deleted : C:\Windows\System32\Tasks\PC Optimizer Pro Updates

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bgheeokdipjeglcbeilamhlkegaiponb
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3CEA364-E555-437D-A575-521C1E74228B}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3CEA364-E555-437D-A575-521C1E74228B}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDF6679A-0DE3-4A92-B08A-28C5F0E047BE}
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA7406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43B7-BEA3-87217BDA7406}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\Magical Jelly Bean\OpenCandy
Key Deleted : HKLM\Software\pc optimizer pro
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\torch
Key Deleted : HKLM\Software\Updater By Sweetpacks
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\ChristiB\AppData\Roaming\Mozilla\Firefox\Profiles\ba9i760v.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP7D72A82D-ABFE-4B6C-B434-32BCA7CA7720&SSPV=");
Line Deleted : user_pref("extensions.4fce8fe742acc.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Line Deleted : user_pref("extensions.incredibar.admin", false);
Line Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Line Deleted : user_pref("extensions.incredibar.cntry", "US");
Line Deleted : user_pref("extensions.incredibar.dfltLng", "");
Line Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Line Deleted : user_pref("extensions.incredibar.did", "10659");
Line Deleted : user_pref("extensions.incredibar.excTlbr", false);
Line Deleted : user_pref("extensions.incredibar.hdrMd5", "B6D94B85D92F5F7E227EDDE161FB80EF");
Line Deleted : user_pref("extensions.incredibar.hmpg", false);
Line Deleted : user_pref("extensions.incredibar.id", "9434a4000000000000000026b9a2ddc6");
Line Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Line Deleted : user_pref("extensions.incredibar.instlDay", "15496");
Line Deleted : user_pref("extensions.incredibar.instlRef", "");
Line Deleted : user_pref("extensions.incredibar.isDcmntCmplt", true);
Line Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1418:11:39");
Line Deleted : user_pref("extensions.incredibar.newTab", false);
Line Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Line Deleted : user_pref("extensions.incredibar.ppd", "127%5F4");
Line Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Line Deleted : user_pref("extensions.incredibar.productid", "26");
Line Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Line Deleted : user_pref("extensions.incredibar.sg", "none");
Line Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Line Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Line Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyE4qIYZF&loc=IB_TB&i=26&search=");
Line Deleted : user_pref("extensions.incredibar.upn2", "6OyE4qIYZF");
Line Deleted : user_pref("extensions.incredibar.upn2n", "92261535522297503");
Line Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1418:11:39");
Line Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Line Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Line Deleted : user_pref("extensions.incredibar_i.did", "10659");
Line Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Line Deleted : user_pref("extensions.incredibar_i.id", "9434a4000000000000000026b9a2ddc6");
Line Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Line Deleted : user_pref("extensions.incredibar_i.instlDay", "15496");
Line Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Line Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Line Deleted : user_pref("extensions.incredibar_i.newTab", false);
Line Deleted : user_pref("extensions.incredibar_i.ppd", "127%5F4");
Line Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Line Deleted : user_pref("extensions.incredibar_i.productid", "26");
Line Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Line Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyE4qIYZF&loc=IB_TB&i=26&search=");
Line Deleted : user_pref("extensions.incredibar_i.upn2", "6OyE4qIYZF");
Line Deleted : user_pref("extensions.incredibar_i.upn2n", "92261535522297503");
Line Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1418:11:39");
Line Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Line Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://mystart.incredibar.com/mb131?a=6oye4qiyzf/|||8641[...]
Line Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://mystart.incredibar.com/mb131?a=6oye4qiyzf");
Line Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"h[...]

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : search_url
Deleted : suggest_url
Deleted : keyword
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [15894 octets] - [07/01/2014 08:02:48]
AdwCleaner[S0].txt - [15774 octets] - [07/01/2014 08:04:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15835 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Professional x86
Ran by ChristiB on Tue 01/07/2014 at  8:16:47.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2009092001-3919513084-3943380105-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2009092001-3919513084-3943380105-1000\Software\web assistant
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621178}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621178}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7102}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\Tasks\pc optimizer pro startups.job"
Successfully deleted: [File] "C:\Users\ChristiB\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage"
Successfully deleted: [File] "C:\Users\ChristiB\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\ChristiB\appdata\local\google\chrome\user data\default\local storage\http_pricegong.conduitapps.com_0.localstorage"
Successfully deleted: [File] "C:\Users\ChristiB\appdata\local\google\chrome\user data\default\local storage\http_pricegong.conduitapps.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\ChristiB\appdata\local\google\chrome\user data\default\local storage\http_storage.conduit.com_0.localstorage"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\Users\ChristiB\appdata\local\solid savings"
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{06F632FC-554C-4251-88BD-2EDF57766F74}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{0874218B-388F-4FA1-A58F-ECC01480D0E0}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{0B19D4D8-4FD3-4682-8148-074D8C22D3BC}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{0BD53693-677D-4533-9B9E-8F7BE01B5051}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{0C197BE1-9291-4CBD-A7F9-2761AB6DA52D}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{0C6E665D-04B4-4011-BC24-58F9CF9B76A2}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{0E3775C6-DD60-4C75-B263-1CDBF2DBED55}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{152D15F7-12DE-40E7-9062-22D194E73D7C}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{18AF05E1-4E04-417D-AA19-E5E3534D867F}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{1D38933C-D7A7-4BD9-BDB6-C78FF093F71F}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{1D4EEC68-9E0B-4CDA-9E4B-93D423C69CB1}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{24908B74-FBD9-4B0E-9148-5809E79E9E4D}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{26E408FB-670A-4F42-9FCE-646A86FE1878}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{2892A46E-6002-4A6F-8ADB-30EBE359B596}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{2C888FFB-9F9B-4C1B-BFB6-54556C3186DB}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{2D7BA1C5-953A-40CC-BC8A-02C20D2679B0}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{2DD92B68-3063-4DCC-99CF-F1C0B84964B8}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{37C48449-2CAD-4B49-B394-257D3206A5C7}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{3835E8CD-EF84-47A9-96F7-FCA18D8F4C15}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{39F987CF-6869-4E60-995B-C3AA03067416}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{3BAD2964-14C0-4AB7-9BC7-2A6EB09DBAFE}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{46F44546-7688-4DD9-ABFA-03CCCBD8BDD3}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{539B5085-5E5C-43A2-900F-C8E7C95FFF4C}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{5624C7B5-5A00-4C5F-8AE1-604CD3FC419E}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{5743F99E-711D-41D7-B424-99E2382DA653}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{57B83092-CDEE-450A-B9DB-42F0B657C52A}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{5B78DFF5-AED1-4010-8E0B-4F3270E1CAFB}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{5D72BE01-2C84-4064-9485-2DEF946F79BC}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{64CA8CB2-6CAE-4CF7-B707-1BF040B3B8FB}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{674B951D-62BD-48A9-BDEC-3737E2E3D9A7}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{6CCD8DBE-68AF-478A-816F-18A39E713625}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{6FC297C1-83F6-4127-88CD-D102A92E446C}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{779E74DE-5014-4922-B389-FFDF8910BD62}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{7A55B602-79E8-42C3-B8DB-F29FB2F7629A}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{7F304A24-3A72-41B0-A666-859433CD104B}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{9241CD15-7EDC-4EAA-8B89-EC321BED2AB9}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{94A9A3C7-73FC-483F-AA03-00548343C986}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{9624490F-EB2B-4D64-B625-A7AFFE3AE583}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{96B27C09-C9AB-4298-B5CB-785359572945}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{970006C3-DF39-417C-B3C4-CD30C6C5F412}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{98AAFF8B-0DD5-4DB1-BE1A-0665ADDD1FF0}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{9BA3CAC5-4D39-4931-AECB-3220C77C1A32}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{A2E22D5F-A93A-48F6-A1EB-19090A499C6D}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{A4E9CA81-13C2-4A2C-8B15-266F382CF6C1}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{A68C6459-35FB-45EB-A587-F5E2B7C4EA63}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{A71BE193-B31D-4B63-9E3D-DB060EA3BC7F}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{AB1B67E6-2263-4956-9250-EC46D413260E}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{AB1D71BF-4181-40B0-91F4-18C7BE338967}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{ACF89259-28A9-4B5E-8B8E-4C6BF8E46CB2}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{AF6B6464-E4CB-4E34-8C0B-DF1A14371265}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{B24A799A-E30B-4DD2-BAB6-21B8B7344A06}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{B32D6F4B-1E44-461C-982F-FEF1089B1824}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{B4FF17A7-7376-4890-B6C2-CEC199EDB6B4}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{BEFD9667-551E-4B25-875A-986F1E9CB96C}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{C07DEBF4-2DA9-4DB3-A416-33FA2B2879E0}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{C1BF06DF-050E-4BEA-842C-570A0B8D0D85}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{C278D36A-76DB-401E-B610-BB0A6960E7C5}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{C42FD35D-302C-4AD1-ABF1-4B4DE1D4083D}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{C8C1488D-BBFB-4140-93CE-66A9ED1CAED0}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{C99D2DC0-CA92-4986-9733-3C743F22D638}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{C9A02B28-6E99-433A-AD18-CFCC68D12D8D}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{CEE741D9-85A5-4127-9A2C-558BCD9689CF}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{D207C252-B804-42E2-8187-4A71E291EAD7}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{D71CB015-81BE-4ABC-9F23-2C27C0B59CB9}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{D71F0733-2E9C-4667-97A4-502543D1FED6}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{D96CBB77-E6E9-42CB-9B97-07358292D804}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{E2E61714-CD7F-4FCC-AF24-61FA529DA69D}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{E4BA5741-E0F3-417B-82F7-D15DEDA627C1}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{EAC4D3F1-5EBF-4AAD-8866-A3EC81732621}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{EB3A4E83-FC3D-4514-94E0-D379D4D37336}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{EDF3F317-D00A-4237-924E-C8501CF6A960}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{EF600952-A34D-497D-91BC-CD1ABD35DC34}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{F50756D2-5B57-4FE3-B908-3BA0EEEAC793}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{FB4387C6-F636-46B6-A024-439251B98675}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{FC0EA70E-08C3-477A-9B4E-D71E61F07201}
Successfully deleted: [Empty Folder] C:\Users\ChristiB\appdata\local\{FEF1F2F3-E8D7-443B-A46C-254A8B89D970}
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\user.js
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{c4cfc0de-134f-4466-b2a2-ff7c59a8bfad}
Emptied folder: C:\Users\ChristiB\AppData\Roaming\mozilla\firefox\profiles\ba9i760v.default\minidumps [9 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\cdjbnddbclciabnckgeahmneohjlahdm
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/07/2014 at  8:19:10.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.07.04
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16476
ChristiB :: CHRISTIB-PC [administrator]
 
1/7/2014 9:00:42 AM
mbam-log-2014-01-07 (09-00-42).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 248267
Time elapsed: 7 minute(s), 32 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346} (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 2
C:\Users\ChristiB\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\ChristiB\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
 
Files Detected: 5
c:\windows\system32\drivers\etc\edb0036d.log (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Users\ChristiB\Downloads\Setup.exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.
C:\Users\ChristiB\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\ChristiB\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\ChristiB\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
 
(end)
 


#7 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,063 posts
  • Interests:Boo!....
  • MVP

Posted 07 January 2014 - 10:00 AM

Let's do this next

Please download Farbar Recovery Scan Tool and save it to your Desktop.<--Important

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you receive an alert from your Antivirus, please allow it to run.

Copies of logs are saved at %systemdrive%:\FRST\Logs (in most cases this will be C:\FRST\Logs).
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#8 cburson1112

cburson1112

    New Member

  • Authentic Member
  • Pip
  • 16 posts

Posted 07 January 2014 - 09:54 PM

Hi Juliet

Please see below

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-01-2014
Ran by ChristiB (administrator) on CHRISTIB-PC on 07-01-2014 21:51:46
Running from C:\Users\ChristiB\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft) C:\Program Files\Microsoft MapPoint 2011\StreetsOlkShim.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Acresso Software Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] - "C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Cm108Sound] - RunDll32 cm108.cpl,CMICtrlWnd
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-09-26] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\iTunes Test\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2013-05-01] (Apple Inc.)
Startup: C:\Users\ChristiB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://rllogin.wal-...me/default.aspx
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {2F2C6E1F-FD1F-4A7E-838D-17A8F5231706} URL = 
SearchScopes: HKCU - {8A96AF9E-4074-43b7-BEA3-87217BDA7102} URL = 
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll No File
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll No File
Toolbar: HKLM - No Name - !{30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKLM - No Name - !{ba14329e-9550-4989-b3f2-9732e92d17cc} -  No File
Toolbar: HKLM - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {19DFFB5D-E30A-4E3B-8524-0AD8F4D88D32} https://fishinco.doe...com/XTunnel.cab
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} https://fishinco.doe...acheCleaner.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.c...stem/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...nt/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{790B665E-3AD4-4D0E-9DBF-6C4692B10A23}: [NameServer]172.16.206.215 172.16.206.215
Tcpip\..\Interfaces\{CD12F98D-1D60-45EC-99A6-686024840D22}: [NameServer]172.16.206.215 172.16.206.215
 
FireFox:
========
FF ProfilePath: C:\Users\ChristiB\AppData\Roaming\Mozilla\Firefox\Profiles\ba9i760v.default
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\ChristiB\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\ChristiB\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\ChristiB\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\ChristiB\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
FF Extension: Mozilla Framework Assistant - C:\Users\ChristiB\AppData\Roaming\Mozilla\Firefox\Profiles\ba9i760v.default\Extensions\{062c9079-db58-4492-8589-ca90cd00a2d1}.xpi
FF Extension: IE View - C:\Users\ChristiB\AppData\Roaming\Mozilla\Firefox\Profiles\ba9i760v.default\Extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3323216&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP433DE3A8-92DB-4A9A-8B95-FCDDE906905F&SSPV=
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3323216&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP433DE3A8-92DB-4A9A-8B95-FCDDE906905F&SSPV=", "hxxp://search.conduit.com/?ctid=CT3323216&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP433DE3A8-92DB-4A9A-8B95-FCDDE906905F&SSPV=", "https://rllogin.wal-.../&ct_orig_uri=/", "hxxp://www.google.com"
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live\u00C2\u2122 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Google Talk Plugin) - C:\Users\ChristiB\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\ChristiB\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google Docs) - C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Bookmark Sentry (scanner)) - C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga\1.7.18_0
CHR Extension: (YouTube) - C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (iCloud Bookmarks) - C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah\1.2.12_0
CHR Extension: (RealDownloader) - C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0
CHR Extension: (Value apps) - C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0
CHR Extension: (Google Wallet) - C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\ChristiB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
S4 buttonsvc32; C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [293968 2009-04-27] (Dell Inc.)
S4 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812392 2009-06-26] (Broadcom Corporation)
S4 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [26984 2009-06-26] (Broadcom Corporation)
S4 dcpsysmgrsvc; c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [382752 2009-07-16] (Dell Inc.)
S4 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [69632 2009-10-08] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S4 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [109168 2009-07-15] (Portrait Displays, Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S4 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1019904 2009-06-03] (Wave Systems Corp.)
S4 SMManager; C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [76288 2009-10-05] (Smith Micro Software, Inc.)
S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe [221266 2009-07-31] (IDT, Inc.)
S4 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] ()
S4 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1622016 2009-06-11] (Wave Systems Corp.)
S4 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-02-01] (Dell Inc.)
S3 ATTRcAppSvc; "C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe" /n "ATTRcAppSvc" [x]
S3 CAATT; "C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe" /n "CAATT" [x]
 
==================== Drivers (Whitelisted) ====================
 
R3 acpials; C:\Windows\System32\DRIVERS\acpials.sys [7680 2009-07-13] (Microsoft Corporation)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-02-01] (Broadcom Corporation)
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2009-06-26] (Broadcom Corporation)
S3 FNETTHJM_152D; C:\Windows\System32\drivers\fnetthjm_152D.sys [24448 2011-04-26] (FNet Co., Ltd.)
S3 KMWDFILTERx86; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [25088 2009-04-29] (Windows ® Codename Longhorn DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R3 PdiPorts; C:\Windows\System32\Drivers\PdiPorts.sys [17136 2009-07-15] (Portrait Displays, Inc.)
S3 risdpcie; C:\Windows\system32\DRIVERS\risdpe86.sys [49152 2009-06-30] (REDC)
S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38400 2009-07-04] (REDC)
R3 SSLDrv; C:\Windows\System32\DRIVERS\SSLDrv.sys [18656 2010-01-18] (Cavium Networks)
S3 SWNC8U12; C:\Windows\System32\DRIVERS\swnc8u12.sys [222720 2009-08-12] (Sierra Wireless Inc.)
S3 swumx12; C:\Windows\System32\DRIVERS\swumx12.sys [148992 2009-07-22] (Sierra Wireless Inc.)
S3 USBPNPA; C:\Windows\System32\drivers\CM108.sys [1515520 2009-09-29] (C-Media Electronics Inc)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
S3 vpcuxd; C:\Windows\System32\DRIVERS\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [200192 2009-07-27] (Wave Systems Corp.)
U0 BMLoad; system32\drivers\BMLoad.sys [x]
S3 catchme; \??\C:\Users\ChristiB\AppData\Local\Temp\catchme.sys [x]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [x]
S1 MpKsl054aed27; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{36FC2FDB-22BF-450F-AF6A-1E513DF3CB2C}\MpKsl054aed27.sys [x]
S1 MpKsl063bae14; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DC1B7ACA-0E24-4F17-9420-C3641F3C3463}\MpKsl063bae14.sys [x]
S1 MpKsl315d7f7b; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC67A18E-AF96-4B94-B9E9-371F0114F100}\MpKsl315d7f7b.sys [x]
S1 MpKsl49c395f4; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5CE8F995-C65E-4E0C-A503-A1521A11F009}\MpKsl49c395f4.sys [x]
S1 MpKsl575be974; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C0D7941C-B1EF-4971-8F58-F4397E782FEF}\MpKsl575be974.sys [x]
S1 MpKsl6baef586; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C71B285-904C-4FD6-AC89-B2DDDC12CC57}\MpKsl6baef586.sys [x]
S1 MpKsl8d329cfd; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FE612EBE-E197-48DD-959D-72CA3B283B47}\MpKsl8d329cfd.sys [x]
S1 MpKsl9113aa39; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8A99B91A-1326-4886-BF89-BBA3122128AF}\MpKsl9113aa39.sys [x]
S1 MpKsl9332f2a5; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FE612EBE-E197-48DD-959D-72CA3B283B47}\MpKsl9332f2a5.sys [x]
S1 MpKslbc4c2182; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FE612EBE-E197-48DD-959D-72CA3B283B47}\MpKslbc4c2182.sys [x]
S1 MpKslcde7d9f5; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5414B5DA-1541-4075-AF39-38D77F94074E}\MpKslcde7d9f5.sys [x]
S1 MpKsled7b911f; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{839E37A1-6B14-45E1-A06B-DF2AC1E063AE}\MpKsled7b911f.sys [x]
S3 NvtSp50; System32\Drivers\NvtSp50.sys [x]
S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [x]
S1 tcpipBM; \??\C:\Windows\system32\drivers\tcpipBM.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-07 21:51 - 2014-01-07 21:52 - 00027730 ____C C:\Users\ChristiB\Downloads\FRST.txt
2014-01-07 21:51 - 2014-01-07 21:51 - 00000000 ___DC C:\FRST
2014-01-07 21:50 - 2014-01-07 21:50 - 01064805 ____C (Farbar) C:\Users\ChristiB\Downloads\FRST.exe
2014-01-07 08:59 - 2014-01-07 08:59 - 10285040 ____C (Malwarebytes Corporation                                    ) C:\Users\ChristiB\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-07 08:59 - 2014-01-07 08:59 - 00001073 ____C C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-07 08:59 - 2014-01-07 08:59 - 00000000 ___DC C:\Users\ChristiB\AppData\Roaming\Malwarebytes
2014-01-07 08:59 - 2013-04-04 14:50 - 00022856 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-07 08:19 - 2014-01-07 08:19 - 00011216 ____C C:\Users\ChristiB\Desktop\JRT.txt
2014-01-07 08:16 - 2014-01-07 08:16 - 00000000 ___DC C:\Windows\ERUNT
2014-01-07 08:13 - 2014-01-07 08:13 - 01036305 ____C (Thisisu) C:\Users\ChristiB\Downloads\JRT.exe
2014-01-07 08:12 - 2014-01-07 08:12 - 00015916 ____C C:\Users\ChristiB\Desktop\AdwCleaner[S0].txt
2014-01-07 08:09 - 2014-01-07 09:13 - 00000168 ____C C:\Windows\setupact.log
2014-01-07 08:09 - 2014-01-07 09:12 - 00003988 ____C C:\Windows\PFRO.log
2014-01-07 08:09 - 2014-01-07 08:09 - 00000000 ____C C:\Windows\setuperr.log
2014-01-07 08:02 - 2014-01-07 08:04 - 00000000 ___DC C:\AdwCleaner
2014-01-07 08:01 - 2014-01-07 08:01 - 01233962 ____C C:\Users\ChristiB\Downloads\AdwCleaner.exe
2014-01-07 07:01 - 2014-01-07 07:01 - 00014041 ____C C:\Users\ChristiB\Downloads\sup3622_377450263_DC715BFDXFB46X4B5BXB36EX49655EF582C3.xls
2014-01-07 07:00 - 2014-01-07 07:00 - 00014038 ____C C:\Users\ChristiB\Downloads\sup3622_377450262_98525697X1280X4E87XBA56X5F249832BDD4.xls
2014-01-07 06:58 - 2014-01-07 06:58 - 00061191 ____C C:\Users\ChristiB\Downloads\ex_2394113999_ENG.xls
2014-01-07 06:57 - 2014-01-07 06:57 - 00017855 ____C C:\Users\ChristiB\Downloads\ex_2324004467_ENG.xls
2014-01-07 06:56 - 2014-01-07 06:56 - 00020363 ____C C:\Users\ChristiB\Downloads\ex_3889520019_ENG.xls
2014-01-07 06:56 - 2014-01-07 06:56 - 00011302 ____C C:\Users\ChristiB\Downloads\ex_966081476_ENG.xls
2014-01-07 06:55 - 2014-01-07 06:55 - 00039180 ____C C:\Users\ChristiB\Downloads\ex_962574230_ENG.xls
2014-01-07 06:50 - 2014-01-07 06:50 - 00297383 ____C C:\Users\ChristiB\Downloads\sup3622_377439070_94E858CDX6E94X40D7XB02DX714C5188A033.xls
2014-01-07 06:48 - 2014-01-07 06:48 - 00014003 ____C C:\Users\ChristiB\Downloads\sup3622_377438826_E9A22A7CXC3BBX45EEX9A8EX6D9C8361CF16.xls
2014-01-04 16:19 - 2014-01-04 16:19 - 00000000 ___DC C:\Users\ChristiB\AppData\Local\genienext
2014-01-04 16:14 - 2014-01-04 16:14 - 00001254 ____C C:\Users\ChristiB\Desktop\Create Amazing Presentations.lnk
2014-01-04 16:14 - 2014-01-04 16:14 - 00001254 ____C C:\Users\ChristiB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
2014-01-04 16:14 - 2014-01-04 16:14 - 00000000 ___DC C:\Users\ChristiB\AppData\Local\emaze
2014-01-04 16:13 - 2014-01-04 16:13 - 00000000 ___DC C:\Users\ChristiB\.android
2014-01-04 16:13 - 2014-01-04 16:13 - 00000000 ____C C:\Users\ChristiB\daemonprocess.txt
2014-01-04 10:21 - 2014-01-04 10:21 - 00106492 ____C C:\Users\ChristiB\Downloads\Extras.Txt
2014-01-04 10:19 - 2014-01-04 10:19 - 00190552 ____C C:\Users\ChristiB\Downloads\OTL.Txt
2014-01-04 10:08 - 2014-01-04 10:08 - 00602112 ____C (OldTimer Tools) C:\Users\ChristiB\Downloads\OTL.exe
2014-01-04 10:06 - 2014-01-04 10:06 - 00011528 ____C C:\Users\ChristiB\Desktop\hijackthis.log
2014-01-04 10:05 - 2014-01-04 10:05 - 00388608 ____C (Trend Micro Inc.) C:\Users\ChristiB\Downloads\HiJackThis.exe
2014-01-04 10:05 - 2014-01-04 10:05 - 00011528 ____C C:\Users\ChristiB\Downloads\hijackthis.log
2014-01-03 10:45 - 2014-01-03 10:45 - 00013044 ____C C:\Users\ChristiB\AppData\Roaming\Microsoft Access 97-2003.CAL
2014-01-03 10:44 - 2014-01-03 10:45 - 00352256 ____C C:\Users\ChristiB\Documents\Christi iCloud Calendar.mdb
2014-01-03 10:00 - 2014-01-03 10:00 - 00165579 ____C C:\Users\ChristiB\Downloads\FactoryOverview.xls
2014-01-02 17:59 - 2014-01-02 17:59 - 00001916 ____C C:\Users\Public\Desktop\InstallConverter.lnk
2014-01-02 17:59 - 2014-01-02 17:59 - 00000000 ___DC C:\Program Files\InstallConverter
2013-12-23 20:36 - 2013-12-23 20:37 - 00000000 ___DC C:\Program Files\Mozilla Firefox
2013-12-12 03:05 - 2013-12-12 03:05 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 03:05 - 2013-12-12 03:05 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 03:05 - 2013-12-12 03:05 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 03:05 - 2013-12-12 03:05 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 03:05 - 2013-12-12 03:05 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 03:05 - 2013-12-12 03:05 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 03:01 - 2013-12-12 03:01 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 03:01 - 2013-12-12 03:01 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 03:08 - 2013-12-12 03:05 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 03:08 - 2013-12-12 03:04 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 03:08 - 2013-12-12 03:04 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 03:08 - 2013-12-12 03:04 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 03:08 - 2013-12-12 03:04 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 03:08 - 2013-12-12 03:04 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 03:08 - 2013-12-12 03:04 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 03:08 - 2013-12-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 03:08 - 2013-12-12 03:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 03:08 - 2013-10-03 19:49 - 00081408 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 03:08 - 2013-10-03 19:17 - 00177152 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
 
==================== One Month Modified Files and Folders =======
 
2014-01-07 21:52 - 2014-01-07 21:51 - 00027730 ____C C:\Users\ChristiB\Downloads\FRST.txt
2014-01-07 21:51 - 2014-01-07 21:51 - 00000000 ___DC C:\FRST
2014-01-07 21:50 - 2014-01-07 21:50 - 01064805 ____C (Farbar) C:\Users\ChristiB\Downloads\FRST.exe
2014-01-07 21:49 - 2010-03-19 22:53 - 00000000 ___DC C:\Users\ChristiB\AppData\Roaming\Skype
2014-01-07 21:37 - 2009-07-13 20:37 - 00000000 ___DC C:\Windows\tracing
2014-01-07 21:23 - 2012-07-11 05:40 - 00000830 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-07 21:06 - 2010-04-14 20:25 - 00000920 ____C C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2009092001-3919513084-3943380105-1000UA.job
2014-01-07 21:02 - 2013-07-29 06:16 - 01864678 ____C C:\Windows\WindowsUpdate.log
2014-01-07 20:58 - 2011-06-12 18:30 - 00000890 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-07 19:58 - 2011-06-12 18:30 - 00000886 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-07 19:53 - 2009-07-13 22:34 - 00020720 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-07 19:53 - 2009-07-13 22:34 - 00020720 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-07 09:47 - 2013-11-07 15:45 - 00000000 ___DC C:\Users\ChristiB\AppData\Local\0B3ED856-729A-4931-8F54-9EC03A9BF3DA.aplzod
2014-01-07 09:17 - 2010-02-02 20:09 - 00423846 ____C C:\Windows\system32\PerfStringBackup.INI
2014-01-07 09:13 - 2014-01-07 08:09 - 00000168 ____C C:\Windows\setupact.log
2014-01-07 09:13 - 2010-08-30 05:34 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2014-01-07 09:13 - 2009-07-13 22:53 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2014-01-07 09:12 - 2014-01-07 08:09 - 00003988 ____C C:\Windows\PFRO.log
2014-01-07 08:59 - 2014-01-07 08:59 - 10285040 ____C (Malwarebytes Corporation                                    ) C:\Users\ChristiB\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-07 08:59 - 2014-01-07 08:59 - 00001073 ____C C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-07 08:59 - 2014-01-07 08:59 - 00000000 ___DC C:\Users\ChristiB\AppData\Roaming\Malwarebytes
2014-01-07 08:59 - 2010-11-07 19:34 - 00000000 ___DC C:\Program Files\Malwarebytes' Anti-Malware
2014-01-07 08:19 - 2014-01-07 08:19 - 00011216 ____C C:\Users\ChristiB\Desktop\JRT.txt
2014-01-07 08:16 - 2014-01-07 08:16 - 00000000 ___DC C:\Windows\ERUNT
2014-01-07 08:13 - 2014-01-07 08:13 - 01036305 ____C (Thisisu) C:\Users\ChristiB\Downloads\JRT.exe
2014-01-07 08:12 - 2014-01-07 08:12 - 00015916 ____C C:\Users\ChristiB\Desktop\AdwCleaner[S0].txt
2014-01-07 08:09 - 2014-01-07 08:09 - 00000000 ____C C:\Windows\setuperr.log
2014-01-07 08:04 - 2014-01-07 08:02 - 00000000 ___DC C:\AdwCleaner
2014-01-07 08:01 - 2014-01-07 08:01 - 01233962 ____C C:\Users\ChristiB\Downloads\AdwCleaner.exe
2014-01-07 07:01 - 2014-01-07 07:01 - 00014041 ____C C:\Users\ChristiB\Downloads\sup3622_377450263_DC715BFDXFB46X4B5BXB36EX49655EF582C3.xls
2014-01-07 07:00 - 2014-01-07 07:00 - 00014038 ____C C:\Users\ChristiB\Downloads\sup3622_377450262_98525697X1280X4E87XBA56X5F249832BDD4.xls
2014-01-07 06:58 - 2014-01-07 06:58 - 00061191 ____C C:\Users\ChristiB\Downloads\ex_2394113999_ENG.xls
2014-01-07 06:57 - 2014-01-07 06:57 - 00017855 ____C C:\Users\ChristiB\Downloads\ex_2324004467_ENG.xls
2014-01-07 06:56 - 2014-01-07 06:56 - 00020363 ____C C:\Users\ChristiB\Downloads\ex_3889520019_ENG.xls
2014-01-07 06:56 - 2014-01-07 06:56 - 00011302 ____C C:\Users\ChristiB\Downloads\ex_966081476_ENG.xls
2014-01-07 06:55 - 2014-01-07 06:55 - 00039180 ____C C:\Users\ChristiB\Downloads\ex_962574230_ENG.xls
2014-01-07 06:50 - 2014-01-07 06:50 - 00297383 ____C C:\Users\ChristiB\Downloads\sup3622_377439070_94E858CDX6E94X40D7XB02DX714C5188A033.xls
2014-01-07 06:48 - 2014-01-07 06:48 - 00014003 ____C C:\Users\ChristiB\Downloads\sup3622_377438826_E9A22A7CXC3BBX45EEX9A8EX6D9C8361CF16.xls
2014-01-06 22:06 - 2010-04-14 20:25 - 00000868 ____C C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2009092001-3919513084-3943380105-1000Core.job
2014-01-06 08:26 - 2012-09-01 10:04 - 00021745 _____ C:\Users\ChristiB\Desktop\NEW 2012 Budget.xlsx
2014-01-04 16:19 - 2014-01-04 16:19 - 00000000 ___DC C:\Users\ChristiB\AppData\Local\genienext
2014-01-04 16:19 - 2010-05-17 18:06 - 00000000 ___DC C:\Users\ChristiB\AppData\Local\cache
2014-01-04 16:17 - 2012-05-22 14:10 - 00000000 ___DC C:\Program Files\Mozilla Maintenance Service
2014-01-04 16:14 - 2014-01-04 16:14 - 00001254 ____C C:\Users\ChristiB\Desktop\Create Amazing Presentations.lnk
2014-01-04 16:14 - 2014-01-04 16:14 - 00001254 ____C C:\Users\ChristiB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
2014-01-04 16:14 - 2014-01-04 16:14 - 00000000 ___DC C:\Users\ChristiB\AppData\Local\emaze
2014-01-04 16:13 - 2014-01-04 16:13 - 00000000 ___DC C:\Users\ChristiB\.android
2014-01-04 16:13 - 2014-01-04 16:13 - 00000000 ____C C:\Users\ChristiB\daemonprocess.txt
2014-01-04 16:13 - 2010-02-08 17:01 - 00000000 ___DC C:\Users\ChristiB
2014-01-04 10:21 - 2014-01-04 10:21 - 00106492 ____C C:\Users\ChristiB\Downloads\Extras.Txt
2014-01-04 10:19 - 2014-01-04 10:19 - 00190552 ____C C:\Users\ChristiB\Downloads\OTL.Txt
2014-01-04 10:08 - 2014-01-04 10:08 - 00602112 ____C (OldTimer Tools) C:\Users\ChristiB\Downloads\OTL.exe
2014-01-04 10:06 - 2014-01-04 10:06 - 00011528 ____C C:\Users\ChristiB\Desktop\hijackthis.log
2014-01-04 10:05 - 2014-01-04 10:05 - 00388608 ____C (Trend Micro Inc.) C:\Users\ChristiB\Downloads\HiJackThis.exe
2014-01-04 10:05 - 2014-01-04 10:05 - 00011528 ____C C:\Users\ChristiB\Downloads\hijackthis.log
2014-01-04 09:41 - 2011-05-17 17:55 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2014-01-04 09:19 - 2013-11-05 15:57 - 00000000 ___DC C:\Program Files\Common Files\ContactGenie
2014-01-04 09:06 - 2011-11-08 06:39 - 00000000 ___DC C:\Users\ChristiB\Documents\Audit Info
2014-01-03 10:45 - 2014-01-03 10:45 - 00013044 ____C C:\Users\ChristiB\AppData\Roaming\Microsoft Access 97-2003.CAL
2014-01-03 10:45 - 2014-01-03 10:44 - 00352256 ____C C:\Users\ChristiB\Documents\Christi iCloud Calendar.mdb
2014-01-03 10:45 - 2013-05-16 09:11 - 00000028 ____C C:\Windows\ODBC.INI
2014-01-03 10:00 - 2014-01-03 10:00 - 00165579 ____C C:\Users\ChristiB\Downloads\FactoryOverview.xls
2014-01-03 09:34 - 2012-08-06 11:33 - 00000000 ___DC C:\Users\ChristiB\Documents\Barry
2014-01-02 17:59 - 2014-01-02 17:59 - 00001916 ____C C:\Users\Public\Desktop\InstallConverter.lnk
2014-01-02 17:59 - 2014-01-02 17:59 - 00000000 ___DC C:\Program Files\InstallConverter
2014-01-02 07:28 - 2012-08-06 11:36 - 00000000 ___DC C:\Users\ChristiB\Documents\Prices
2013-12-31 09:58 - 2009-07-13 20:37 - 00000000 ___DC C:\Windows\system32\NDF
2013-12-30 08:32 - 2012-08-06 11:36 - 00000000 ___DC C:\Users\ChristiB\Documents\PO Tracker
2013-12-29 16:40 - 2012-04-12 05:44 - 00692616 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-29 16:40 - 2011-05-18 21:27 - 00071048 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-27 11:21 - 2010-04-05 13:07 - 00027872 ____C () C:\Windows\UninstallVTPassage.exe
2013-12-27 11:21 - 2010-04-05 13:07 - 00018656 ____C (Cavium Networks) C:\Windows\ssldrv.sys
2013-12-27 11:21 - 2007-10-12 16:14 - 00010670 ____C C:\Windows\ssldrv.cat
2013-12-27 11:21 - 2007-06-08 12:57 - 00004380 ____C C:\Windows\ssldrv.txt
2013-12-24 06:14 - 2013-06-21 06:52 - 00000000 ___DC C:\Users\ChristiB\AppData\Roaming\Media Player Classic
2013-12-24 06:12 - 2010-02-09 23:40 - 00000000 ___DC C:\Program Files\CCleaner
2013-12-23 20:37 - 2013-12-23 20:36 - 00000000 ___DC C:\Program Files\Mozilla Firefox
2013-12-16 15:18 - 2013-07-24 17:46 - 00000000 ___DC C:\Users\ChristiB\Documents\- Carbon Disclosure ProjectCDP 2013 CDP Supply Chain 2013 Information Request - The Fishin Company_files
2013-12-16 11:23 - 2012-08-06 11:38 - 00000000 ___DC C:\Users\ChristiB\Documents\Notes
2013-12-12 03:59 - 2011-05-04 16:19 - 00000000 ___DC C:\Windows\rescache
2013-12-12 03:23 - 2009-07-13 22:33 - 00465320 ____C C:\Windows\system32\FNTCACHE.DAT
2013-12-12 03:05 - 2013-12-12 03:05 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 03:05 - 2013-12-12 03:05 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 03:05 - 2013-12-12 03:05 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 03:05 - 2013-12-12 03:05 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 03:05 - 2013-12-12 03:05 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 03:05 - 2013-12-12 03:05 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 03:05 - 2013-12-12 03:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 03:05 - 2013-12-11 03:08 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 03:05 - 2010-02-02 20:16 - 00000000 ___DC C:\ProgramData\Microsoft Help
2013-12-12 03:04 - 2013-12-11 03:08 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 03:04 - 2013-12-11 03:08 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 03:04 - 2013-12-11 03:08 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 03:04 - 2013-12-11 03:08 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 03:04 - 2013-12-11 03:08 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 03:04 - 2013-12-11 03:08 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 03:04 - 2013-12-11 03:08 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 03:04 - 2013-12-11 03:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 03:04 - 2013-07-19 12:38 - 00000000 ___DC C:\Windows\system32\MRT
2013-12-12 03:02 - 2010-02-09 11:10 - 88123800 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-12 03:01 - 2013-12-12 03:01 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 03:01 - 2013-12-12 03:01 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
 
Some content of TEMP:
====================
C:\Users\ChristiB\AppData\Local\temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-30 00:26
 
==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-01-2014
Ran by ChristiB at 2014-01-07 21:52:19
Running from C:\Users\ChristiB\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
1SYNC-SLT v7.5 (Version: 7.5 - 1SYNC)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Acrobat  9 Standard - English, Français, Deutsch (Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (Version:  - Adobe Systems Incorporated)
Adobe AIR (Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.5.0.1060 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Download Assistant (Version: 1.2.3 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287 - Adobe Systems Incorporated)
AIO_CDA_Software (Version: 82.0.233.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
All Day Battery Life Configuration (Version: 1.1.0 - Dell Inc.)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C5200 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
C5200_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
CCleaner (Version: 4.09 - Piriform)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cisco EAP-FAST Module (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (Version: 1.1.6 - Cisco Systems, Inc.)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DCP32MMWrapper (Version: 1.6.334.60 - Broadcom Corporation) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version:  - Microsoft)
Dell Backup and Recovery Manager (Version: 1.1.0 - Dell Inc.)
Dell Control Point (Version: 1.6.334.60 - Broadcom Corporation) Hidden
Dell ControlPoint Connection Manager (Version: 1.3.1 - Dell Inc.)
Dell ControlPoint Security Manager (Version: 1.6.334.60 - Dell Inc.)
Dell ControlPoint System Manager (Version: 1.3.00000 - Dell Inc.)
Dell ControlVault Host Components Installer (Version: 1.7.324.55 - Broadcom Corporation) Hidden
Dell Driver Download Manager (Version: 3.0.0.0 - Dell Inc)
Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)
Dell Embassy Trust Suite by Wave Systems (Version: 03.04.00.063 - Wave Systems Corp) Hidden
Dell Security Device Driver Pack (Version: 1.3.039 - Dell Inc.)
Dell System Detect (Version: 3.3.2.1 - Dell)
Dell Touchpad (Version: 7.2.101.228 - ALPS ELECTRIC CO., LTD.)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Document Manager Lite (Version: 06.09.00.121 - Wave Systems Corp.) Hidden
DW WLAN Card Utility (Version: 5.60.48.35 - Dell Inc.)
EMBASSY Security Center (Version: 03.09.00.092 - Wave Systems Corp) Hidden
EMBASSY Security Setup (Version: 03.09.00.102 - Wave Systems Corp) Hidden
erLT (Version: 1.12.0117 - Logitech, Inc.) Hidden
ESC Home Page Plugin (Version: 03.04.00.029 - Wave Systems Corp) Hidden
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Gemalto (Version: 01.01.00.0000 - Wave Systems Corp) Hidden
Google Chrome (Version: 31.0.1650.63 - Google Inc.)
Google Talk Plugin (Version: 2.6.1.5251 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
GoToMeeting 4.5.0.457 (Version:  - )
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (Version: 13.0 - HP)
HP Photosmart Essential (Version: 1.12.0.46 - HP)
HP Photosmart Essential 3.5 (Version: 3.5 - HP)
HP Photosmart.All-In-One Driver Software 8.0 .A (Version: 8.0 - HP)
HP Product Detection (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (Version: 4.60 - HP)
HP Solution Center 13.0 (Version: 13.0 - HP)
HP Update (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (Version: 3.1.0.40 - Apple Inc.)
InstallConverter (Version: 1.0 - InstallConverter)
Intel® Graphics Media Accelerator Driver (Version:  - Intel Corporation)
Intel® Network Connections 14.6.9.0 (Version: 14.6.9.0 - Dell)
Intel® Network Connections 14.6.9.0 (Version: 14.6.9.0 - Dell) Hidden
Intel® Matrix Storage Manager (Version:  - Intel Corporation)
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 24 (Version: 6.0.240 - Oracle)
Java™ 6 Update 38 (Version: 6.0.380 - Oracle)
JavaFX 2.1.1 (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KhalInstallWrapper (Version: 4.60.122 - Logitech) Hidden
K-Lite Codec Pack 9.7.0 (Standard) (Version: 9.7.0 - )
LeapFrog Connect (Version: 4.0.33.15045 - LeapFrog)
Logitech SetPoint (Version: 4.60 - Logitech)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
MFCLOC (Version: 1.00.0000 - Dell Inc.) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Access database engine 2010 (English) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft MapPoint North America 2011 (Version: 18.0.1 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.190 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Search Enhancement Pack (Version: 3.0.133.0 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x86) ENU  (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x86) ENU  (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works 6-9 Converter (Version: 9.7.0621 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (Version: 1.0.0 - Microsoft Corporation)
Minecraft version 1.4.6 (Version: 1.4.6 - Mojang AB.)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden
OCR Software by I.R.I.S. 13.0 (Version: 13.0 - HP)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org 3.4.1 (Version: 3.41.9593 - Apache Software Foundation)
PerfectSuite Plus (Version: 1.50.011 - Portrait Displays, Inc.)
Pivot Software (Version: 9.03.004 - Portrait Displays, Inc.) Hidden
PowerDVD DX (Version: 8.3.5424 - CyberLink Corp.)
Preboot Manager (Version: 02.09.00.071 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 06.04.00.047 - Wave Systems Corp.) Hidden
PS_AIO_02_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (Version: 130.0.365.000 - Hewlett-Packard) Hidden
QuickTime (Version: 7.74.80.86 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller Pro 2.5.9 (Version: 2.5.9 - VS Revo Group, Ltd.)
Scan (Version: 140.0.77.000 - Hewlett-Packard) Hidden
SDK (Version: 2.17.002 - Portrait Displays, Inc.) Hidden
Security Wizards (Version: 01.07.00.016 - Your Company Name) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Shiloh (Version: 5.2.1.6 - Shiloh Technologies)
Shop for HP Supplies (Version: 13.0 - HP)
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SO32MMWrapper (Version: 1.6.334.60 - Broadcom Corporation) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (Version: 1.6.2 - Safer Networking Limited)
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
SteelSeries USB Sound Card Win7 v1.10 (Version:  - )
SyncToy 2.1 (x86) (Version: 2.1.0 - Microsoft)
System Requirements Lab for Intel (Version: 4.4.24.0 - Husdawg, LLC)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
Trusted Drive Manager (Version: 3.1.0.116 - Wave Systems Corp.) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin) (Version:  - LeapFrog)
Verbatim Turbo USB 2.0 (Version:  - Verbatim)
ViewSonic Monitor Drivers (Version:  - )
Vuze (Version: 4.9.0.0 - Azureus Software, Inc.)
Wave Infrastructure Installer (Version: 07.00.21.0000 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.10.00.046 - Wave Systems Corp) Hidden
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinDirStat 1.1.2 (Version:  - )
Windows Driver Package - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5) (Version: 01/07/2008 1.0.1.5 - Dell Inc.)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Installer Clean Up (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows XP Mode (Version: 1.3.7600.16432 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (Version: 4.20.0 - win.rar GmbH)
 
==================== Restore Points  =========================
 
06-01-2014 22:28:13 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 20:04 - 2014-01-04 09:25 - 00449836 ___RC C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {052096BB-FB25-40EA-AC28-F67C2EB54671} - System32\Tasks\ChristiB Videos => C:\Program Files\Nero\Nero BackItUp &amp; Burn\Nero BackItUp\NBCore.exe
Task: {2965EEFA-061D-4A21-ACB8-6B4B1641A861} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {470BC92D-2EC2-4003-9E86-00349B271B93} - System32\Tasks\{CEB48983-1979-49FC-B2D0-4814F7A870D6} => C:\Program Files\iTunes\iTunes.exe [2013-11-02] (Apple Inc.)
Task: {4E5FBDA1-7420-4B31-8078-C9102A1345D1} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2009092001-3919513084-3943380105-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {5096981A-10EA-4E86-8B74-2D64BEA013E3} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2009092001-3919513084-3943380105-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {53C25283-2930-4308-A45A-0C4FABCDD08D} - System32\Tasks\{390F243B-FED1-4123-8EAA-E3E4E2190661} => C:\Program Files\iTunes\iTunes.exe [2013-11-02] (Apple Inc.)
Task: {5A584A7A-6B47-4AE3-9914-0EB6E9AA7AD9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-29] (Adobe Systems Incorporated)
Task: {5C91E7B9-65F0-4F45-A39D-426F4B94058C} - System32\Tasks\4973 => Wscript.exe C:\Users\ChristiB\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {6C5FC215-B8A4-41C9-81F4-3897CB9F591C} - System32\Tasks\{4EF732EF-69DA-461C-8DFC-788A8A59BC75} => C:\Program Files\iTunes\iTunes.exe [2013-11-02] (Apple Inc.)
Task: {6CA74914-0B46-4E12-B750-545B2CB364CF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2009092001-3919513084-3943380105-1000UA => C:\Users\ChristiB\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {6F40B060-AE59-4B8E-A154-2E694C6386C3} - System32\Tasks\{65E6C324-BE53-4283-B406-A9D0DBDCF682} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {760D886C-6D67-457A-BCDA-01176345AFAA} - System32\Tasks\{C1C4E27F-3DC3-4230-9F25-FC28BF68F89E} => C:\Program Files\iTunes\iTunes.exe [2013-11-02] (Apple Inc.)
Task: {78D0D51F-70DA-4A89-830A-A7AFF1FEA663} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2009092001-3919513084-3943380105-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {7962E8CF-C4F5-4956-8BD5-75EC78A26E56} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2009092001-3919513084-3943380105-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {7C7232FF-5B21-475C-8DAD-F0F1DA1D0E62} - System32\Tasks\{C24363AD-6A48-434A-A1CD-7E6F5E5D4509} => C:\Program Files\iTunes\iTunes.exe [2013-11-02] (Apple Inc.)
Task: {80969379-FF29-47F4-8193-D7F9AE68BF83} - System32\Tasks\{B430AA18-2DB0-465C-82F7-8EB941DDDAC6} => C:\Program Files\iTunes\iTunes.exe [2013-11-02] (Apple Inc.)
Task: {9EA38AD8-C15E-43FE-9E94-D075735B7E2E} - System32\Tasks\{62E599F9-FB95-4990-8C83-33826E0417F4} => Iexplore.exe http://ui.skype.com/...?LastError=1603
Task: {9F712ACA-C46B-45F5-AE28-429AF69A832C} - System32\Tasks\{FA1ED247-23B6-4D0A-865D-35AF68823918} => Iexplore.exe http://ui.skype.com/...e=tsProgressBar
Task: {A0A2166F-965F-4CE7-902F-3333E1141A32} - System32\Tasks\DDHMYWL1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
Task: {A143170D-D808-4B58-98EE-A652F5DB865C} - System32\Tasks\{F2EF1C7D-8FA7-4570-887B-E48ABF9370B2} => Iexplore.exe http://ui.skype.com/...e=tsProgressBar
Task: {A6A21A85-DA19-4A2F-A35C-DC94A9FD1359} - System32\Tasks\{DCEE1ED1-E4F6-40F0-980D-4266C41C1DE6} => C:\Program Files\iTunes\iTunes.exe [2013-11-02] (Apple Inc.)
Task: {AAD751A1-3E8B-4980-90A5-BEF10FF9FCA1} - System32\Tasks\{E6B79052-189A-42C4-BC20-BCD513C26E9C} => Iexplore.exe http://ui.skype.com/...e=tsProgressBar
Task: {B24DFBA8-C98F-48BF-A91D-52F120050DFA} - System32\Tasks\JavaUpdateSched => C:\Windows\System32\jusched.exe
Task: {B50B7A1F-F09C-4FFC-96FB-142D1029A459} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {BD5E3B0E-64F2-4FA4-9336-83BAF3126854} - System32\Tasks\{CFF555D6-BF2A-4350-B72C-7DE5F504CB5E} => C:\Program Files\iTunes\iTunes.exe [2013-11-02] (Apple Inc.)
Task: {BDE156CF-3AB2-4233-8E80-B005002C9B91} - System32\Tasks\{0CCE6FB6-8ECE-4461-9FE7-A966C7BA3F4B} => C:\Program Files\iTunes\iTunes.exe [2013-11-02] (Apple Inc.)
Task: {C08500A8-378D-459E-8532-D6C51A5B9BDA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-12] (Google Inc.)
Task: {C72DBC27-3C22-4DDA-92BC-2DFCC09CD0AB} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {C8D83966-496C-4FEF-AA20-EA99EDAE8EEB} - System32\Tasks\{2064685B-48A9-4F7A-B1DB-BF9A9D6B4FFF} => C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
Task: {CD2852F3-5161-4887-80D9-3B4C61EA473F} - System32\Tasks\{68954642-6B13-4FD9-B127-9765B8E07604} => Iexplore.exe http://ui.skype.com/...e=tsProgressBar
Task: {CE2F657D-047F-4895-9AA2-0107E913E52C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2009092001-3919513084-3943380105-1000Core => C:\Users\ChristiB\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {D80A869D-9FFB-4E8E-9B59-A4FBD42CD67A} - System32\Tasks\{BF765750-75CA-4759-8A31-4AB8B7AF7266} => C:\Program Files\iTunes\iTunes.exe [2013-11-02] (Apple Inc.)
Task: {E91388F9-D5C4-43CE-976A-D61D1844682B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2009092001-3919513084-3943380105-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E940E2D9-1063-4BEF-9902-784BC6949BD6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-12] (Google Inc.)
Task: {E99ABDF0-3479-42BA-BD88-7ECDC620086D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2009092001-3919513084-3943380105-1000Core.job => C:\Users\ChristiB\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2009092001-3919513084-3943380105-1000UA.job => C:\Users\ChristiB\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-07-27 12:15 - 2009-07-27 12:15 - 00249856 _____ () C:\Windows\system32\wxvault.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 ____C () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 ____C () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 ____C () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 14:46 - 2013-02-14 14:46 - 01044048 ____C () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2013-09-13 13:11 - 2009-02-27 16:39 - 00019968 ____C () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
2013-09-13 13:11 - 2009-02-27 16:32 - 00020480 ____C () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
2013-12-05 02:57 - 2013-12-03 20:47 - 00702416 ____C () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 02:57 - 2013-12-03 20:47 - 00099792 ____C () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 02:57 - 2013-12-03 20:48 - 04055504 ____C () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 02:57 - 2013-12-03 20:48 - 00399312 ____C () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 02:57 - 2013-12-03 20:47 - 01619408 ____C () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:B7CDF4DB
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Faulty Device Manager Devices =============
 
Name: MpKsl575be974
Description: MpKsl575be974
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl575be974
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: MpKslbc4c2182
Description: MpKslbc4c2182
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKslbc4c2182
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: MpKslcde7d9f5
Description: MpKslcde7d9f5
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKslcde7d9f5
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: MpKsled7b911f
Description: MpKsled7b911f
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsled7b911f
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: MpKsl054aed27
Description: MpKsl054aed27
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl054aed27
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Bytemobile Kernel Network Provider
Description: Bytemobile Kernel Network Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: tcpipBM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: MpKsl6baef586
Description: MpKsl6baef586
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl6baef586
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: MpKsl063bae14
Description: MpKsl063bae14
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl063bae14
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: MpKsl8d329cfd
Description: MpKsl8d329cfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl8d329cfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: MpKsl9113aa39
Description: MpKsl9113aa39
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl9113aa39
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: MpKsl315d7f7b
Description: MpKsl315d7f7b
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl315d7f7b
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: MpKsl9332f2a5
Description: MpKsl9332f2a5
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl9332f2a5
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: MpKsl49c395f4
Description: MpKsl49c395f4
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl49c395f4
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/07/2014 00:10:30 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/07/2014 00:10:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
 
System errors:
=============
Error: (01/07/2014 09:13:08 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
tcpipBM
 
 
Microsoft Office Sessions:
=========================
Error: (01/07/2014 00:10:30 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (01/07/2014 00:10:21 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files\spybot - search & destroy\DelZip179.dllc:\program files\spybot - search & destroy\DelZip179.dll8
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 54%
Total physical RAM: 3535.9 MB
Available physical RAM: 1603.51 MB
Total Pagefile: 3734.19 MB
Available Pagefile: 1718.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1877.34 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:455.93 GB) (Free:311.51 GB) NTFS
Drive f: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:405.33 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4FA02651)
Partition 1: (Not Active) - (Size=227 MB) - (Type=DE)
Partition 2: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: A1762014)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#9 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,063 posts
  • Interests:Boo!....
  • MVP

Posted 08 January 2014 - 05:21 AM

Running from C:\Users\ChristiB\Downloads <-- need to move this to desktop
locate FRST, right click and send to desktop.

~~~~~~~~~~~

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
 

start
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {2F2C6E1F-FD1F-4A7E-838D-17A8F5231706} URL =
SearchScopes: HKCU - {8A96AF9E-4074-43b7-BEA3-87217BDA7102} URL =
Toolbar: HKLM - No Name - !{30F9B915-B755-4826-820B-08FBA6BD249D} - No File
Toolbar: HKLM - No Name - !{ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
Toolbar: HKLM - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {19DFFB5D-E30A-4E3B-8524-0AD8F4D88D32} https://fishinco.doe...com/XTunnel.cab
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} https://fishinco.doe...acheCleaner.cab
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\ChristiB\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3323216&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP433DE3A8-92DB-4A9A-8B95-FCDDE906905F&SSPV=
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3323216&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP433DE3A8-92DB-4A9A-8B95-FCDDE906905F&SSPV=", "hxxp://search.conduit.com/?ctid=CT3323216&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP433DE3A8-92DB-4A9A-8B95-FCDDE906905F&SSPV=", "https://rllogin.wal-.../&ct_orig_uri=/", "hxxp://www.google.com"
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: http://search.condui...rchTerms}&SSPV=
CHR DefaultNewTabURL:
CHR DefaultSearchURL: http://search.condui...rchTerms}&SSPV=
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\Users\ChristiB\AppData\Local\Temp\catchme.sys [x]
C:\Users\ChristiB\AppData\Local\temp\Quarantine.exe
Task: {5C91E7B9-65F0-4F45-A39D-426F4B94058C} - System32\Tasks\4973 => Wscript.exe C:\Users\ChristiB\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {C72DBC27-3C22-4DDA-92BC-2DFCC09CD0AB} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:B7CDF4DB
end



Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.



NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

*****************************

Please Run TFC by OldTimer to clear temporary files:

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe
and save it to your desktop.

Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

******************************

In your next reply please post:
Fixlog.txt

How's the computer at the moment?
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#10 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,063 posts
  • Interests:Boo!....
  • MVP

Posted 16 January 2014 - 03:06 PM

still with me?
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#11 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,063 posts
  • Interests:Boo!....
  • MVP

Posted 18 January 2014 - 07:12 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users