Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old June 7th, 2013, 10:37 PM
dr_ledger's Avatar
dr_ledger dr_ledger is offline
Senior Member
 
Join Date: Jan 2003
O/S: Windows XP Pro
Location: TN
Posts: 267
Can someone view this hijack this file.-Moved by Murf

This file is from an hp pavilion windows 7 that is sort of a general family computer. It has recently been slow and programs like Firefox freeze temporarily frequently. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:28:38 PM, on 6/7/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16483)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy. exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Charles\AppData\Roaming\Complitly\Complit ly.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll
O2 - BHO: ShopSafe Shared Browser Helper Object - {333F6B96-3992-4D58-A499-145A10FE48C3} - C:\Program Files (x86)\ShopSafe\BhoSSafe.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Freecorder extension - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files (x86)\Freecorder extension\ScriptHost.dll
O2 - BHO: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.506.2\NativeBHO.dll
O2 - BHO: Complitly - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Charles\AppData\Roaming\Complitly\Complit ly.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coIEPlg.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy. exe" /hide
O4 - HKCU\..\RunOnce: [DependencyCheck] Performed
O4 - Global Startup: Constant Guard.lnk = C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KE50FD~1.DLL,C:\PROGRA~2\COMM ON~1\JAKSTA~1\AUDIOC~1\jaudcap.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyS ervice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BayerHealthcareService - Bayer Healthcare LLC - C:\Program Files (x86)\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: CGPS Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: lxecCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv. exe
O23 - Service: lxec_device - - C:\Windows\system32\lxeccoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\Windows\system32\mqsvc.exe (file missing)
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14157 bytes

Last edited by dr_ledger; June 7th, 2013 at 10:47 PM.
Reply With Quote


  #2  
Old June 9th, 2013, 12:43 AM
Murf's Avatar
Murf Murf is offline
Moderator
 
Join Date: Oct 2001
O/S: Windows 11
Location: Newport News VA
Age: 77
Posts: 17,356
Don't read logs in this forum. Moving over to our Malware Removal Forum for you.
Reply With Quote
  #3  
Old June 9th, 2013, 06:59 AM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 41
Posts: 5,017
Hello, dr_ledger
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.


Hijackthis is very outdated and will not show good infos.

  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Push the Quick Scan button.
  5. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Reply With Quote
  #4  
Old June 16th, 2013, 12:10 AM
dr_ledger's Avatar
dr_ledger dr_ledger is offline
Senior Member
 
Join Date: Jan 2003
O/S: Windows XP Pro
Location: TN
Posts: 267
Thanks Thomas for helping me with this. I have been away for several days and just now have access to the computer in question. can the files be pasted in sections? Neither can be pasted in its full length.
Reply With Quote
  #5  
Old June 16th, 2013, 05:38 AM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 41
Posts: 5,017
Sure, just use several posts if needed.
Reply With Quote
  #6  
Old June 16th, 2013, 05:31 PM
dr_ledger's Avatar
dr_ledger dr_ledger is offline
Senior Member
 
Join Date: Jan 2003
O/S: Windows XP Pro
Location: TN
Posts: 267
OTL logfile created on: 6/15/2013 2:35:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Charles\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 32.26% Memory free
7.50 Gb Paging File | 4.33 Gb Available in Paging File | 57.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.18 Gb Total Space | 40.78 Gb Free Space | 8.98% Space Free | Partition Type: NTFS
Drive D: | 11.48 Gb Total Space | 2.10 Gb Free Space | 18.33% Space Free | Partition Type: NTFS

Computer Name: PAVILLION | User Name: Charles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/15 14:27:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Charles\Desktop\OTL.exe
PRC - [2013/05/14 15:16:25 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlug in_11_7_700_202.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 23:40:48 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/05/08 19:45:06 | 000,056,872 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2013/05/08 19:45:03 | 004,023,848 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
PRC - [2013/05/08 07:42:20 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler. exe
PRC - [2012/12/23 23:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccsvchst.exe
PRC - [2012/08/28 08:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/08/05 17:54:54 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\java.exe
PRC - [2012/04/17 01:23:42 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/04/17 01:23:42 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/01/23 19:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
PRC - [2011/01/23 19:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/08/19 13:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy. exe
PRC - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyS ervice.exe
PRC - [2009/05/08 19:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/02/27 22:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/11/13 15:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2007/09/26 14:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/16 09:27:47 | 000,369,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceModel#\98e8641e2ca570f03352a91836b0b97a \System.ServiceModel.Routing.ni.dll
MOD - [2013/05/16 09:27:45 | 001,140,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceModel#\0e5d2997438866de453e8b1401d84398 \System.ServiceModel.Discovery.ni.dll
MOD - [2013/05/16 09:27:43 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceModel#\3a75004c8363a598f4997686c16ae55e \System.ServiceModel.Channels.ni.dll
MOD - [2013/05/16 09:27:22 | 001,393,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceModel#\4dbbfceeddfc9180d5f621f0fc586e2c \System.ServiceModel.Activities.ni.dll
MOD - [2013/05/16 09:27:17 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.IdentityModel\6ff6bd832b03b5d6ea275ba9bee2d3ef \System.IdentityModel.ni.dll
MOD - [2013/05/16 09:27:14 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceModel\be692307d47b83000bba8bb6b484aff0\ System.ServiceModel.ni.dll
MOD - [2013/05/16 09:26:42 | 001,085,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceModel#\66cd1f52f3d80e02efa25c0fd795a278 \System.ServiceModel.Web.ni.dll
MOD - [2013/05/16 09:22:26 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Runtime.Dura#\019ed4a55ecc7d1f5b933c27970dce9b \System.Runtime.DurableInstancing.ni.dll
MOD - [2013/05/16 09:22:23 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Runtime.Seri#\2609614ca03927f7a99418c74844059b \System.Runtime.Serialization.ni.dll
MOD - [2013/05/16 08:50:45 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Pre sentationFramewo#\a9594959e951127f16eb49644ba92f79 \PresentationFramework.ni.dll
MOD - [2013/05/16 08:50:02 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Data\6f120c76113dc5166d2a5a5d21900f39\System.D ata.ni.dll
MOD - [2013/05/16 08:49:48 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Pre sentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\Pre sentationCore.ni.dll
MOD - [2013/05/16 08:49:26 | 000,749,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Security\aaf1949171dfbfcd4669ed8ba6cd3f10\Syst em.Security.ni.dll
MOD - [2013/05/16 08:49:24 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Configuration\233661f3a2b632e9553915c8639637d0 \System.Configuration.ni.dll
MOD - [2013/05/16 08:49:13 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Win dowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsB ase.ni.dll
MOD - [2013/05/16 08:49:12 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Windows.Forms\153143f74d840484b510d8cf5187796b \System.Windows.Forms.ni.dll
MOD - [2013/05/16 08:48:45 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Core\2f9e0112e10f9e70d3430d0be9863976\System.C ore.ni.dll
MOD - [2013/05/14 15:16:25 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_70 0_202.dll
MOD - [2013/05/09 23:40:47 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/05/08 19:43:45 | 000,548,488 | ---- | M] () -- C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.dll
MOD - [2013/02/14 10:42:34 | 001,226,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.WorkflowServ#\46c1da3f2c4c666140a414394e1cb20b \System.WorkflowServices.ni.dll
MOD - [2013/02/14 10:40:29 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceProce#\766ccafdc4a09b964aa9286a15bca48a \System.ServiceProcess.ni.dll
MOD - [2013/01/09 10:30:40 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Management\ac9e3eca6c148504588e7c6d09fe83e3\Sy stem.Management.ni.dll
MOD - [2013/01/09 10:20:23 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIA utomationProvider\a1b65a602c75409c0c1ce7fa1f2a0983 \UIAutomationProvider.ni.dll
MOD - [2013/01/09 10:20:08 | 001,925,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Web.Services\da5ccd3bc4583fb68696cb0c8209daf4\ System.Web.Services.ni.dll
MOD - [2013/01/09 10:19:38 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Transactions\dcb0e7d56ffca14d7c483103235b11ad\ System.Transactions.ni.dll
MOD - [2013/01/09 10:19:34 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMD iagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiag nostics.ni.dll
MOD - [2013/01/09 10:19:26 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Xaml\866894ebe5258bf9f45d6b063229e990\System.X aml.ni.dll
MOD - [2013/01/09 10:09:27 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\Syste m.Drawing.ni.dll
MOD - [2013/01/09 10:07:38 | 000,309,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Pre sentationFramewo#\82f376255a9523982c52cf58b13268d3 \PresentationFramework.Classic.ni.dll
MOD - [2013/01/09 10:06:58 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Xml\43cd41484df96d15df949eb17dd88152\System.Xm l.ni.dll
MOD - [2013/01/09 10:06:33 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/09 10:06:14 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Sys tem.Numerics\c300c8ca0910bbffb16a244b56be6d05\Syst em.Numerics.ni.dll
MOD - [2013/01/09 10:06:07 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\msc orlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni .dll
MOD - [2012/06/01 15:20:02 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\Rapport MS\39624\RapportMS.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\wincfi39.dll
MOD - [2011/11/10 17:11:00 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/01/23 19:47:44 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
MOD - [2011/01/23 19:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
MOD - [2010/04/05 05:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epoemdll.dll
MOD - [2010/04/05 05:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epstring.dll
MOD - [2010/04/05 05:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epwizres.dll
MOD - [2010/04/05 05:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epwizard.dll
MOD - [2010/04/05 05:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\customui.dll
MOD - [2010/04/05 05:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epfunct.dll
MOD - [2010/04/05 05:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\eputil.dll
MOD - [2010/04/05 05:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\imagutil.dll
MOD - [2010/04/01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdrs.dll
MOD - [2010/04/01 12:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrar y.dll
MOD - [2009/08/19 13:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy. exe
MOD - [2009/05/27 07:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll
MOD - [2009/04/07 14:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\iptk.dll
MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll
MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecptp.dll
MOD - [2009/02/27 22:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/20 03:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXECsmr.dll
MOD - [2009/02/20 03:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXECsm.dll
MOD - [2009/02/19 20:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll
MOD - [2008/12/12 18:11:26 | 000,148,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2008/12/12 18:11:26 | 000,097,280 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/04/14 20:08:24 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxecserv .exe -- (lxecCATSCustConnectService)
SRV:64bit: - [2009/07/30 11:59:32 | 001,050,280 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeccoms.exe -- (lxec_device)
SRV:64bit: - [2009/07/29 16:03:40 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:39:20 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)
SRV:64bit: - [2009/03/31 10:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/06/15 14:16:09 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/08 19:45:06 | 000,056,872 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2013/04/11 21:16:36 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/23 23:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe -- (N360)
SRV - [2012/10/30 22:04:34 | 000,162,232 | ---- | M] (Bayer Healthcare LLC) [Auto | Running] -- C:\Program Files (x86)\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe -- (BayerHealthcareService)
SRV - [2012/08/28 08:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/07/13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/17 01:23:42 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 08:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/04/14 20:08:24 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv. exe -- (lxecCATSCustConnectService)
SRV - [2010/04/14 15:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeccoms.exe -- (lxec_device)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/13 16:13:04 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyS ervice.exe -- (AntiSpywareService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/11/13 15:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2007/09/26 14:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
Reply With Quote
  #7  
Old June 16th, 2013, 05:32 PM
dr_ledger's Avatar
dr_ledger dr_ledger is offline
Senior Member
 
Join Date: Jan 2003
O/S: Windows XP Pro
Location: TN
Posts: 267
========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/27 09:25:53 | 000,049,240 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AntiLog64.sys -- (AntiLog32)
DRV:64bit: - [2013/03/07 17:41:22 | 000,025,784 | ---- | M] (Zemana Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyCrypt64.sys -- (keycrypt)
DRV:64bit: - [2013/02/20 18:45:40 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/01/30 23:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\s ymefa64.sys -- (SymEFA)
DRV:64bit: - [2013/01/28 21:45:20 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\s rtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/01/28 21:45:20 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\s rtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/01/21 22:15:34 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\s ymds64.sys -- (SymDS)
DRV:64bit: - [2012/11/15 22:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\c csetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/27 23:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\i ronx64.sys -- (SymIRON)
DRV:64bit: - [2012/07/22 21:34:24 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\s ymnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 01:24:00 | 000,063,760 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2011/08/17 11:21:40 | 000,028,472 | ---- | M] (SMART Modular) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\JeppDrive.sys -- (JeppDrive)
DRV:64bit: - [2011/07/13 21:17:12 | 000,013,168 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTMouseFilterx64.s ys -- (SMARTMouseFilterx64)
DRV:64bit: - [2011/07/13 21:17:00 | 000,024,944 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTVTabletPCx64.sys -- (SMARTVTabletPCx64)
DRV:64bit: - [2011/07/13 21:16:58 | 000,016,368 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTVHidMiniVistaAmd 64.sys -- (SMARTVHidMiniVistaAmd64)
DRV:64bit: - [2010/11/29 07:31:18 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/25 17:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/02/05 14:34:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/05 14:34:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/11/02 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/08/20 02:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/13 08:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009/07/30 02:11:22 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:26:13 | 000,189,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)
DRV:64bit: - [2009/06/15 10:07:56 | 000,139,616 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 06:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/12/12 18:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2008/12/12 18:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2005/09/24 00:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2013/05/31 12:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\ 20130531.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/05/25 17:33:49 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs \20130614.023\ex64.sys -- (NAVEX15)
DRV - [2013/05/25 17:33:49 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs \20130614.023\eng64.sys -- (NAVENG)
DRV - [2013/05/17 12:17:14 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/02/21 17:50:58 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\2 0130614.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/10/30 07:00:08 | 000,505,720 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\Rapport Cerberus\43926\RapportCerberus64_43926.sys -- (RapportCerberus_43926)
DRV - [2012/08/09 08:11:49 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/04/17 01:24:00 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2012/04/17 01:23:58 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E05E8F95-6CE6-469D-91B6-45BA32BB76AB}
IE:64bit: - HKLM\..\SearchScopes\{9BD28C72-BDAC-45B4-A5A3-D7837E03B1EB}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{E05E8F95-6CE6-469D-91B6-45BA32BB76AB}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=I E-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationTy pe=tb50-ie-aolradio-chromesbox-en-us&tb_uuid=20100402140249417&tb_oid=12-12-2009&tb_mrud=16-09-2010
IE - HKLM\..\SearchScopes\{9BD28C72-BDAC-45B4-A5A3-D7837E03B1EB}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT1060933
IE - HKLM\..\SearchScopes\{E05E8F95-6CE6-469D-91B6-45BA32BB76AB}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=I E-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A DC 63 63 D0 73 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://my.yahoo.com/
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=BLT&o=&src=crm&q={searchTerm s}&locale=
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationTy pe=tb50-ie-aolradio-chromesbox-en-us&tb_uuid=20100402140249417&tb_oid=12-12-2009&tb_mrud=16-09-2010
IE - HKCU\..\SearchScopes\{9BD28C72-BDAC-45B4-A5A3-D7837E03B1EB}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=s112 2&geo=US&ver=5
IE - HKCU\..\SearchScopes\{C751A948-34CE-4226-AA16-C3C859905B82}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3300023&SearchSource=45&UM=2&q ={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130520,19854 ,0,66,0
IE - HKCU\..\SearchScopes\{E05E8F95-6CE6-469D-91B6-45BA32BB76AB}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=I E-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20130520,19857,0,6 6,0"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: addon%40freecorder.com:7.0.0.13
FF - prefs.js..extensions.enabledAddons: idvaultaddin%40whitesky:1.13.506.2
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.3.5.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_70 0_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_70 0_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Charles\AppData\Local\Facebook\Video\Skyp e\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\shopsafe@orbiscom: C:\Program Files (x86)\ShopSafe [2011/03/02 22:45:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \Firefox\Ext [2012/01/01 16:49:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/06/15 13:30:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/02/22 09:48:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\lesstabs@lesstabs.com: C:\Program Files (x86)\Mozilla Firefox\extensions\lesstabs@lesstabs.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/10 03:07:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/01 19:09:10 | 000,000,000 | ---D | M]

[2010/11/18 23:14:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\mozilla\Extension s
[2010/11/18 23:14:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\mozilla\Extension s\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/12/01 19:57:51 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\mozilla\Extension s\home2@tomtom.com
[2013/05/10 02:59:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\P rofiles\6icvjcbo.default\extensions
[2013/05/10 00:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\P rofiles\6icvjcbo.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2013/05/10 00:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\P rofiles\6icvjcbo.default\extensions\{0FED7D55-65D4-47b6-A6DE-9A4ADB55355F}
[2013/05/10 00:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\P rofiles\6icvjcbo.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2013/05/10 00:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\P rofiles\6icvjcbo.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2013/05/10 00:49:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\P rofiles\6icvjcbo.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}
[2013/05/10 00:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\P rofiles\6icvjcbo.default\extensions\idvaultaddin@w hitesky
[2013/05/27 09:26:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\P rofiles\qo5ovb6i.default\extensions
[2013/05/17 19:53:11 | 000,000,000 | ---D | M] (Freecorder) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\P rofiles\qo5ovb6i.default\extensions\addon@freecord er.com
[2013/05/27 09:26:39 | 000,000,000 | ---D | M] (XFINITY Constant Guard Protection Suite) -- C:\Users\Charles\AppData\Roaming\mozilla\Firefox\P rofiles\qo5ovb6i.default\extensions\idvaultaddin@w hitesky
[2013/05/17 10:02:16 | 000,002,530 | ---- | M] () -- C:\Users\Charles\AppData\Roaming\mozilla\firefox\p rofiles\qo5ovb6i.default\searchplugins\safesearch. xml
[2013/05/10 02:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/09 23:38:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/15 13:30:40 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\COFFPLGN
[2013/02/22 09:48:53 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPLGN
[2013/05/09 23:40:49 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/12 13:47:23 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2013/05/09 23:40:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2013/05/09 23:40:42 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Charles\AppData\Roaming\Complitly\64\Comp litly64.dll (SimplyGen)
O2:64bit: - BHO: (Freecorder extension x64) - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files\Freecorder extension x64\ScriptHost.dll (Applian Technologies Inc.)
O2:64bit: - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Charles\AppData\Roaming\Complitly\64\Comp litly64.dll (SimplyGen)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Charles\AppData\Roaming\Complitly\Complit ly.dll (SimplyGen)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (ShopSafeBrowserHelper Class) - {333F6B96-3992-4D58-A499-145A10FE48C3} - C:\Program Files (x86)\ShopSafe\BhoSSafe.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Freecorder extension) - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files (x86)\Freecorder extension\ScriptHost.dll (Applian Technologies Inc.)
O2 - BHO: (Constant Guard Protection Suite) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.506.2\NativeBHO.dll (WhiteSky)
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Charles\AppData\Roaming\Complitly\Complit ly.dll (SimplyGen)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxecmon.exe] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ComcastAntispyClient] C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy. exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 7_700_202_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.223.0.2 67.223.0.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{38FE4937-F9A9-424C-9815-022C178040A2}: DhcpNameServer = 67.223.0.2 67.223.0.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{C3BB2B3A-2D3E-4A32-8E64-DECB397A4A12}: DhcpNameServer = 67.223.0.2 67.223.0.3
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KE6D28~1.DLL) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(2).dll (Zemana Ltd.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\COMMON~1\JAKSTA~1\AUDIOC~1\JAUDCA~1.D LL) - C:\Program Files\Common Files\Jaksta Technologies\Audio Capture\jaudcap64.dll (Jaksta Technologies Pty Ltd)
O20 - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KE50FD~1.DLL) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(2).dll (Zemana Ltd.)
O20 - AppInit_DLLs: (C:\PROGRA~2\COMMON~1\JAKSTA~1\AUDIOC~1\jaudcap.dl l) - C:\Program Files (x86)\Common Files\Jaksta Technologies\Audio Capture\jaudcap.dll (Jaksta Technologies Pty Ltd)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{fb4de506-4825-11e1-8bf2-00269e1a256b}\Shell - "" = AutoRun
O33 - MountPoints2\{fb4de506-4825-11e1-8bf2-00269e1a256b}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/15 14:28:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Charles\Desktop\OTL.exe
[2013/06/07 17:03:47 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2013/06/07 17:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipSE
[2013/05/18 09:37:16 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Local\NPE
[2013/05/17 19:58:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Jaksta Technologies
[2013/05/17 19:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Jaksta Technologies
[2013/05/17 19:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freecorder
[2013/05/17 19:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder extension x64
[2013/05/16 20:46:12 | 000,000,000 | ---D | C] -- C:\Users\Charles\AppData\Roaming\ParetoLogic
[2013/05/16 16:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/05/16 16:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freecorder extension
[2013/05/16 16:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[25 C:\Users\Charles\Desktop\*.tmp files -> C:\Users\Charles\Desktop\*.tmp -> ]
[13 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[13 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========
Reply With Quote
  #8  
Old June 16th, 2013, 05:33 PM
dr_ledger's Avatar
dr_ledger dr_ledger is offline
Senior Member
 
Join Date: Jan 2003
O/S: Windows XP Pro
Location: TN
Posts: 267
[2013/06/15 14:47:09 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/15 14:27:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Charles\Desktop\OTL.exe
[2013/06/15 14:16:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/15 13:34:25 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/15 13:34:25 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/15 13:26:56 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/15 13:26:55 | 000,000,576 | ---- | M] () -- C:\Windows\Brownie.ini
[2013/06/15 13:25:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/15 13:25:25 | 3018,661,888 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/08 12:31:25 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-849950591-2780344445-553799950-1001UA.job
[2013/06/07 18:42:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-849950591-2780344445-553799950-1001Core.job
[2013/06/07 17:27:20 | 000,005,296 | ---- | M] () -- C:\Users\Charles\Documents\cc_20130607_172712.reg
[2013/06/07 17:03:51 | 000,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2013/06/07 16:47:28 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCharles.job
[2013/06/05 15:13:36 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013/06/04 16:33:49 | 000,875,468 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/04 16:33:49 | 000,729,664 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/04 16:33:49 | 000,145,354 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/03 12:10:17 | 000,001,773 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2013/06/02 12:56:24 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/06/02 12:55:33 | 000,002,932 | ---- | M] () -- C:\Users\Charles\Documents\cc_20130602_125528.reg
[2013/06/02 08:35:30 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2013/06/02 08:35:30 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2013/06/01 18:59:00 | 000,256,519 | ---- | M] () -- C:\Users\Charles\Desktop\20130307131643378.pdf
[2013/05/27 09:25:53 | 000,049,240 | ---- | M] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys
[2013/05/27 09:25:06 | 000,002,169 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
[2013/05/21 07:20:02 | 000,210,944 | ---- | M] () -- C:\Users\Charles\Documents\Bayer.db
[2013/05/18 18:26:39 | 000,004,572 | ---- | M] () -- C:\Users\Charles\Documents\cc_20130518_182635.reg
[2013/05/18 18:06:12 | 000,096,348 | ---- | M] () -- C:\Users\Charles\Desktop\safe sanctuary scan.RTF
[2013/05/18 17:06:46 | 000,224,862 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2013/05/18 17:06:10 | 002,130,808 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\C at.DB
[2013/05/17 20:51:44 | 000,022,247 | ---- | M] () -- C:\Qdata.QSD
[2013/05/17 20:51:36 | 001,381,744 | ---- | M] () -- C:\Qdata.QDF
[2013/05/17 20:43:52 | 000,000,326 | ---- | M] () -- C:\Qdata.ABD
[2013/05/17 19:26:06 | 000,006,016 | ---- | M] () -- C:\Users\Charles\Documents\cc_20130517_192602.reg
[2013/05/17 19:25:30 | 000,065,694 | ---- | M] () -- C:\Users\Charles\Documents\cc_20130517_192522.reg
[2013/05/16 20:26:58 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\V T20130115.021
[2013/05/16 16:08:20 | 000,000,009 | ---- | M] () -- C:\END
[2013/05/16 16:01:31 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[25 C:\Users\Charles\Desktop\*.tmp files -> C:\Users\Charles\Desktop\*.tmp -> ]
[13 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[13 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/07 17:27:19 | 000,005,296 | ---- | C] () -- C:\Users\Charles\Documents\cc_20130607_172712.reg
[2013/06/07 17:03:51 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/06/02 12:56:23 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/06/02 12:55:31 | 000,002,932 | ---- | C] () -- C:\Users\Charles\Documents\cc_20130602_125528.reg
[2013/06/01 19:09:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/06/01 19:02:10 | 000,256,519 | ---- | C] () -- C:\Users\Charles\Desktop\20130307131643378.pdf
[2013/05/18 18:26:37 | 000,004,572 | ---- | C] () -- C:\Users\Charles\Documents\cc_20130518_182635.reg
[2013/05/18 17:43:25 | 000,096,348 | ---- | C] () -- C:\Users\Charles\Desktop\safe sanctuary scan.RTF
[2013/05/18 17:03:06 | 001,625,088 | ---- | C] ( ) -- C:\Windows\SysNative\lxecserv.dll
[2013/05/18 17:03:06 | 001,328,640 | ---- | C] ( ) -- C:\Windows\SysNative\lxecusb1.dll
[2013/05/18 17:03:04 | 000,556,032 | ---- | C] ( ) -- C:\Windows\SysNative\lxecinpa.dll
[2013/05/18 17:03:04 | 000,514,048 | ---- | C] ( ) -- C:\Windows\SysNative\lxeciesc.dll
[2013/05/18 17:03:01 | 001,366,528 | ---- | C] ( ) -- C:\Windows\SysNative\lxeccomc.dll
[2013/05/18 17:03:01 | 001,050,280 | ---- | C] ( ) -- C:\Windows\SysNative\lxeccoms.exe
[2013/05/18 17:03:00 | 000,880,640 | ---- | C] ( ) -- C:\Windows\SysNative\lxeclmpm.dll
[2013/05/17 19:26:04 | 000,006,016 | ---- | C] () -- C:\Users\Charles\Documents\cc_20130517_192602.reg
[2013/05/17 19:25:26 | 000,065,694 | ---- | C] () -- C:\Users\Charles\Documents\cc_20130517_192522.reg
[2013/05/16 16:01:28 | 000,002,174 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/05/10 02:19:53 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2013/05/09 23:22:43 | 000,000,258 | RHS- | C] () -- C:\Users\Charles\ntuser.pol
[2013/02/16 11:20:56 | 000,007,619 | ---- | C] () -- C:\Users\Charles\AppData\Local\Resmon.ResmonCfg
[2013/01/10 18:58:30 | 000,031,250 | ---- | C] () -- C:\Windows\HL-5370DW.INI
[2012/12/11 13:27:56 | 004,132,864 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2012/03/26 11:28:14 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecserv.dll
[2012/03/26 11:28:14 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecusb1.dll
[2012/03/26 11:28:14 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecpmui.dll
[2012/03/26 11:28:14 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeclmpm.dll
[2012/03/26 11:28:14 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecinpa.dll
[2012/03/26 11:28:14 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeccomx.dll
[2012/03/26 11:28:14 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeciesc.dll
[2012/03/26 11:28:14 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXECinst.dll
[2012/03/26 11:28:14 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecih.exe
[2012/03/26 11:28:14 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxecins.dll
[2012/03/26 11:28:14 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxecinsb.dll
[2012/03/26 11:28:14 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeccu.dll
[2012/03/26 11:28:14 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxecinsr.dll
[2012/03/26 11:28:14 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeccub.dll
[2012/03/26 11:28:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxecjswr.dll
[2012/03/26 11:28:14 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeccur.dll
[2012/03/26 11:28:13 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomc.dll
[2012/03/26 11:28:13 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxechbn3.dll
[2012/03/26 11:28:13 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccoms.exe
[2012/03/26 11:28:13 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccfg.exe
[2012/03/26 11:28:13 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomm.dll
[2012/02/05 23:32:42 | 000,000,048 | ---- | C] () -- C:\Windows\fpengine.INI
[2012/01/05 19:43:44 | 000,000,629 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32. bc
[2011/12/30 01:49:00 | 000,000,084 | ---- | C] () -- C:\Users\Charles\Videos.scn
[2011/12/30 01:18:54 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011/12/16 00:07:35 | 000,000,153 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011/12/16 00:07:35 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011/12/16 00:01:08 | 000,000,576 | ---- | C] () -- C:\Windows\Brownie.ini
[2011/12/14 17:45:26 | 000,000,028 | ---- | C] () -- C:\Windows\jsum.INI
[2011/10/29 21:56:49 | 000,000,273 | ---- | C] () -- C:\Users\Charles\apple festival_Title_ 1.mpg.scn
[2011/10/29 21:42:58 | 2793,998,336 | ---- | C] () -- C:\Users\Charles\apple festival_Title_ 1.mpg
[2010/12/27 23:26:38 | 005,394,432 | ---- | C] () -- C:\Users\Charles\s-1-5-21-849950591-2780344445-553799950-1001.rrr
[2010/05/29 14:12:29 | 000,000,095 | -H-- | C] () -- C:\Users\Charles\AppData\Local\fusioncache.dat
[2010/01/30 00:06:49 | 000,007,620 | -H-- | C] () -- C:\Users\Charles\AppData\Roaming\wklnhst.dat
[2009/12/18 07:38:47 | 000,008,623 | -H-- | C] () -- C:\Users\Charles\AppData\Local\tmpDSC00009_navi.JP G
[2009/12/18 07:38:46 | 000,023,086 | -H-- | C] () -- C:\Users\Charles\AppData\Local\tmpDSC00009.JPG
[2009/12/18 00:28:36 | 000,034,745 | -H-- | C] () -- C:\Users\Charles\AppData\Local\tmpDSC00014.JPG
[2009/12/18 00:28:36 | 000,029,867 | -H-- | C] () -- C:\Users\Charles\AppData\Local\tmpDSC00014.0
[2009/12/12 18:42:40 | 000,008,704 | ---- | C] () -- C:\Users\Charles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 09:27:25 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 08:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/08/08 17:53:37 | 000,000,000 | -HSD | M] -- C:\Users\Charles\AppData\Roaming\.#
[2012/10/10 15:45:53 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Complitly
[2010/10/13 22:51:18 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\DriverCure
[2010/10/05 08:44:42 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\GetRightToGo
[2012/02/02 21:25:01 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\HTC
[2012/02/02 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\HTC.388BC06ACDAB6 261375BCE37FBA2E023C0D7EE34.1
[2013/06/15 15:08:29 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\ID Vault
[2009/12/12 15:09:43 | 000,000,000 | -H-D | M] -- C:\Users\Charles\AppData\Roaming\ImTOO Software Studio
[2011/12/30 10:19:01 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\IObit
[2009/12/24 03:10:44 | 000,000,000 | -H-D | M] -- C:\Users\Charles\AppData\Roaming\LG Electronics
[2009/12/12 20:48:23 | 000,000,000 | -H-D | M] -- C:\Users\Charles\AppData\Roaming\NCH Swift Sound
[2011/12/24 17:05:26 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\ooVoo Details
[2010/12/04 19:17:08 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Opera
[2013/05/16 20:46:12 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\ParetoLogic
[2012/07/12 13:49:02 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Participatory Culture Foundation
[2012/02/04 19:29:49 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\PC Cleaners
[2010/12/16 12:13:57 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\PCFix
[2012/02/04 19:29:49 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\PCPro
[2013/03/31 23:18:34 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\PhotoScape
[2010/10/05 08:44:53 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Pro800-Pro900 Series
[2010/12/27 23:27:59 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Registry Mechanic
[2011/05/14 20:59:47 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Sammsoft
[2010/10/05 08:42:41 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Seattle Avionics
[2011/03/03 20:25:22 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\SMART Technologies
[2010/10/24 07:11:31 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\SMART Technologies Inc
[2013/05/10 02:29:42 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Strongvault
[2013/01/19 23:21:26 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\TeamViewer
[2010/01/30 00:06:52 | 000,000,000 | -H-D | M] -- C:\Users\Charles\AppData\Roaming\Template
[2010/11/18 23:14:02 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Thunderbird
[2011/11/30 11:02:28 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Tific
[2010/10/05 08:42:41 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\TomTom
[2011/04/22 08:23:58 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Trusteer
[2011/02/08 00:30:57 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\TS3Client
[2012/09/18 23:21:39 | 000,000,000 | -H-D | M] -- C:\Users\Charles\AppData\Roaming\TuneUpMedia
[2010/11/03 19:26:04 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Walgreens
[2009/12/01 13:59:42 | 000,000,000 | -H-D | M] -- C:\Users\Charles\AppData\Roaming\WildTangent
[2009/12/02 22:48:01 | 000,000,000 | -H-D | M] -- C:\Users\Charles\AppData\Roaming\WinBatch
[2012/04/17 23:44:07 | 000,000,000 | ---D | M] -- C:\Users\Charles\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp1B5B4F1

< End of report >
Reply With Quote
  #9  
Old June 16th, 2013, 05:34 PM
dr_ledger's Avatar
dr_ledger dr_ledger is offline
Senior Member
 
Join Date: Jan 2003
O/S: Windows XP Pro
Location: TN
Posts: 267
OTL Extras logfile created on: 6/15/2013 2:35:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Charles\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 32.26% Memory free
7.50 Gb Paging File | 4.33 Gb Available in Paging File | 57.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.18 Gb Total Space | 40.78 Gb Free Space | 8.98% Space Free | Partition Type: NTFS
Drive D: | 11.48 Gb Total Space | 2.10 Gb Free Space | 18.33% Space Free | Partition Type: NTFS

Computer Name: PAVILLION | User Name: Charles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{01E0CC84-EF7D-4828-B232-AF624468B99D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{1ED6C501-4F3F-40D4-B60C-A1FD128DEC06}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{225780C7-742F-4CFB-B423-56BD7DA05453}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2D2D7370-5522-4097-922C-A76EAFE702B1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3511F70D-BDDA-4D55-B95B-30C824E89B48}" = rport=138 | protocol=17 | dir=out | app=system |
"{41E8F0DA-B2DE-49CE-876C-ED265F03F4B8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{43BF87B8-C9EB-4B7F-90C3-9C55504CF6E2}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A440FE1-4BC2-41BF-BACA-AE1701A5B279}" = rport=445 | protocol=6 | dir=out | app=system |
"{4B4712C1-3B04-421A-AFD7-E9836A13FA0C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6575A8F4-FF23-4D44-A56F-ABFEC19C0412}" = rport=139 | protocol=6 | dir=out | app=system |
"{72A76060-6F73-4DAE-96EF-704B49487541}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79EAB849-02E4-42D2-836B-496F3E2808AB}" = lport=445 | protocol=6 | dir=in | app=system |
"{7CFB62CC-225A-4046-B927-C2E3AD10E056}" = lport=139 | protocol=6 | dir=in | app=system |
"{83CE3DBE-4A01-41FF-993C-77718F6E091E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8D7B39D3-5FEA-4EBF-93F8-719EDBEB1BEA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{91431E75-78C7-4778-BC93-D2ADEE4B9C8D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{950CDA31-45A3-405D-8016-73CB31F367F9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A0142AC1-7676-41E9-BB4F-FFF5642B2A48}" = lport=138 | protocol=17 | dir=in | app=system |
"{A245A3F7-296A-4676-B493-956F5A73A583}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |
"{A85E0569-6A47-4F53-92A7-B3EF771E6F7E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A93183C6-6476-49D2-B296-96BA524AD408}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{B26AD672-6152-4DF6-88A6-24BBF6B9D329}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA927C66-62FE-4AFF-BD8E-0E5B8875D981}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D22423A8-FDD2-4E4E-A8CE-A490A50B6BE9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D253A585-B8EF-4EFD-9587-3FF0AE730BA7}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{D725AFB4-2856-4E8F-9A35-140FD2D06DDF}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{DAAD4A59-EE51-4E35-9BE0-6AB31EBC0BFC}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |
"{E2574DFE-BE0C-4469-B609-74125F4412E9}" = lport=137 | protocol=17 | dir=in | app=system |
"{EBF0EE3E-106D-4D27-B274-692E0B1F7AFD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EC28352E-6FD8-4A40-B205-F0426D466619}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF864BF0-94A2-4EA8-B7AF-F1DF257DCD8E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{08A17D73-5681-4569-8B5F-8612F45A1E52}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0CBB9D84-E08D-46FB-B90B-57B3FA2705B6}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{1471AC4F-20ED-4BC1-8350-24428C9FE11A}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{155AD205-E8C1-4CAD-A477-882420D89916}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\education software\smartsnmpagent.exe |
"{156C5162-A899-476A-960B-DA327FB64B5D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{15F6CE10-F526-404E-B156-82D71AD72582}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{17D84796-FD65-4C05-8F89-324E8482874D}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |
"{1F0D72DB-5A4F-468F-9D76-6B45ED08E3F8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1FD4EA93-D670-4695-957A-C3392A52931D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{2247B954-2AC4-4CF2-9551-F852A6F01B06}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\education software\vantageservice.exe |
"{233DEBD0-3959-4BF3-A957-7D727D148DAD}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\education software\ucgui.exe |
"{236FAE20-395C-44D3-9DD2-F2A4140891EA}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 16\programs\ngstudio.exe |
"{24E1D853-0250-4645-8E46-DC91A1787AF3}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{27E73950-30AF-4FF7-A6FC-24C1DDCA5862}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{2A92655B-BD99-46B6-904E-44D4C9F2966B}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\rm.exe |
"{2B3CA548-2D5A-4C50-A215-D9268440406C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{326A614C-2885-4A3A-839C-45E15D9B5885}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{38267C7A-C516-4E5D-B255-112A92F90BFA}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 16\programs\rm.exe |
"{3AB29DB3-E777-4A79-AF96-E112D698AFB4}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 16\programs\umi.exe |
"{3B65A333-CE99-4CC4-BC83-17FA66D4C2B7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3CAB7591-9D47-46C5-9108-CCA2DD86260F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3F778778-766E-4B9D-B962-8B58ECA15FDC}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\umi.exe |
"{43B8B4C7-A638-486B-8AAB-0236CEBACEF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4AFE3C54-F77B-4D48-AFC8-8EF512721312}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 16\programs\rm.exe |
"{4C240B48-060C-4542-92D4-5142B108F85C}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{4DFFFA98-F96F-41C5-9D4D-E0133E1B409A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5250E502-7A03-4122-B333-F617E13954DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5513B2FE-D3CD-48FB-A8B5-F80334BAAD88}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{57A300B2-AA7A-4671-9CCB-743C3888A3F0}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{5A637005-4B6B-4BF7-AB1C-1873B356AA6B}" = dir=in | app=c:\users\charles\appdata\local\facebook\video\ skype\facebookvideocalling.exe |
"{5D8AE244-335C-4E42-9CE8-4D9B9BD4B8F5}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{5D9056E9-CCA5-4D1D-847B-61D91DC870BA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{6068DF46-0212-4597-A625-51DD03CB1FB6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{646E7909-B6FA-4CC9-948D-17E42636E234}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{66DF1A71-740F-4511-BC2B-82F8E21A413A}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 16\programs\umi.exe |
"{6AE6EC05-0A00-4CA6-B85C-DD5D5D1E3FB7}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{6E939BC1-F4F7-4AAE-A65D-5C4F111F666C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7005E9D8-B5CA-49D8-9880-254C28409DC2}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\education software\ucgui.exe |
"{7294167B-3645-4BCA-952D-DEC26BF5D989}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{7AE267D1-60C2-47A6-ABA3-15E86877B4AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89770091-8425-410F-8443-B6CACCDE30D4}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\umi.exe |
"{8DBF259F-ADE4-49F1-AAE3-8B7267143486}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{95BDE657-1635-49A9-B540-20B31E169CA9}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\education software\ucservice.exe |
"{9603542F-ACCE-46CA-BD55-556AC05A14AC}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\education software\smartsnmpagent.exe |
"{980329BC-7806-499F-B182-CCE679C4FD33}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\education software\ucservice.exe |
"{9CF36883-EA42-4AB3-884E-045E177DB208}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{9DA95873-4A0F-4072-9C8A-6C19F64FA37A}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{9FF6F556-5461-4156-A530-07DC4C4EACBC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A3325D90-5B11-4E84-9F2F-7C9B5A0908DA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{AA3DF03E-15E0-41B0-9F7E-876EDD650D97}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AC01B7BE-0180-46BB-978B-D6BBCE9CBE7D}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 16\programs\ngstudio.exe |
"{AEF80A57-E22E-43A0-8609-CC37CA7A6309}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B3D678CD-CAF0-41A1-92D6-782A75BD39FC}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{B483E9FC-A7EB-48AC-836D-68398279B831}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9C84B6E-22E4-4735-A89A-BD975FC67149}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{BFDAF392-7779-4F08-87CB-321CC7897450}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
"{C1673E89-B484-4A11-A300-1BB958CF3B12}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\rm.exe |
"{C27FE7ED-8089-4FEB-B10E-064E4F85E269}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C2F2B001-CE5C-423E-98C0-98065374CEB5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C30FB86A-CCA7-4786-8CFD-A2208BE159A1}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |
"{C32A6E61-D24D-4B6C-ADA1-0BC64432AD31}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{C3E048E4-A10C-44D0-8E73-4042C2CEA722}" = protocol=6 | dir=out | app=system |
"{D3FBB3B0-E26B-470D-9C56-1ECF2B941223}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D4BA7739-441D-479E-8A0F-1C051423B5D3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D7D46D53-B221-4101-9A2A-7E5C54D81BCC}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{D85A49EC-D456-4F2C-9DFB-F2F13DFA65C2}" = protocol=6 | dir=in | app=c:\program files (x86)\applian technologies\freecorder 8 applications\torrent\aria2c.exe |
"{DA3728F7-7C83-48B9-A213-61BC371D3361}" = protocol=17 | dir=in | app=c:\program files (x86)\applian technologies\freecorder 8 applications\torrent\aria2c.exe |
"{DC819925-4A6A-49B6-A275-923CAE36BF62}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{DE29AD90-B3F1-4953-8D3C-845B462B6A67}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E0D92450-35B1-47B7-A400-3CEBE83023C5}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{E8E43EEE-9F60-4CC6-9BF9-68B85AACA34D}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{EFECB11A-6083-4281-A5B2-A7C0C0A91E71}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{F59E5376-60C3-480E-BAF1-43F60D9F33D0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F61BB3CC-9FF7-4F40-8BBA-55AE4DD8A23C}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\education software\vantageservice.exe |
"{FD95E45F-006A-4642-99F6-BF44BE14121F}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{1F37F8E1-2864-4226-B47C-2A873E4AD565}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{2B536FE5-E23C-4E6C-883C-8E7B15C66FC9}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{3B777BDD-47B9-4D10-9011-33BB0B9F8AF1}C:\program files (x86)\pinnacle\studio 12\programs\studio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |
"TCP Query User{74C15DF1-9FDA-411D-9AF5-8744314BCCDC}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{83BFA1F2-1821-4417-A2EE-36BF9C8A293B}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{A8BFDC25-53B5-49D8-8FE6-A5A554C710CD}C:\program files (x86)\smart technologies\smart notebook express\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\smart notebook express\jre\bin\java.exe |
"TCP Query User{B0A6028B-E855-458A-80D7-117A9900401A}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{CFBD70B0-BCF8-4655-B88B-DBEBB9A61B67}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{32F101AE-3EA7-4AD3-8667-CA635D25FEC4}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{6B977056-4763-4E56-BC60-FEDA0AA5FBD7}C:\program files (x86)\smart technologies\smart notebook express\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\smart notebook express\jre\bin\java.exe |
"UDP Query User{7DAA9F07-AC4C-4762-A0C2-0E14EEF3F268}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{8339E331-6A8B-4009-8968-B764914D030E}C:\program files (x86)\pinnacle\studio 12\programs\studio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |
"UDP Query User{C958AC34-2B86-48AF-A031-412A8ACEB031}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{D3A32C39-E5B8-49B0-9F80-7FD72E467B08}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{EA6DACCD-81A1-4101-8E2A-055217B7EF88}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{F0431282-F57C-4C3E-BB84-C11725EA1B92}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========
Reply With Quote
  #10  
Old June 16th, 2013, 05:35 PM
dr_ledger's Avatar
dr_ledger dr_ledger is offline
Senior Member
 
Join Date: Jan 2003
O/S: Windows XP Pro
Location: TN
Posts: 267
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{42BFFAB4-9C03-2FED-AD6E-5E5363BA1955}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"doPDF 6 printer_is1" = doPDF 6.2 printer
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{02A0375F-61CA-4C5A-A872-2CA47BB4F6DE}" = TurboTax 2011 wtniper
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A844D8F-A965-11E2-9E77-B8AC6F98CCE3}" = Google Earth
"{0DE42B62-2395-427D-A7AF-E8E102110E07}" = FlightPrep Flight Planning & EFB Software
"{0E5DD7A3-BE29-430C-970B-C553F4A58C39}" = SMART Common Platform
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1E646D31-E383-4A38-DFCF-781A74FB9858}" = CCC Help Finnish
"{1E9AD7EA-66AC-4D4E-C02F-7172F246EB1F}" = Catalyst Control Center Graphics Previews Vista
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{1FE80E58-0774-4EC3-B6BA-68876B88D4B9}" = TurboTax 2011 wvaiper
"{2081036F-986D-EF5A-9992-6F5C53E8DFF1}" = Catalyst Control Center InstallProxy
"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{272253C3-D9DD-4C0C-A586-7E7ABC7E9AA2}" = Presto! BizCard 5
"{274DEF95-E6CE-C341-1972-6B22E3281EEB}" = CCC Help Polish
"{284BFDBC-DAC6-43EC-85A8-E1CEC0D3A114}" = Pinnacle Studio 16
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2B0DF49C-FC06-4B2B-934A-92E2DCE20C4C}" = Jeppesen Services
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{366D148A-1756-E946-5964-444E2415678D}" = CCC Help Danish
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{37D59F62-2FC7-412D-AA55-3D0E6A9BD9C7}" = Microsoft Live Search Toolbar
"{37F79692-6F8A-487E-BF5A-A1E3227D9830}" = HFX Volume 2
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3CD1ADA0-EAA2-012B-AEBD-000000000000}" = TurboTax 2009 wtniper
"{3D29DFC0-EAA2-012B-AED3-000000000000}" = TurboTax 2009 wvaiper
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{468B359F-BAEF-466F-BB82-5EDEA1D8B2FB}" = HFX Volume 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1" = AntiLogger SDK version 1.5.6.849
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{510DE38F-8FEC-4AFE-8C8C-8095C55C1DDC}" = TurboTax 2011 waliper
"{53BDA79C-A92B-E184-800A-038EEB0D69A6}" = CCC Help French
"{53EEE636-043D-4961-9373-1731F6B17EE2}" = Brother HL-5370DW
"{570ae51c-698f-4bb1-9af7-f613f99a8031}" =
"{5D40D696-22F2-D261-08DE-A751824F562D}" = CCC Help Portuguese
"{62039B5E-0148-43D3-BD09-3CA265DE186C}" = SMART Notebook Express
"{656D080F-5F1B-8EF4-CD1F-6FBF4EB409C4}" = CCC Help English
"{659AC38D-6F03-47E9-A920-B54B45B15AB5}" = HFX Volume 3
"{67330878-0617-41A9-A3B0-B5298E89E7BC}" = Pinnacle Winter Pack Full
"{67E6410C-1E97-4D03-BEC2-8E83323A6BBD}" = SMART Product Drivers
"{69B16184-00BE-ACB2-37A1-7DCA07CAE2E0}" = CCC Help Korean
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F4C3D8A-A2BE-3B40-ACD5-86DF3825F413}" = CCC Help Dutch
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3FFA58-876F-489C-B6CF-0503916224DF}" = HTC Sync
"{7AEFE589-B252-BF69-4214-0860F917A4D1}" = CCC Help Japanese
"{7D0F4ACC-698A-41B9-B1E2-17594988FBEF}" = Pinnacle Studio 16 - Standard Content Pack
"{7E650501-0148-3107-5639-FEBC3C5080CD}" = CCC Help Greek
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87A51331-4FB9-4A50-B08D-D3D8420F068A}" = TurboTax 2012 wtniper
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{88C4D8A6-9954-46A0-965D-92E55DAB8734}" = Premium Pack Volumes 1-2
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8B9737AD-2B66-8F52-AA64-A87778B673A4}" = CCC Help German
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = Media Player Utilities 4.36
"{8C3ADE22-5B38-4331-A75C-00E116128D3D}" = GLUCOFACTS(TM) Deluxe Smart Launch
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUSR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{924CCB82-8E0A-4123-B33B-AFDDCF0AFC8F}" = Microsoft Carioca Rummy
"{93E3785B-7608-6F53-8AF8-9A8AFC9A31DE}" = Catalyst Control Center Graphics Light
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96165A0E-F058-4303-B701-A91C219E3967}" = TurboTax 2010 wtniper
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B51F69B-487C-BCFF-80BE-5E2BD7B94776}" = CCC Help Italian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{9F079974-58DD-AF5A-E454-950372B2EF1C}" = CCC Help Turkish
"{A4AD4909-E4E7-AEB4-209E-1CB5D522A21D}" = Catalyst Control Center Graphics Full New
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{ADDB19F9-18BE-4576-99F6-35A42D997FA1}" = ShopSafe
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B250243D-9FF1-4B7F-8343-2F0A3B3A7BE8}" = FlightPrep Flight Planning & EFB Software
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B719E5DB-BC66-9F1A-CD40-668250946CB1}" = CCC Help Hungarian
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BB830F9E-53B3-492F-B39C-2DF615D1C9E1}" = TurboTax 2010 wvaiper
"{BF07C982-3446-46F8-8D76-4A4455B7F804}" = Jeppesen Services
"{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C46481CC-B58A-DE40-24B0-ACE64C97D378}" = Catalyst Control Center Graphics Full Existing
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C7C5B46A-5DA5-AFA5-8BE5-36861536E120}" = CCC Help Spanish
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB440589-2AC8-876B-2657-AFDA37ED6BC0}" = CCC Help Swedish
"{CC54CE76-5569-9EDE-CB2C-A115430E8688}" = ccc-core-static
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D1860E6E-520E-4380-8433-E58E8F88B473}" = Pinnacle Studio 12 Ultimate Plugins
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D458185A-B8E1-6E57-75AC-222E6B86E2DF}" = CCC Help Chinese Standard
"{D9BD22DA-55FC-D509-EC7E-6849A8922A99}" = CCC Help Norwegian
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DBDAD850-F8CD-45DA-8077-44368A1F959F}" = HP Support Assistant
"{DCBDA0BD-11BA-4AD1-9F82-6B073EABEFCE}" = Presto! BizCard 5
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DE530693-973E-CE12-FF08-98558C6332AD}" = CCC Help Czech
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E3D181F8-246B-497F-945E-6DB98CBA6677}" = Hollywood FX Volumes 1-3
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E4E7F33E-276C-49C7-9E90-DFAA715C3B99}" = GLUCOFACTS(TM) Deluxe
"{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E74093EF-4942-ADD9-8616-4AF6173A6879}" = CCC Help Thai
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1886CD7-9F73-417A-92E9-7E0AB0F0E099}" = Pinnacle Studio 16 - Install Manager
"{F3A0F9FD-A069-C5DD-3384-99A5EEAB712B}" = Catalyst Control Center Core Implementation
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6043C26-61F4-D049-1FFB-752DD0089441}" = Catalyst Control Center Localization All
"{F65E11C0-0DE9-2A98-C70A-50D7FD217CF1}" = CCC Help Russian
"{F7214014-27EE-4237-9978-2F9D1551559B}" = Title Extreme
"{FA57CBC1-487B-4B77-B2CB-F2BDD21AE82D}" = TurboTax 2012 waliper
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD0933C-7B16-7545-808C-81A9E5888648}" = CCC Help Chinese Traditional
"{FFFD3E91-8881-4903-9413-7C4849907118}" = ShopSafe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"Cucusoft DVD to iPod + iPod Video Converter Suite_is1" = Cucusoft DVD to iPod + iPod Video Converter Suite 8.8.8.8
"DAO 3.5" = DAO 3.5
"ExpressBurn" = Express Burn
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Freecorder 8 Applications" = Freecorder 8 Applications (8.0.0.87)
"Freecorder extension" = Freecorder extension
"Freecorder extension for Firefox" = Freecorder extension for Firefox
"Freecorder extension x64" = Freecorder extension x64
"Freecorder Toolbar" = Freecorder Toolbar
"HP Remote Solution" = HP Remote Solution
"HTC_WModemDriver" = WModem Driver Installer
"ID Vault" = Constant Guard Protection Suite
"ImTOO Video to Audio Converter" = ImTOO Video to Audio Converter
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"jZip" = jZip
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.4.0 (Full)
"Linksys EasyLink Advisor" = Linksys EasyLink Advisor
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mplayer" = Mplayer 0.6.9
"N360" = Norton Security Suite
"Practical Risk Management for Takeoffs and Landings Course Version 3.5f" = Practical Risk Management for Takeoffs and Landings Course Version 3.5f
"Prism" = Prism Video Converter
"PROPLUSR" = Microsoft Office Professional Plus 2007
"Quicken Deluxe 99" = Quicken Deluxe 99
"Rapport_msi" = Rapport
"RealPlayer 12.0" = RealPlayer
"sl-dlc" = SelectionLinks
"stax-Pinnacle_is1" = SureThing Express Labeler
"ToolBox" = NCH Toolbox
"TuneUpMedia" = TuneUp Companion 2.2.7
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"TurboTax 2012" = TurboTax 2012
"WavePad" = WavePad Sound Editor
"WildTangent hp Master Uninstall" = HP Games
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"6de165f8d859031f" = iFly Connect

========== Last 20 Event Log Errors ==========
Reply With Quote
  #11  
Old June 16th, 2013, 05:35 PM
dr_ledger's Avatar
dr_ledger dr_ledger is offline
Senior Member
 
Join Date: Jan 2003
O/S: Windows XP Pro
Location: TN
Posts: 267
[ Application Events ]
Error - 1/13/2012 12:59:01 PM | Computer Name = Pavillion | Source = MsiInstaller | ID = 11303
Description =

Error - 1/20/2012 2:06:32 PM | Computer Name = Pavillion | Source = Application Error | ID = 1000
Description = Faulting application name: AcroRd32.exe, version: 10.1.2.45, time
stamp: 0x4f02e382 Faulting module name: AcroRd32.exe, version: 10.1.2.45, time stamp:
0x4f02e382 Exception code: 0xc0000005 Fault offset: 0x0005e985 Faulting process id:
0x1104 Faulting application start time: 0x01ccd79e0a509c53 Faulting application path:
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe Faulting module path:
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe Report Id: 7aff3425-4391-11e1-b2f5-00269e1a256b

Error - 1/20/2012 2:06:44 PM | Computer Name = Pavillion | Source = Application Error | ID = 1000
Description = Faulting application name: AcroRd32.exe, version: 10.1.2.45, time
stamp: 0x4f02e382 Faulting module name: AcroRd32.exe, version: 10.1.2.45, time stamp:
0x4f02e382 Exception code: 0xc0000005 Fault offset: 0x0005e985 Faulting process id:
0x2264 Faulting application start time: 0x01ccd79e41109147 Faulting application path:
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe Faulting module path:
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe Report Id: 823c4558-4391-11e1-b2f5-00269e1a256b

Error - 1/20/2012 2:06:53 PM | Computer Name = Pavillion | Source = Application Error | ID = 1000
Description = Faulting application name: AcroRd32.exe, version: 10.1.2.45, time
stamp: 0x4f02e382 Faulting module name: AcroRd32.exe, version: 10.1.2.45, time stamp:
0x4f02e382 Exception code: 0xc0000005 Fault offset: 0x0005e985 Faulting process id:
0x222c Faulting application start time: 0x01ccd79e49301479 Faulting application path:
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe Faulting module path:
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe Report Id: 87b02cc7-4391-11e1-b2f5-00269e1a256b

Error - 1/20/2012 2:07:32 PM | Computer Name = Pavillion | Source = Application Error | ID = 1000
Description = Faulting application name: AcroRd32.exe, version: 10.1.2.45, time
stamp: 0x4f02e382 Faulting module name: AcroRd32.exe, version: 10.1.2.45, time stamp:
0x4f02e382 Exception code: 0xc0000005 Fault offset: 0x0005e985 Faulting process id:
0x2b80 Faulting application start time: 0x01ccd79e5d337b2c Faulting application path:
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe Faulting module path:
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe Report Id: 9f0f9475-4391-11e1-b2f5-00269e1a256b

Error - 1/20/2012 2:07:57 PM | Computer Name = Pavillion | Source = Application Error | ID = 1000
Description = Faulting application name: AcroRd32.exe, version: 10.1.2.45, time
stamp: 0x4f02e382 Faulting module name: AcroRd32.exe, version: 10.1.2.45, time stamp:
0x4f02e382 Exception code: 0xc0000005 Fault offset: 0x0005e985 Faulting process id:
0x22b0 Faulting application start time: 0x01ccd79e6a355360 Faulting application path:
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe Faulting module path:
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe Report Id: ae15a3f0-4391-11e1-b2f5-00269e1a256b

Error - 1/20/2012 11:48:43 PM | Computer Name = Pavillion | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 12.0.6562.5003 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: db8 Start
Time: 01ccd7ee95a01a76 Termination Time: 33 Application Path: C:\Program Files (x86)\Microsoft
Office\Office12\OUTLOOK.EXE Report Id: b0f19b28-43e2-11e1-b819-00269e1a256b

Error - 1/22/2012 1:49:54 PM | Computer Name = Pavillion | Source = Application Error | ID = 1000
Description = Faulting application name: nmsrvc.exe, version: 11.0.8268.0, time
stamp: 0x48dac758 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7ba58 Exception code: 0xc0000005 Fault offset: 0x00038da9 Faulting process
id: 0x1050 Faulting application start time: 0x01ccd7ee5c8bbe94 Faulting application
path: C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
Faulting
module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 7d617295-4521-11e1-b819-00269e1a256b

Error - 1/22/2012 7:28:23 PM | Computer Name = Pavillion | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 13c0 Start
Time: 01ccd95d5839285c Termination Time: 100 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 1/26/2012 10:06:33 AM | Computer Name = Pavillion | Source = Application Hang | ID = 1002
Description = The program OUTLOOK.EXE version 12.0.6562.5003 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 110c Start
Time: 01ccdc32eb9ad900 Termination Time: 491 Application Path: C:\Program Files (x86)\Microsoft
Office\Office12\OUTLOOK.EXE Report Id: d76d0b2f-4826-11e1-8bf2-00269e1a256b

Error - 1/28/2012 1:25:36 PM | Computer Name = Pavillion | Source = Application Hang | ID = 1002
Description = The program ccSvcHst.exe version 10.1.1.16 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: d5c Start
Time: 01ccdc32dcabc0a7 Termination Time: 76 Application Path: C:\Program Files (x86)\Norton
Security Suite\Engine\5.1.0.29\ccSvcHst.exe Report Id:

[ Hewlett-Packard Events ]
Error - 5/3/2011 7:51:09 AM | Computer Name = Pavillion | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyz ing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandle r(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Objec t source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(Dependency Object
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArg s
e) at System.Windows.BroadcastEventHelper.BroadcastEvent (DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloa dedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendin gCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRend erCallbacks() at System.Windows.Media.MediaContext.RenderMessageHan dlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMe ssageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.Internal RealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatch When(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 7/15/2011 12:50:06 PM | Computer Name = Pavillion | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyz ing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandle r(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Objec t source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(Dependency Object
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArg s
e) at System.Windows.BroadcastEventHelper.BroadcastEvent (DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloa dedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendin gCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRend erCallbacks() at System.Windows.Media.MediaContext.RenderMessageHan dlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.RenderMessageHan dler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.Internal RealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatch When(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


[ OSession Events ]
Error - 4/11/2011 11:02:40 AM | Computer Name = Pavillion | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/25/2011 7:05:30 PM | Computer Name = Pavillion | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/26/2011 6:46:47 AM | Computer Name = Pavillion | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/15/2011 1:19:40 PM | Computer Name = Pavillion | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 167
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/25/2011 8:28:48 AM | Computer Name = Pavillion | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/7/2011 3:08:56 PM | Computer Name = Pavillion | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/17/2011 9:29:25 PM | Computer Name = Pavillion | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/24/2011 9:43:33 AM | Computer Name = Pavillion | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 50
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/25/2012 5:17:14 PM | Computer Name = Pavillion | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 18365
seconds with 2520 seconds of active time. This session ended with a crash.

Error - 12/10/2012 9:17:43 AM | Computer Name = Pavillion | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 52
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/15/2013 3:12:22 PM | Computer Name = Pavillion | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140995069

Error - 6/15/2013 3:12:24 PM | Computer Name = Pavillion | Source = PNRPSvc | ID = 102
Description =

Error - 6/15/2013 3:12:24 PM | Computer Name = Pavillion | Source = PNRPSvc | ID = 102
Description =

Error - 6/15/2013 3:12:24 PM | Computer Name = Pavillion | Source = PNRPSvc | ID = 102
Description =

Error - 6/15/2013 3:12:24 PM | Computer Name = Pavillion | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140995069

Error - 6/15/2013 3:12:24 PM | Computer Name = Pavillion | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140995069

Error - 6/15/2013 3:12:24 PM | Computer Name = Pavillion | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140995069

Error - 6/15/2013 3:12:24 PM | Computer Name = Pavillion | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140995069

Error - 6/15/2013 3:12:24 PM | Computer Name = Pavillion | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140995069

Error - 6/15/2013 3:12:24 PM | Computer Name = Pavillion | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140995069


< End of report >
Reply With Quote
  #12  
Old June 16th, 2013, 05:36 PM
dr_ledger's Avatar
dr_ledger dr_ledger is offline
Senior Member
 
Join Date: Jan 2003
O/S: Windows XP Pro
Location: TN
Posts: 267
I sent each file in three sections. Thanks for your input.
Reply With Quote
  #13  
Old June 16th, 2013, 06:02 PM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 41
Posts: 5,017
Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Reply With Quote
  #14  
Old June 16th, 2013, 06:37 PM
dr_ledger's Avatar
dr_ledger dr_ledger is offline
Senior Member
 
Join Date: Jan 2003
O/S: Windows XP Pro
Location: TN
Posts: 267
AdwCleaner v2.303 - Logfile created 06/16/2013 at 13:35:43
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Charles - PAVILLION
# Boot Mode : Normal
# Running from : C:\Users\Charles\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla FireFox\Components\AskHPRFF.js
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Users\Charles\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\P rofiles\qo5ovb6i.default\searchplugins\safesearch. xml
Folder Found : C:\Program Files (x86)\Common Files\ParetoLogic
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Freecorder
Folder Found : C:\Program Files (x86)\Freecorder extension
Folder Found : C:\Program Files (x86)\Freecorder extension
Folder Found : C:\Program Files (x86)\jZip
Folder Found : C:\Program Files (x86)\OApps
Folder Found : C:\ProgramData\~0
Folder Found : C:\ProgramData\APN
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
Folder Found : C:\Users\Charles\AppData\Local\Conduit
Folder Found : C:\Users\Charles\AppData\Local\Freecorder
Folder Found : C:\Users\Charles\AppData\Local\jZip
Folder Found : C:\Users\Charles\AppData\Local\Wajam
Folder Found : C:\Users\Charles\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Charles\AppData\LocalLow\Conduit
Folder Found : C:\Users\Charles\AppData\LocalLow\Freecorder
Folder Found : C:\Users\Charles\AppData\LocalLow\jZip
Folder Found : C:\Users\Charles\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Charles\AppData\Roaming\Complitly
Folder Found : C:\Users\Charles\AppData\Roaming\DriverCure
Folder Found : C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\P rofiles\6icvjcbo.default\Conduit
Folder Found : C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\P rofiles\6icvjcbo.default\ConduitCommon
Folder Found : C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\P rofiles\6icvjcbo.default\ConduitEngine
Folder Found : C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\P rofiles\6icvjcbo.default\extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}
Folder Found : C:\Users\Charles\AppData\Roaming\ParetoLogic
Folder Found : C:\Users\Charles\AppData\Roaming\registry mechanic
Folder Found : C:\Windows\Freecorder

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchSco pes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Freecorder
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\xfin_portal
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\Complitly
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Freecorder
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{CECB5798-EB3A-4052-AF7A-C7CBF2466C19}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
Key Found : HKCU\Software\wecarereminder
Key Found : HKCU\Software\Zugo
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Found : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Found : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Classes\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Key Found : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\RegistryHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO .1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freecorder
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\Software\jZip
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_R ASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_R ASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASA PI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASM ANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAP I32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMA NCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{A3E023B0-5709-4AA9-AB3E-030C8768264F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\SimplyGen
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1917AB4C-E2E9-42ae-A51E-B5750F160BFB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C65F1F0-8088-414B-828C-813207ADE75A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3E023B0-5709-4AA9-AB3E-030C8768264F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4341726-E922-47bb-86A6-23F4F4F67342}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C9B4F046-2A8C-46BD-B1A1-CF0EAE5EA521}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CECB5798-EB3A-4052-AF7A-C7CBF2466C19}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DCA1528D-A3C0-4A9F-AA6E-DCE643F91495}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0214A 12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A 1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{045F9 1B3-695F-423A-98C7-8DE3C47AA020}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1348B D1B-C32A-41A7-9BD4-5377AA1AB925}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{395AF E6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{43969 E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{43B39 0F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{93CF5 4F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94CAD A2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{96DD9 437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B1 1F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E52E B8B-8DD9-4605-AD36-D352BCD482F2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A1440 EC3-F0FA-407A-B811-DE6668C06D29}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B887C A3B-D82B-4A01-AD29-E97444D01CE6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9A84 AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C1995 F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C815E 3DA-0823-49B0-9270-D1771D58B317}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE6 52B-8C99-4AC2-B556-8B501182874E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D3BC5 3E7-0437-4C97-90EE-2CD6FF47FB14}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \defdhglnppeioeflggkmglipcecffkhk
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \dlfienamagdnkekbbbocojppncdambda
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31A4B011-EEC5-4022-80E9-4ABE6449C813}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E62F7CB7-71FD-4ED9-816B-0818020E949D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\Freecorder extension
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\Freecorder Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\jZip
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1917AB4C-E2E9-42ae-A51E-B5750F160BFB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6C65F1F0-8088-414B-828C-813207ADE75A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4341726-E922-47bb-86A6-23F4F4F67342}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C9B4F046-2A8C-46BD-B1A1-CF0EAE5EA521}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DCA1528D-A3C0-4A9F-AA6E-DCE643F91495}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Found : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
Key Found : HKU\S-1-5-21-849950591-2780344445-553799950-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-849950591-2780344445-553799950-1001\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Found : HKU\S-1-5-21-849950591-2780344445-553799950-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\P rofiles\qo5ovb6i.default\prefs.js

Found : user_pref("CT3295465_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("extensions.freecorder@freecorder.com.me nuitems", "[{\"name\":\"Freecorder Menu Header\",\[...]
Found : user_pref("smartbar.machineId", "MWYVNNK1QWFIB869UEEE3HDAG82ZKOVBFK2HJQTUDMF9XTJ0P X+XWP/W63BHAWFCOAL[...]

-\\ Opera v [Unable to get version]

File : C:\Users\Charles\AppData\Roaming\Opera\Opera\opera prefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [17976 octets] - [16/06/2013 13:35:43]

########## EOF - C:\AdwCleaner[R1].txt - [18037 octets] ##########



second file shortly
Reply With Quote
  #15  
Old June 16th, 2013, 06:45 PM
dr_ledger's Avatar
dr_ledger dr_ledger is offline
Senior Member
 
Join Date: Jan 2003
O/S: Windows XP Pro
Location: TN
Posts: 267
# AdwCleaner v2.303 - Logfile created 06/16/2013 at 13:38:31
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Charles - PAVILLION
# Boot Mode : Normal
# Running from : C:\Users\Charles\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla FireFox\Components\AskHPRFF.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Charles\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\P rofiles\qo5ovb6i.default\searchplugins\safesearch. xml
Folder Deleted : C:\Program Files (x86)\Common Files\ParetoLogic
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Freecorder
Folder Deleted : C:\Program Files (x86)\Freecorder extension
Folder Deleted : C:\Program Files (x86)\jZip
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
Folder Deleted : C:\Users\Charles\AppData\Local\Conduit
Folder Deleted : C:\Users\Charles\AppData\Local\Freecorder
Folder Deleted : C:\Users\Charles\AppData\Local\jZip
Folder Deleted : C:\Users\Charles\AppData\Local\Wajam
Folder Deleted : C:\Users\Charles\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Charles\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Charles\AppData\LocalLow\Freecorder
Folder Deleted : C:\Users\Charles\AppData\LocalLow\jZip
Folder Deleted : C:\Users\Charles\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Charles\AppData\Roaming\Complitly
Folder Deleted : C:\Users\Charles\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\P rofiles\6icvjcbo.default\Conduit
Folder Deleted : C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\P rofiles\6icvjcbo.default\ConduitCommon
Folder Deleted : C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\P rofiles\6icvjcbo.default\ConduitEngine
Folder Deleted : C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\P rofiles\6icvjcbo.default\extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}
Folder Deleted : C:\Users\Charles\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Charles\AppData\Roaming\registry mechanic
Folder Deleted : C:\Windows\Freecorder

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchSco pes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecorder
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Freecorder
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{CECB5798-EB3A-4052-AF7A-C7CBF2466C19}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\RegistryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO .1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freecorder
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\jZip
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_R ASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_R ASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASA PI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASM ANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAP I32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMA NCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{A3E023B0-5709-4AA9-AB3E-030C8768264F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\SimplyGen
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1917AB4C-E2E9-42ae-A51E-B5750F160BFB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C65F1F0-8088-414B-828C-813207ADE75A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A3E023B0-5709-4AA9-AB3E-030C8768264F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4341726-E922-47bb-86A6-23F4F4F67342}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C9B4F046-2A8C-46BD-B1A1-CF0EAE5EA521}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CECB5798-EB3A-4052-AF7A-C7CBF2466C19}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DCA1528D-A3C0-4A9F-AA6E-DCE643F91495}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0214A 12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A 1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{045F9 1B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1348B D1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{395AF E6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{43969 E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{43B39 0F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{93CF5 4F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94CAD A2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{96DD9 437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B1 1F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E52E B8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A1440 EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B887C A3B-D82B-4A01-AD29-E97444D01CE6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9A84 AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C1995 F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C815E 3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE6 52B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D3BC5 3E7-0437-4C97-90EE-2CD6FF47FB14}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \defdhglnppeioeflggkmglipcecffkhk
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \dlfienamagdnkekbbbocojppncdambda
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31A4B011-EEC5-4022-80E9-4ABE6449C813}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E62F7CB7-71FD-4ED9-816B-0818020E949D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\Freecorder extension
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\Freecorder Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\jZip
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1917AB4C-E2E9-42ae-A51E-B5750F160BFB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C65F1F0-8088-414B-828C-813207ADE75A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4341726-E922-47bb-86A6-23F4F4F67342}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C9B4F046-2A8C-46BD-B1A1-CF0EAE5EA521}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DCA1528D-A3C0-4A9F-AA6E-DCE643F91495}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\P rofiles\qo5ovb6i.default\prefs.js

C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\P rofiles\qo5ovb6i.default\user.js ... Deleted !

Deleted : user_pref("CT3295465_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("extensions.freecorder@freecorder.com.me nuitems", "[{\"name\":\"Freecorder Menu Header\",\[...]
Deleted : user_pref("smartbar.machineId", "MWYVNNK1QWFIB869UEEE3HDAG82ZKOVBFK2HJQTUDMF9XTJ0P X+XWP/W63BHAWFCOAL[...]

-\\ Opera v [Unable to get version]

File : C:\Users\Charles\AppData\Roaming\Opera\Opera\opera prefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [18037 octets] - [16/06/2013 13:35:43]
AdwCleaner[S1].txt - [18017 octets] - [16/06/2013 13:38:31]

########## EOF - C:\AdwCleaner[S1].txt - [18078 octets] ##########
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
what's in this file slowing me down now please?(Moved by Murf) rnsbg Malware Removal 9 August 10th, 2017 09:10 PM
Weird connections I can see with TCP View-Moved by MURF Chris427 Malware Removal 26 November 23rd, 2014 01:19 AM
Browser hijack / jump - Moved by Murf Sancho-Panza Malware Removal 13 February 17th, 2010 10:21 PM
HijackThis Log File (Moved from Hardware-Murf) Siamese Dog Malware Removal 1 November 11th, 2006 06:31 AM
My hijack this log - Moved to Hardware - Murf Roxie Hardware 18 June 17th, 2005 02:08 AM




All times are GMT +1. The time now is 12:13 PM.