Delta Search and Babylon keep returning

Solved
By Marie Olgin
Jun 19, 2013
  1. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    I believe that is all you needed (for this round). Thank you again for all your help today. I will look for more from you soon.
  2. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    [​IMG] Update Firefox to the current 21.0 version.

    [​IMG] 1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
  3. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    I don't use Firefox would it be okay to uninstall it at this point? When I go to help, it says "downloading version 12.0" but it does that forever and never seems to complete the download and update.
  4. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    Also I have something called MixiDJ that seems to be hijacking my home page in Firefox...
  5. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    Managed to install v. 21 of Firefox. Now what to do about this home page hack?
  6. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    BTW, the MixiDJ came with the AVG snafu. So did the fake "backup your system now" messages I'm getting.
  7. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    If only Firefox is affected and you don't use it uninstall it.
  8. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Admin`
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: AppData
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Gilbert
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: John
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Lancee
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Marie
    ->Temp folder emptied: 10636959 bytes
    ->Temporary Internet Files folder emptied: 9225341 bytes
    ->Java cache emptied: 46031 bytes
    ->FireFox cache emptied: 14639806 bytes
    ->Google Chrome cache emptied: 20552174 bytes
    ->Flash cache emptied: 628 bytes

    User: Mcx1
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: RA Media Server
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 286473 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 2347384 bytes

    Total Files Cleaned = 55.00 mb


    [EMPTYFLASH]

    User: Admin`
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: AppData

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Gilbert
    ->Flash cache emptied: 0 bytes

    User: John
    ->Flash cache emptied: 0 bytes

    User: Lancee
    ->Flash cache emptied: 0 bytes

    User: Marie
    ->Flash cache emptied: 0 bytes

    User: Mcx1

    User: Public

    User: RA Media Server

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Admin`

    User: All Users

    User: AppData

    User: Default

    User: Default User

    User: Gilbert
    ->Java cache emptied: 0 bytes

    User: John
    ->Java cache emptied: 0 bytes

    User: Lancee
    ->Java cache emptied: 0 bytes

    User: Marie
    ->Java cache emptied: 0 bytes

    User: Mcx1

    User: Public

    User: RA Media Server

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 06242013_183601

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  9. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    How is my computer doing? 1. IE is running very slow. 2. I'm still getting a popup right after rebooting that I'm pretty sure is NOT legit. It says "Your computer is ready to backup. Your Windows PC has free computer backup software installed. Click OK to register your computer and start a backup now." It pops up as if it is a system tray warning, but it's not. I always just close it with the X in the upper right corner.
  10. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
    No installation required.
    Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
    Go File>Save, and save it as AutoRuns.txt file to know location.
    You must select Text from drop-down menu as a file type:

    [​IMG]

    Attach the file to your next reply.
  11. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    "HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms""""""""11/2/2006 8:24 AM"
    + "rdpclip""""""File not found: rdpclip"""
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run""""""""6/24/2013 6:48 PM"
    + "Bluetooth HCI Monitor""Bluetooth HCI Monitoring application""Logitech Inc.""c:\windows\system32\hcimntr.dll""11/6/2006 10:56 AM"
    + "IAAnotif""Event Monitor User Notification Tool""Intel Corporation""c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe""7/20/2008 5:41 PM"
    + "RtHDVCpl""HD Audio Control Panel""Realtek Semiconductor""c:\program files\realtek\audio\hda\ravcpl64.exe""1/22/2009 7:50 PM"
    + "Skytel""""""File not found: C:\Program Files\Realtek\Audio\HDA\Skytel.exe"""
    + "Windows Defender""Windows Defender User Interface""Microsoft Corporation""c:\program files\windows defender\msascui.exe""1/18/2008 11:19 PM"
    + "WrtMon.exe""NsWrtMon Microsoft Base Class Application""""c:\windows\system32\spool\drivers\x64\3\wrtmon.exe""9/19/2006 5:35 PM"
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run""""""""6/24/2013 6:45 PM"
    + "Adobe ARM""Adobe Reader and Acrobat Manager""Adobe Systems Incorporated""c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe""4/4/2013 2:05 PM"
    + "APSDaemon""Apple Push""Apple Inc.""c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe""9/24/2012 7:55 PM"
    + "AVG_UI""AVG User Interface""AVG Technologies CZ, s.r.o.""c:\program files (x86)\avg\avg2013\avgui.exe""4/28/2013 2:44 PM"
    + "Check Point Endpoint Connect""""""File not found: TrGUI.exe"""
    + "ConnectionCenter""Citrix online plug-in Connection Center""Citrix Systems, Inc.""c:\program files (x86)\citrix\ica client\concentr.exe""10/12/2010 2:24 PM"
    + "HP Software Update""hpwuSchd Application""Hewlett-Packard""c:\program files (x86)\hp\hp software update\hpwuschd2.exe""4/27/2010 1:58 AM"
    + "iTunesHelper""iTunesHelper""Apple Inc.""c:\program files (x86)\itunes\ituneshelper.exe""9/9/2012 10:31 PM"
    + "LogitechQuickCamRibbon""Camera Software""Logitech Inc.""c:\program files\logitech\logitech webcam software\lws.exe""10/14/2009 1:32 PM"
    + "Malwarebytes Anti-Malware (reboot)""Malwarebytes' Anti-Malware""Malwarebytes Corporation""c:\program files (x86)\malwarebytes' anti-malware\mbam.exe""9/10/2009 12:39 PM"
    + "NUSB3MON""USB 3.0 Monitor""Renesas Electronics Corporation""c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe""9/7/2011 11:47 PM"
    + "OpwareSE4""OCR Aware""ScanSoft, Inc.""c:\program files (x86)\scansoft\omnipagese4.0\opwarese4.exe""10/10/2006 9:37 AM"
    + "SearchProtectAll""Search Protect by Conduit""Conduit""c:\program files (x86)\searchprotect\bin\cltmng.exe""5/7/2013 11:16 PM"
    + "SpeetItUpFree""""""File not found: C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"""
    + "SSBkgdUpdate""SSBkgdUpdate""Nuance Communications, Inc.""c:\program files (x86)\common files\scansoft shared\ssbkgdupdate\ssbkgdupdate.exe""9/28/2006 4:15 AM"
    + "StartCCC""Catalyst® Control Center Launcher""Advanced Micro Devices, Inc.""c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe""8/1/2008 12:23 PM"
    + "SunJavaUpdateSched""Java(TM) Update Scheduler""Oracle Corporation""c:\program files (x86)\common files\java\java update\jusched.exe""3/12/2013 8:32 AM"
    + "TkBellExe""RealNetworks Scheduler""RealNetworks, Inc.""c:\program files (x86)\real\realplayer\update\realsched.exe""11/30/2012 4:17 PM"
    + "vProt""VProtect Application""AVG Secure Search""c:\program files (x86)\avg safeguard toolbar\vprot.exe""5/2/2013 4:26 AM"
    "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup""""""""6/23/2013 4:13 PM"
    + "Bluetooth.lnk""Bluetooth Tray Application""Broadcom Corporation.""c:\program files\widcomm\bluetooth software\bttray.exe""7/15/2008 4:54 PM"
    + "Gizmo.lnk""Gizmo Central""Arainia Solutions""c:\program files (x86)\gizmo\gizmo.exe""12/12/2009 8:39 PM"
    "C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup""""""""6/23/2013 4:13 PM"
    + "Dell Dock.lnk""Dell Dock""Stardock Corporation""c:\program files\dell\delldock\delldock.exe""2/6/2009 2:22 PM"
    + "Dropbox.lnk""""""c:\users\marie\appdata\roaming\microsoft\windows\start menu\programs\startup\dropbox.lnk""6/4/2013 12:27 PM"
    + "MyPC Backup.lnk""MyPC Backup""MyPCBackup.com""c:\program files (x86)\mypc backup\mypc backup.exe""5/31/2013 4:13 AM"
    + "ZooskMessenger.lnk""""""File not found: C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe"""
    "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components""""""""9/24/2009 11:16 AM"
    + "Microsoft Windows Mail 7""Windows Mail""Microsoft Corporation""c:\program files\windows mail\winmail.exe""1/18/2008 11:25 PM"
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components""""""""6/24/2013 6:45 PM"
    + "Google Chrome""Google Chrome""Google Inc.""c:\program files (x86)\google\chrome\application\27.0.1453.116\installer\chrmstp.exe""6/14/2013 3:48 PM"
    + "Microsoft Windows Mail 7""Windows Mail""Microsoft Corporation""c:\program files (x86)\windows mail\winmail.exe""1/18/2008 10:47 PM"
    "HKCU\Software\Microsoft\Windows\CurrentVersion\Run""""""""6/22/2013 11:58 PM"
    + "Aim""AOL Instant Messenger""AOL LLC""c:\program files (x86)\aim\aim.exe""10/1/2009 1:20 PM"
    + "cdloader""magicJack (cdloader2)""magicJack L.P.""c:\users\marie\appdata\roaming\mjusbsp\cdloader2.exe""12/12/2007 4:34 AM"
    + "EA Core""""""File not found: C:\Program Files (x86)\Electronic Arts\EADM\Core.exe"""
    + "GizmoDriveDelegate""Mount ISOs, encrypted hard drive images to a virtual drive""""c:\program files (x86)\gizmo\gdrive.dll""12/12/2009 8:39 PM"
    + "Logitech Vid""Logitech Vid""Logitech Inc.""c:\program files (x86)\logitech\logitech vid\vid.exe""7/15/2009 1:34 PM"
    + "Messenger (Yahoo!)""Yahoo! Messenger""Yahoo! Inc.""c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe""5/26/2009 8:53 PM"
    + "msnmsgr""Windows Live Messenger""Microsoft Corporation""c:\program files (x86)\windows live\messenger\msnmsgr.exe""3/8/2012 7:36 PM"
    + "OurSoftUpdaterChecker""""""File not found: C:\Program Files (x86)\NetNucleous\GorillaPrice\GPCheck.exe"""
    + "SearchProtect""Search Protect by Conduit""Conduit""c:\users\marie\appdata\roaming\searchprotect\bin\cltmng.exe""5/7/2013 11:16 PM"
    + "Skype""Skype ""Skype Technologies S.A.""c:\program files (x86)\skype\phone\skype.exe""1/8/2013 5:55 AM"
    + "WebCake Desktop""WebCake Desktop""WebCake LLC""c:\users\marie\appdata\roaming\webcake\webcakedesktop.exe""5/16/2013 4:19 PM"
    "HKLM\SOFTWARE\Microsoft\Windows CE Services\AutoStartOnConnect""""""""8/17/2009 11:20 AM"
    + "BTW Setup Wizard""BtWizard Module""Broadcom Corporation.""c:\windows\system32\btwizard.dll""7/15/2008 4:45 PM"
    "HKLM\SOFTWARE\Classes\Protocols\Handler""""""""6/23/2013 3:56 PM"
    + "wot""""""c:\program files\wot\wot.dll""8/2/2012 8:12 AM"
    "HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers""""""""6/4/2013 12:27 PM"
    + "DropboxExt""Dropbox Shell Extension""Dropbox, Inc.""c:\users\marie\appdata\roaming\dropbox\bin\dropboxext64.19.dll""3/28/2013 12:43 PM"
    "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers""""""""1/10/2013 9:29 AM"
    + "AVG Shell Extension""AVG Shell Extension""AVG Technologies CZ, s.r.o.""c:\program files (x86)\avg\avg2013\avgsea.dll""3/27/2013 6:47 PM"
    + "WinRAR""WinRAR shell extension""Alexander Roshal""c:\program files (x86)\winrar\rarext64.dll""6/9/2012 6:20 AM"
    "HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers""""""""1/10/2013 9:29 AM"
    + "AVG Shell Extension""AVG Shell Extension""AVG Technologies CZ, s.r.o.""c:\program files (x86)\avg\avg2013\avgse.dll""3/27/2013 6:47 PM"
    + "WinRAR32""WinRAR shell extension""Alexander Roshal""c:\program files (x86)\winrar\rarext.dll""6/9/2012 6:20 AM"
    "HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers""""""""6/11/2013 8:58 PM"
    + "GizmoShellMenuExt""Gizmo Shell Module""""c:\program files (x86)\gizmo\gshell-x64.dll""9/3/2008 7:31 PM"
    "HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers""""""""11/2/2006 8:29 AM"
    + "MBAMShlExt""Malwarebytes' Anti-Malware""Malwarebytes Corporation""c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll""7/6/2009 11:34 AM"
    "HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers""""""""6/4/2013 12:27 PM"
    + "DropboxExt""Dropbox Shell Extension""Dropbox, Inc.""c:\users\marie\appdata\roaming\dropbox\bin\dropboxext64.19.dll""3/28/2013 12:43 PM"
    "HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers""""""""6/22/2013 11:58 PM"
    + "Monitor""BTNCopy Module""Broadcom Corporation.""c:\windows\system32\btncopy.dll""7/15/2008 4:28 PM"
    "HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers""""""""6/4/2013 12:27 PM"
    + "DropboxExt""Dropbox Shell Extension""Dropbox, Inc.""c:\users\marie\appdata\roaming\dropbox\bin\dropboxext64.19.dll""3/28/2013 12:43 PM"
    "HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers""""""""11/2/2006 8:29 AM"
    + "ACE""AMD Desktop Control Panel""Advanced Micro Devices, Inc.""c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll""7/4/2008 7:56 AM"
    "HKLM\Software\Classes\Folder\Shellex\ColumnHandlers""""""""5/18/2009 12:06 AM"
    + "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}""""OpenOffice.org""c:\program files (x86)\openoffice.org 3\basis\program\shlxthdl\shlxthdl_x64.dll""5/20/2010 2:44 PM"
    "HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers""""""""5/18/2009 12:06 AM"
    + "PDF Shell Extension""PDF Shell Extension""Adobe Systems, Inc.""c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll""5/11/2013 2:34 AM"
    + "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}""""""File not found: program\shlxthdl\shlxthdl.dll"""
    "HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers""""""""5/18/2009 12:06 AM"
    + "AVG Shell Extension""AVG Shell Extension""AVG Technologies CZ, s.r.o.""c:\program files (x86)\avg\avg2013\avgsea.dll""3/27/2013 6:47 PM"
    + "GizmoShellMenuExt""Gizmo Shell Module""""c:\program files (x86)\gizmo\gshell-x64.dll""9/3/2008 7:31 PM"
    + "WinRAR""WinRAR shell extension""Alexander Roshal""c:\program files (x86)\winrar\rarext64.dll""6/9/2012 6:20 AM"
    "HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers""""""""5/18/2009 12:06 AM"
    + "AVG Shell Extension""AVG Shell Extension""AVG Technologies CZ, s.r.o.""c:\program files (x86)\avg\avg2013\avgse.dll""3/27/2013 6:47 PM"
    + "MBAMShlExt""Malwarebytes' Anti-Malware""Malwarebytes Corporation""c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll""7/6/2009 11:34 AM"
    + "WinRAR32""WinRAR shell extension""Alexander Roshal""c:\program files (x86)\winrar\rarext.dll""6/9/2012 6:20 AM"
    "HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers""""""""5/18/2009 12:06 AM"
    + "WinRAR""WinRAR shell extension""Alexander Roshal""c:\program files (x86)\winrar\rarext64.dll""6/9/2012 6:20 AM"
    "HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers""""""""5/18/2009 12:06 AM"
    + "WinRAR32""WinRAR shell extension""Alexander Roshal""c:\program files (x86)\winrar\rarext.dll""6/9/2012 6:20 AM"
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers""""""""6/21/2013 4:59 PM"
    + "DropboxExt1""Dropbox Shell Extension""Dropbox, Inc.""c:\users\marie\appdata\roaming\dropbox\bin\dropboxext64.19.dll""3/28/2013 12:43 PM"
    + "DropboxExt2""Dropbox Shell Extension""Dropbox, Inc.""c:\users\marie\appdata\roaming\dropbox\bin\dropboxext64.19.dll""3/28/2013 12:43 PM"
    + "DropboxExt3""Dropbox Shell Extension""Dropbox, Inc.""c:\users\marie\appdata\roaming\dropbox\bin\dropboxext64.19.dll""3/28/2013 12:43 PM"
    + "DropboxExt4""Dropbox Shell Extension""Dropbox, Inc.""c:\users\marie\appdata\roaming\dropbox\bin\dropboxext64.19.dll""3/28/2013 12:43 PM"
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers""""""""6/24/2013 7:15 PM"
    + "DropboxExt1""Dropbox Shell Extension""Dropbox, Inc.""c:\users\marie\appdata\roaming\dropbox\bin\dropboxext.19.dll""3/28/2013 12:43 PM"
    + "DropboxExt2""Dropbox Shell Extension""Dropbox, Inc.""c:\users\marie\appdata\roaming\dropbox\bin\dropboxext.19.dll""3/28/2013 12:43 PM"
    + "DropboxExt3""Dropbox Shell Extension""Dropbox, Inc.""c:\users\marie\appdata\roaming\dropbox\bin\dropboxext.19.dll""3/28/2013 12:43 PM"
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects""""""""6/21/2013 4:59 PM"
    + "Google Toolbar Helper""Google Toolbar""Google Inc.""c:\program files (x86)\google\google toolbar\googletoolbar_64.dll""6/9/2013 5:13 PM"
    + "Office Document Cache Handler""Microsoft Office Document Cache Handler""Microsoft Corporation""c:\program files\microsoft office\office14\urlredir.dll""12/20/2010 8:48 PM"
    + "Windows Live ID Sign-in Helper""Microsoft® Windows Live ID Login Helper""Microsoft Corp.""c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll""3/28/2011 9:12 PM"
    + "WOT Helper""""""c:\program files\wot\wot.dll""8/2/2012 8:12 AM"
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects""""""""6/24/2013 7:15 PM"
    + "AVG SafeGuard toolbar""toolbar.dll""AVG Secure Search""c:\program files (x86)\avg safeguard toolbar\15.2.0.5\avg safeguard toolbar_toolbar.dll""5/2/2013 4:31 AM"
    + "Google Toolbar Helper""Google Toolbar""Google Inc.""c:\program files (x86)\google\google toolbar\googletoolbar_32.dll""6/9/2013 5:25 PM"
    + "Java(tm) Plug-In 2 SSV Helper""Java(TM) Platform SE binary""Oracle Corporation""c:\program files (x86)\java\jre7\bin\jp2ssv.dll""6/21/2013 1:51 PM"
    + "Java(tm) Plug-In SSV Helper""Java(TM) Platform SE binary""Oracle Corporation""c:\program files (x86)\java\jre7\bin\ssv.dll""6/21/2013 1:50 PM"
    + "Office Document Cache Handler""Microsoft Office Document Cache Handler""Microsoft Corporation""c:\program files (x86)\microsoft office\office14\urlredir.dll""12/20/2010 6:04 PM"
    + "RealNetworks Download and Record Plugin for Internet Explorer""RealPlayer Download and Record Plugin""RealDownloader""c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll""11/29/2012 9:33 PM"
    + "Skype Plug-In""Skype add-on for IE""Skype Technologies S.A.""c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll""9/27/2010 3:57 AM"
    + "Windows Live ID Sign-in Helper""Microsoft® Windows Live ID Login Helper""Microsoft Corp.""c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll""3/28/2011 8:32 PM"
    + "Windows Live Messenger Companion Helper""Windows Live Messenger Companion Core""Microsoft Corporation""c:\program files (x86)\windows live\companion\companioncore.dll""3/8/2012 7:13 PM"
    + "WOT Helper""""""c:\program files (x86)\wot\wot.dll""8/2/2012 8:13 AM"
    "HKLM\Software\Microsoft\Internet Explorer\Toolbar""""""""6/22/2013 11:58 PM"
    + "Google Toolbar""Google Toolbar""Google Inc.""c:\program files (x86)\google\google toolbar\googletoolbar_64.dll""6/9/2013 5:13 PM"
    + "WOT""""""c:\program files\wot\wot.dll""8/2/2012 8:12 AM"
    "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar""""""""6/24/2013 6:45 PM"
    + "AVG SafeGuard toolbar""toolbar.dll""AVG Secure Search""c:\program files (x86)\avg safeguard toolbar\15.2.0.5\avg safeguard toolbar_toolbar.dll""5/2/2013 4:31 AM"
    + "Google Toolbar""Google Toolbar""Google Inc.""c:\program files (x86)\google\google toolbar\googletoolbar_32.dll""6/9/2013 5:25 PM"
    + "WOT""""""c:\program files (x86)\wot\wot.dll""8/2/2012 8:13 AM"
    "HKLM\Software\Microsoft\Internet Explorer\Extensions""""""""6/22/2013 11:58 PM"
    + "OneNote Lin&ked Notes""Microsoft OneNote Internet Explorer Add-in""Microsoft Corporation""c:\program files\microsoft office\office14\onbttnielinkednotes.dll""12/20/2010 10:56 PM"
    + "Se&nd to OneNote""Microsoft OneNote Internet Explorer Add-in""Microsoft Corporation""c:\program files\microsoft office\office14\onbttnie.dll""1/18/2012 12:52 AM"
    + "Send to &Bluetooth Device...""""""c:\program files\widcomm\bluetooth software\btsendto_ie.htm""1/23/2007 12:57 PM"
    "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions""""""""6/24/2013 6:45 PM"
    + "&Blog This in Windows Live Writer""Windows Live Writer Blog This Extension""Microsoft Corporation""c:\program files (x86)\windows live\writer\writerbrowserextension.dll""3/8/2012 7:13 PM"
    + "Messenger Companion (Ctrl+Shift+C)""Windows Live Messenger Companion Core""Microsoft Corporation""c:\program files (x86)\windows live\companion\companioncore.dll""3/8/2012 7:13 PM"
    + "OneNote Lin&ked Notes""Microsoft OneNote Internet Explorer Add-in""Microsoft Corporation""c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll""12/20/2010 8:05 PM"
    + "Se&nd to OneNote""Microsoft OneNote Internet Explorer Add-in""Microsoft Corporation""c:\program files (x86)\microsoft office\office14\onbttnie.dll""1/17/2012 11:20 PM"
    + "Send to &Bluetooth Device...""""""c:\program files\widcomm\bluetooth software\btsendto_ie.htm""1/23/2007 12:57 PM"
    + "Skype Plug-In""Skype add-on for IE""Skype Technologies S.A.""c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll""9/27/2010 3:57 AM"
    "Task Scheduler"""""""""
    + "\0""Internet Explorer""Microsoft Corporation""c:\program files (x86)\internet explorer\iexplore.exe""5/16/2013 3:25 PM"
    + "\Apple\AppleSoftwareUpdate""Apple Software Update""Apple Inc.""c:\program files (x86)\apple software update\softwareupdate.exe""6/1/2011 5:46 PM"
    + "\Desk 365 RunAsStdUser""""""File not found: C:\Program Files (x86)\Desk 365\desk365.exe"""
    + "\GoogleUpdateTaskUserS-1-5-21-2355649138-3362126530-1860452381-1002Core""Google Installer""Google Inc.""c:\users\marie\appdata\local\google\update\googleupdate.exe""2/15/2012 7:43 PM"
    + "\GoogleUpdateTaskUserS-1-5-21-2355649138-3362126530-1860452381-1002UA""Google Installer""Google Inc.""c:\users\marie\appdata\local\google\update\googleupdate.exe""2/15/2012 7:43 PM"
    + "\HPCustParticipation HP Deskjet 1050 J410 series""HP Customer Participation.""Hewlett-Packard Co.""c:\program files\hp\hp deskjet 1050 j410 series\bin\hpcustpartic.exe""6/14/2010 4:28 PM"
    + "\HPCustParticipation HP Deskjet 3520 series""HP Customer Participation.""Hewlett-Packard Co.""c:\program files\hp\hp deskjet 3520 series\bin\hpcustpartic.exe""10/17/2012 4:34 AM"
    + "\Launch HTC Sync Loader""""""File not found: C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe"""
    + "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task""Windows Live Social Object Extractor Engine""Microsoft Corporation""c:\program files (x86)\windows live\soxe\wlsoxe.dll""3/8/2012 7:13 PM"
    + "\Microsoft\Windows\WindowsCalendar\Reminders - Marie""Windows Calendar""Microsoft Corporation""c:\program files\windows calendar\wincal.exe""1/18/2008 11:26 PM"
    + "\Microsoft\Windows\Wired\GatherWiredInfo""""""c:\windows\system32\gatherwiredinfo.vbs""1/20/2008 7:48 PM"
    + "\Microsoft\Windows\Wireless\GatherWirelessInfo""""""c:\windows\system32\gatherwirelessinfo.vbs""1/20/2008 7:47 PM"
    + "\RealDownloaderDownloaderScheduledTaskS-1-5-21-2355649138-3362126530-1860452381-1002""RealDownloader""RealNetworks, Inc.""c:\program files (x86)\realnetworks\realdownloader\recordingmanager.exe""11/29/2012 9:33 PM"
    + "\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2355649138-3362126530-1860452381-1002""RealUpgrade Launcher""RealNetworks, Inc.""c:\program files (x86)\realnetworks\realdownloader\realupgrade.exe""11/29/2012 9:31 PM"
    + "\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2355649138-3362126530-1860452381-1002""RealUpgrade Launcher""RealNetworks, Inc.""c:\program files (x86)\realnetworks\realdownloader\realupgrade.exe""11/29/2012 9:31 PM"
    + "\RealPlayerRealUpgradeLogonTaskS-1-5-21-2355649138-3362126530-1860452381-1002""RealUpgrade Launcher""RealNetworks, Inc.""c:\program files (x86)\real\realupgrade\realupgrade.exe""11/30/2012 4:30 PM"
    + "\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2355649138-3362126530-1860452381-1002""RealUpgrade Launcher""RealNetworks, Inc.""c:\program files (x86)\real\realupgrade\realupgrade.exe""11/30/2012 4:30 PM"
    + "\{07CBC3BD-CA72-46DE-BCB2-E391316454A6}""Skype ""Skype Technologies S.A.""c:\program files (x86)\skype\phone\skype.exe""1/8/2013 5:55 AM"
    + "\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B}""Gizmo Central""Arainia Solutions""c:\program files (x86)\gizmo\gizmo.exe""12/12/2009 8:39 PM"
    "HKLM\System\CurrentControlSet\Services""""""""6/23/2013 4:20 PM"
    + "AdobeARMservice""Adobe Acrobat Updater keeps your Adobe software up to date.""Adobe Systems Incorporated""c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe""4/4/2013 2:05 PM"
    + "AdobeFlashPlayerUpdateSvc""This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes.""Adobe Systems Incorporated""c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe""5/29/2013 2:43 PM"
    + "AERTFilters""Andrea filters APO access service (64-bit)""Andrea Electronics Corporation""c:\program files\realtek\audio\hda\aertsr64.exe""9/25/2008 3:49 PM"
    + "Apache2.2""Apache/2.2.6 (Win32) PHP/5.2.4""Apache Software Foundation""c:\program files (x86)\common files\dell\apache\bin\httpd.exe""9/15/2007 11:52 PM"
    + "Apple Mobile Device""Provides the interface to Apple mobile devices.""Apple Inc.""c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe""5/17/2012 8:06 PM"
    + "Ati External Event Utility""ATI External Event Utility EXE Module""ATI Technologies Inc.""c:\windows\system32\ati2evxx.exe""9/17/2008 1:14 AM"
    + "AVGIDSAgent""Provides Identity Protection Against Cyber Crime.""AVG Technologies CZ, s.r.o.""c:\program files (x86)\avg\avg2013\avgidsagent.exe""5/13/2013 2:42 PM"
    + "avgwd""AVG Watchdog Service""AVG Technologies CZ, s.r.o.""c:\program files (x86)\avg\avg2013\avgwdsvc.exe""4/17/2013 6:09 PM"
    + "BackupStack""Backup Stack""Just Develop It""c:\program files (x86)\mypc backup\backupstack.exe""5/31/2013 4:12 AM"
    + "Bonjour Service""Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence.""Apple Inc.""c:\program files\bonjour\mdnsresponder.exe""8/30/2011 10:52 PM"
    + "btwdins""Handles installation and removal of Bluetooth devices.""Broadcom Corporation.""c:\program files\widcomm\bluetooth software\bin\btwdins.exe""7/15/2008 4:43 PM"
    + "CltMngSvc""This service enables auto-updates of Search Protect by Conduit, which maintains your selected Search settings.""Conduit""c:\program files (x86)\searchprotect\bin\cltmngsvc.exe""5/7/2013 11:17 PM"
    + "DockLoginService""Dock Login Service""Stardock Corporation""c:\program files\dell\delldock\docklogin.exe""8/21/2008 9:21 AM"
    + "dsl-db""Stores data relevant to Remote Access""""c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe""7/6/2007 4:13 AM"
    + "dsl-fs-sync""Tracks changes to files and folders and keeps Remote Access media server in sync""SingleClick Systems""c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe""1/5/2009 4:12 PM"
    + "fsssvc""This service enables Family Safety on the computer. If this service is not running, Family Safety will not work.""Microsoft Corporation""c:\program files (x86)\windows live\family safety\fsssvc.exe""3/8/2012 7:21 PM"
    + "Gizmo Central""Provides an infrastructure for Gizmo Central to seemlessly process Device Driver Communication and authorization""Arainia Solutions""c:\program files (x86)\gizmo\gservice.exe""2/22/2009 9:10 PM"
    + "GoToAssist""Citrix GoToAssist provides remote help to this PC.""Citrix Online, a division of Citrix Systems, Inc.""c:\program files (x86)\citrix\gotoassist\514\g2aservice.exe""2/21/2008 1:46 PM"
    + "gupdate""Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.""Google Inc.""c:\program files (x86)\google\update\googleupdate.exe""3/8/2010 11:10 PM"
    + "gupdatem""Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.""Google Inc.""c:\program files (x86)\google\update\googleupdate.exe""3/8/2010 11:10 PM"
    + "gusvc""Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work.""Google""c:\program files (x86)\google\common\google updater\googleupdaterservice.exe""3/2/2012 2:13 PM"
    + "hnmsvc""Maintains connection to Remote Access and performs network diagnostic functions""Dell Inc.""c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe""1/5/2009 4:10 PM"
    + "IAANTMON""RAID Monitor""Intel Corporation""c:\program files (x86)\intel\intel matrix storage manager\iaantmon.exe""7/20/2008 5:41 PM"
    + "iPod Service""iPod hardware management services""Apple Inc.""c:\program files\ipod\bin\ipodservice.exe""9/9/2012 10:31 PM"
    + "LVPrcS64""Injector service""Logitech Inc.""c:\program files\common files\logishrd\lvmvfm\lvprcsrv.exe""10/7/2009 1:26 AM"
    + "ose""Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.""Microsoft Corporation""c:\program files (x86)\common files\microsoft shared\source engine\ose.exe""1/9/2010 9:16 PM"
    + "osppsvc""Office Software Protection Platform Service (unlocalized description)""Microsoft Corporation""c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe""8/11/2009 7:00 PM"
    + "RealNetworks Downloader Resolver Service""Manage different Downloader versions in RealNetworks' products.""""c:\program files (x86)\realnetworks\realdownloader\rndlresolversvc.exe""11/29/2012 9:31 PM"
    + "SkypeUpdate""Enables the detection, download and installation of updates for Skype.""Skype Technologies""c:\program files (x86)\skype\updater\updater.exe""1/8/2013 5:55 AM"
    + "SQLWriter""Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure.""Microsoft Corporation""c:\program files\microsoft sql server\90\shared\sqlwriter.exe""11/24/2008 2:24 PM"
    + "stllssvr""SureThing Labelflash Disc Printer Service Module""MicroVision Development, Inc.""c:\program files (x86)\common files\surething shared\stllssvr.exe""3/12/2008 3:21 PM"
    + "TeamViewer8""TeamViewer Remote Software""TeamViewer GmbH""c:\program files (x86)\teamviewer\version8\teamviewer_service.exe""4/23/2013 12:43 AM"
    + "TracSrvWrapper""""""File not found: C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe"""
    + "vToolbarUpdater15.2.0""ToolbarU Application""AVG Secure Search""c:\program files (x86)\common files\avg secure search\vtoolbarupdater\15.2.0\toolbarupdater.exe""5/2/2013 4:28 AM"
    + "WebCake Desktop Updater""Provides limited updating assistance for WebCake Desktop""WebCake LLC""c:\program files (x86)\webcake\webcakedesktop.updater.exe""4/18/2013 5:35 PM"
    + "WinDefend""Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions.""Microsoft Corporation""c:\program files\windows defender\mpsvc.dll""1/19/2008 12:53 AM"
    + "wlidsvc""Enables Windows Live ID authentication.""Microsoft Corp.""c:\program files\common files\microsoft shared\windows live\wlidsvc.exe""3/28/2011 9:11 PM"
    + "WMPNetworkSvc""Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play""Microsoft Corporation""c:\program files\windows media player\wmpnetwk.exe""1/18/2008 11:51 PM"
    "HKLM\System\CurrentControlSet\Services""""""""6/23/2013 4:20 PM"
    + "atikmdag""ATI Radeon Kernel Mode Driver""ATI Technologies Inc.""c:\windows\system32\drivers\atikmdag.sys""9/17/2008 1:32 AM"
    + "AVGIDSDriver""AVG Technologies IDS Application Activity Monitor Driver""AVG Technologies CZ, s.r.o.""c:\windows\system32\drivers\avgidsdrivera.sys""3/28/2013 6:40 PM"
    + "AVGIDSHA""AVG Technologies IDS Application Activity Monitor Helper Driver""AVG Technologies CZ, s.r.o.""c:\windows\system32\drivers\avgidsha.sys""2/7/2013 8:14 PM"
    + "Avgldx64""AVG AVI Loader Driver""AVG Technologies CZ, s.r.o.""c:\windows\system32\drivers\avgldx64.sys""2/7/2013 8:14 PM"
    + "Avgloga""AVG Logging Driver""AVG Technologies CZ, s.r.o.""c:\windows\system32\drivers\avgloga.sys""2/7/2013 8:14 PM"
    + "Avgmfx64""AVG Resident Shield Minifilter Driver""AVG Technologies CZ, s.r.o.""c:\windows\system32\drivers\avgmfx64.sys""2/7/2013 8:14 PM"
    + "Avgrkx64""AVG Anti-Rootkit Driver""AVG Technologies CZ, s.r.o.""c:\windows\system32\drivers\avgrkx64.sys""2/7/2013 8:14 PM"
    + "Avgtdia""AVG Network connection watcher""AVG Technologies CZ, s.r.o.""c:\windows\system32\drivers\avgtdia.sys""3/20/2013 6:50 PM"
    + "avgtp""""AVG Technologies""c:\windows\system32\drivers\avgtpx64.sys""5/7/2013 5:38 AM"
    + "Beep""""""File not found: C:\Windows\System32\Drivers\Beep.sys"""
    + "BrFiltLo""Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver""Brother Industries, Ltd.""c:\windows\system32\drivers\brfiltlo.sys""8/6/2006 6:51 PM"
    + "BrFiltUp""Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver""Brother Industries, Ltd.""c:\windows\system32\drivers\brfiltup.sys""8/6/2006 6:51 PM"
    + "BrUsbSer""Brother USB Serial Driver""Brother Industries Ltd.""c:\windows\system32\drivers\brusbser.sys""8/9/2006 5:11 AM"
    + "btwaudio""Bluetooth Audio Device""Broadcom Corporation.""c:\windows\system32\drivers\btwaudio.sys""2/2/2007 11:55 AM"
    + "btwavdt""Broadcom Bluetooth AVDT Service""Broadcom Corporation.""c:\windows\system32\drivers\btwavdt.sys""2/2/2007 11:53 AM"
    + "btwrchid""Bluetooth Remote Control HID Minidriver""Broadcom Corporation.""c:\windows\system32\drivers\btwrchid.sys""2/2/2007 11:55 AM"
    + "cpuz132""""""File not found: C:\Users\Marie\AppData\Local\Temp\cpuz132\cpuz132_x64.sys"""
    + "ctxusbm""Citrix USB Filter Driver""Citrix Systems, Inc.""c:\windows\system32\drivers\ctxusbm.sys""9/7/2009 11:09 AM"
    + "e1express""Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver""Intel Corporation""c:\windows\system32\drivers\e1e6032e.sys""10/29/2007 2:45 PM"
    + "E1G60""Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver""Intel Corporation""c:\windows\system32\drivers\e1g6032e.sys""8/7/2007 9:15 AM"
    + "e1yexpress""Intel(R) Gigabit Network Connection NDIS 6 deserialized driver""Intel Corporation""c:\windows\system32\drivers\e1y60x64.sys""6/13/2008 4:41 PM"
    + "GEARAspiWDM""CD DVD Filter""GEAR Software Inc.""c:\windows\system32\drivers\gearaspiwdm.sys""5/3/2012 12:56 PM"
    + "GizmoDrv""Gizmo kernel-mode device driver, used to emulate CD/DVD-ROM and hard drives""Arainia Solutions LLC""c:\windows\system32\drivers\gizmodrv.sys""5/17/2008 10:24 PM"
    + "HCW85BDA""CX23885 BDA driver""Hauppauge Computer Works""c:\windows\system32\drivers\hcw85bda.sys""7/14/2009 1:46 PM"
    + "HTCAND64""""""File not found: System32\Drivers\ANDROIDUSB.sys"""
    + "htcusbnet""USB NDIS Miniport Driver""HTC Corporation""c:\windows\system32\drivers\htcusbnet.sys""12/14/2010 9:28 AM"
    + "iaStor""Intel Matrix Storage Manager driver - x64""Intel Corporation""c:\windows\system32\drivers\iastor.sys""7/20/2008 5:29 PM"
    + "IntcAzAudAddService""Realtek(r) High Definition Audio Function Driver""Realtek Semiconductor Corp.""c:\windows\system32\drivers\rtkvhd64.sys""2/3/2009 2:23 AM"
    + "IpInIp""IP in IP Tunnel Driver""""File not found: system32\DRIVERS\ipinip.sys"""
    + "LVPr2M64""Logitech LVPr2M64 Driver""Logitech Inc.""c:\windows\system32\drivers\lvpr2m64.sys""10/7/2009 1:26 AM"
    + "LVPr2Mon""Logitech LVPr2M64 Driver""Logitech Inc.""c:\windows\system32\drivers\lvpr2m64.sys""10/7/2009 1:26 AM"
    + "ncplelhp""NCP Virtual Tunnel Adapter""NCP Engineering GmbH""c:\windows\system32\drivers\ncplelhp.sys""2/13/2009 4:00 AM"
    + "NwlnkFlt""IPX Traffic Filter Driver""""File not found: system32\DRIVERS\nwlnkflt.sys"""
    + "NwlnkFwd""IPX Traffic Forwarder Driver""""File not found: system32\DRIVERS\nwlnkfwd.sys"""
    + "omci""OMCI Device Driver""Dell Inc.""c:\windows\system32\drivers\omci.sys""8/19/2008 6:02 AM"
    + "Packet""Auto Internet Protocol""SingleClick Systems""c:\windows\system32\drivers\packet.sys""6/18/2008 2:48 PM"
    + "pcouffin""low level access layer for CD/DVD/BD devices""VSO Software""c:\windows\system32\drivers\pcouffin.sys""12/5/2006 7:39 AM"
    + "PxHlpa64""Px Engine Device Driver for 64-bit Windows""Sonic Solutions""c:\windows\system32\drivers\pxhlpa64.sys""10/17/2007 11:25 AM"
    + "R300""ATI Radeon Kernel Mode Driver""ATI Technologies Inc.""c:\windows\system32\drivers\atikmdag.sys""9/17/2008 1:32 AM"
    + "secdrv""Macrovision SECURITY Driver""Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.""c:\windows\system32\drivers\secdrv.sys""9/13/2006 6:18 AM"
    + "USBAAPL64""Apple Mobile Device USB Driver""Apple, Inc.""c:\windows\system32\drivers\usbaapl64.sys""6/21/2012 11:01 PM"
    + "usbbus""LG CDMA USB Multi function Driver""LG Electronics Inc.""c:\windows\system32\drivers\lgx64bus.sys""4/8/2007 10:03 PM"
    + "UsbDiag""LGE CDMA USB Serial Port""LG Electronics Inc.""c:\windows\system32\drivers\lgx64diag.sys""4/8/2007 10:06 PM"
    + "USBModem""LGE CDMA Modem Support""LG Electronics Inc.""c:\windows\system32\drivers\lgx64modem.sys""4/8/2007 10:07 PM"
    + "VNA""""Check Point Software Technologies""c:\windows\system32\drivers\vna.sys""12/29/2008 5:10 AM"
    + "vna_ap""""Check Point Software Technologies""c:\windows\system32\drivers\vnaap.sys""12/29/2008 5:10 AM"
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32""""""""6/23/2013 12:09 AM"
    + "msacm.l3acm""MPEG Layer-3 Audio Codec for MSACM""Fraunhofer Institut Integrierte Schaltungen IIS""c:\windows\system32\l3codeca.acm""1/21/2010 8:37 AM"
    "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32""""""""6/24/2013 6:45 PM"
    + "msacm.l3acm""MPEG Layer-3 Audio Codec for MSACM""Fraunhofer Institut Integrierte Schaltungen IIS""c:\windows\syswow64\l3codeca.acm""1/21/2010 8:05 AM"
    + "vidc.cvid""Cinepak® Codec""Radius Inc.""c:\windows\syswow64\iccvid.dll""5/27/2010 1:08 PM"
    + "vidc.VP60""VP6 VIDEO FOR WINDOWS CODEC ""On2.com""c:\windows\syswow64\vp6vfw.dll""10/2/2003 1:38 PM"
    + "vidc.VP61""VP6 VIDEO FOR WINDOWS CODEC ""On2.com""c:\windows\syswow64\vp6vfw.dll""10/2/2003 1:38 PM"
    "HKLM\Software\Classes\Filter""""""""6/24/2013 7:01 PM"
    + "Deinterlace""Deinterlace Filter""DScaler Project, see http://www.dscaler.org/""c:\windows\syswow64\hcwdlace.ax""12/4/2007 7:05 AM"
    "HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance""""""""11/2/2006 8:29 AM"
    + "9x8Resize""Windows Movie Maker Filters""Microsoft Corporation""c:\program files\movie maker\wmm2filt.dll""4/11/2009 12:11 AM"
    + "Allocator Fix""Windows Movie Maker Filters""Microsoft Corporation""c:\program files\movie maker\wmm2filt.dll""4/11/2009 12:11 AM"
    + "Bitmap""Windows Movie Maker Filters""Microsoft Corporation""c:\program files\movie maker\wmm2filt.dll""4/11/2009 12:11 AM"
    + "Capture ASF Writer""Windows Movie Maker Filters""Microsoft Corporation""c:\program files\movie maker\wmm2filt.dll""4/11/2009 12:11 AM"
    + "Frame Eater""Windows Movie Maker Filters""Microsoft Corporation""c:\program files\movie maker\wmm2filt.dll""4/11/2009 12:11 AM"
    + "MainConcept (MCE) MPEG Encoder""MPEG Encoder and Muxer""MainConcept AG""c:\windows\system32\hauppauge\softmce\mceesmpeg.ax""5/5/2006 8:09 AM"
    + "Multiple File Output""Windows Movie Maker Filters""Microsoft Corporation""c:\program files\movie maker\wmm2filt.dll""4/11/2009 12:11 AM"
    + "Proxy Sink""Windows Movie Maker Filters""Microsoft Corporation""c:\program files\movie maker\wmm2filt.dll""4/11/2009 12:11 AM"
    + "Proxy Source""Windows Movie Maker Filters""Microsoft Corporation""c:\program files\movie maker\wmm2filt.dll""4/11/2009 12:11 AM"
    + "Record Queue""Windows Movie Maker Filters""Microsoft Corporation""c:\program files\movie maker\wmm2filt.dll""4/11/2009 12:11 AM"
    + "ShotDetect""Windows Movie Maker Filters""Microsoft Corporation""c:\program files\movie maker\wmm2filt.dll""4/11/2009 12:11 AM"
    + "Stetch""Windows Movie Maker Filters""Microsoft Corporation""c:\program files\movie maker\wmm2filt.dll""4/11/2009 12:11 AM"
    + "WM VIH2 Fix""Windows Movie Maker Filters""Microsoft Corporation""c:\program files\movie maker\wmm2filt.dll""4/11/2009 12:11 AM"
    + "WMT Audio Analyzer""Windows Movie Maker Filters""Microsoft Corporation""c:\program files\movie maker\wmm2filt.dll""4/11/2009 12:11 AM"
    + "WMT Black Frame Generator""Windows Movie Maker Filters""Microsoft Corporation""c:\program files\movie maker\wmm2filt.dll""4/11/2009 12:11 AM"
    + "WMT DV Extract Filter""Windows Movie Maker Filters""Microsoft Corporation""c:\program files\movie maker\wmm2filt.dll""4/11/2009 12:11 AM"
    + "WMT FormatConversion""Windows Movie Maker Filters""Microsoft Corporation""c:\program files\movie maker\wmm2filt.dll""4/11/2009 12:11 AM"
    + "WMT Import Filter""Windows Movie Maker Filters""Microsoft Corporation""c:\program files\movie maker\wmm2filt.dll""4/11/2009 12:11 AM"
    + "WMT Interlacer""Windows Movie Maker Filters""Microsoft Corporation""c:\program files\movie maker\wmm2filt.dll""4/11/2009 12:11 AM"
    + "WMT Log Filter""Windows Movie Maker Filters""Microsoft Corporation""c:\program files\movie maker\wmm2filt.dll""4/11/2009 12:11 AM"
    + "WMT MuxDeMux Filter""Windows Movie Maker Filters""Microsoft Corporation""c:\program files\movie maker\wmm2filt.dll""4/11/2009 12:11 AM"
    + "WMT Sample Info Filter""Windows Movie Maker Filters""Microsoft Corporation""c:\program files\movie maker\wmm2filt.dll""4/11/2009 12:11 AM"
    + "WMT Switch Filter""Windows Movie Maker Filters""Microsoft Corporation""c:\program files\movie maker\wmm2filt.dll""4/11/2009 12:11 AM"
    + "WMT Virtual Renderer""Windows Movie Maker Filters""Microsoft Corporation""c:\program files\movie maker\wmm2filt.dll""4/11/2009 12:11 AM"
    + "WMT Virtual Source""Windows Movie Maker Filters""Microsoft Corporation""c:\program files\movie maker\wmm2filt.dll""4/11/2009 12:11 AM"
    + "WMT Volume""Windows Movie Maker Filters""Microsoft Corporation""c:\program files\movie maker\wmm2filt.dll""4/11/2009 12:11 AM"
    "HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance""""""""6/23/2013 3:56 PM"
    + "ATI Ticker""""""c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax""12/18/2006 1:57 PM"
    + "Audio Destination""WAVDest Filter (Sample)""Microsoft Corporation""c:\program files (x86)\google\google earth\client\wavdest.ax""2/26/2013 6:25 PM"
    + "Capture File Writer""Windows Live Video Acquisition Filters""Microsoft Corporation""c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll""3/8/2012 7:32 PM"
    + "Deinterlace""Deinterlace Filter""DScaler Project, see http://www.dscaler.org/""c:\windows\syswow64\hcwdlace.ax""12/4/2007 7:05 AM"
    + "DivX Decoder Filter""DivX® Decoder Filter""DivXNetworks, Inc.""c:\windows\syswow64\divxdec.ax""11/11/2003 5:00 PM"
    + "Hauppauge Now/Next""Hauppauge WinTV BDA Now Next""Hauppauge Computer Works, Inc.""c:\windows\syswow64\hcwnownext.ax""2/26/2008 12:32 PM"
    + "Hauppauge PSI Parser""Hauppauge WinTV MPEG PSI Parser""Hauppauge Computer Works, Inc.""c:\windows\syswow64\hcwpsiparser.ax""4/29/2008 7:36 AM"
    + "Hauppauge Simulated Stereo""Simulated Stereo Filter (Sample)""Hauppuage Computer Works""c:\windows\syswow64\hcwsstereo.ax""9/10/2004 1:58 PM"
    + "Hauppauge Subtitles""Hauppuage DVB Subtitle Generator""Hauppauge Computer Works""c:\windows\syswow64\hcwdvbsubtitles.ax""9/18/2007 3:24 PM"
    + "Hauppauge WinTV File Reader""Hauppauge WinTV File Reader""Hauppauge Computer Works, Inc.""c:\windows\syswow64\hcwfread.ax""5/25/2006 5:59 AM"
    + "Hauppauge WinTV File Writer""Hauppauge WinTV File Writer""Hauppauge Computer Works, Inc.""c:\windows\syswow64\hcwfwrit.ax""2/13/2006 12:02 PM"
    + "Hauppauge WinTV MPEG Splitter""Hauppauge WinTV MPEG Splitter Filter""Hauppauge Computer Works, Inc.""c:\windows\syswow64\hcwsplit.ax""8/23/2006 7:26 AM"
    + "Hauppauge WinTV MPEG2 Muxer""WinTV MPEG2 Muxer""Hauppauge Computer Works Inc.""c:\windows\syswow64\hcwmux.ax""7/21/2006 12:07 PM"
    + "Hauppauge WinTV SnapShot""hcwSnap""Hauppauge Computer Works, Inc.""c:\windows\syswow64\hcwsnap.ax""12/4/2007 8:13 AM"
    + "InterVideo NonCSS Audio Decoder for Hauppauge""IVIAUDIO""InterVideo Inc.""c:\program files (x86)\common files\ivisdk\hauppauge\iviaudio_hauppauge.ax""6/10/2004 7:58 PM"
    + "InterVideo NonCSS Video Decoder for Hauppauge""IVIVIDEO"" InterVideo Inc.""c:\program files (x86)\common files\ivisdk\hauppauge\ivivideo_hauppauge.ax""6/10/2004 7:59 PM"
    + "MainConcept (Hauppauge) MPEG Audio Decoder""MPEG Video and Audio Decoder""MainConcept AG""c:\windows\syswow64\hauppauge\hauppaugemcdsmpeg.ax""4/2/2004 3:02 AM"
    + "MainConcept (Hauppauge) MPEG Audio Encoder""MPEG Audio Encoder""MainConcept AG""c:\windows\syswow64\hauppauge\hauppaugemceampeg.ax""6/7/2004 8:17 AM"
    + "MainConcept (Hauppauge) MPEG Encoder""MPEG Encoder and Muxer""MainConcept AG""c:\windows\syswow64\hauppauge\hauppaugemcesmpeg.ax""4/2/2004 3:02 AM"
    + "MainConcept (Hauppauge) MPEG Multiplexer""MPEG Multiplexer""MainConcept AG""c:\windows\syswow64\hauppauge\hauppaugemcmuxmpeg.ax""4/2/2004 3:02 AM"
    + "MainConcept (Hauppauge) MPEG Splitter""Mpeg I/II Splitter""MainConcept AG""c:\windows\syswow64\hauppauge\hauppaugemcspmpeg.ax""4/2/2004 3:02 AM"
    + "MainConcept (Hauppauge) MPEG Video Decoder""MPEG Video and Audio Decoder""MainConcept AG""c:\windows\syswow64\hauppauge\hauppaugemcdsmpeg.ax""4/2/2004 3:02 AM"
    + "MainConcept (Hauppauge) MPEG Video Encoder""MPEG Video Encoder""MainConcept AG""c:\windows\syswow64\hauppauge\hauppaugemcevmpeg.ax""4/2/2004 3:02 AM"
    + "MainConcept (HCW) AC-3 Audio Decoder""AC-3 Audio Decoder""MainConcept AG""c:\windows\syswow64\hauppauge\smd07\hcw_mcac3ad.ax""7/5/2007 10:54 AM"
    + "MainConcept (HCW) Layer II Audio Decoder""Layer II Audio Decoder""MainConcept AG""c:\windows\syswow64\hauppauge\smd07\hcw_mcl2ad.ax""7/5/2007 10:04 AM"
    + "MainConcept (HCW) MPEG Multiplexer-Plus""MPEG Multiplexer-Plus DS Filter""MainConcept AG""c:\windows\syswow64\hauppauge\smd07\hcw_mcmpeg2mux.ax""7/5/2007 10:12 AM"
    + "MainConcept (HCW) MPEG-2 Video Decoder""MPEG-2 Video Decoder""MainConcept AG""c:\windows\syswow64\hauppauge\smd07\hcw_mcm2vd.ax""7/5/2007 10:05 AM"
    + "Minimal Null""hcwNull""Hauppauge Computer Works, Inc.""c:\windows\syswow64\hcwnull.ax""5/6/2003 11:13 AM"
    + "MMACE Deinterlace""""""c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll""6/13/2008 11:29 AM"
    + "MMACE ProcAmp""""""c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll""6/13/2008 11:29 AM"
    + "MMACE SoftEmu""""""c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll""6/13/2008 11:29 AM"
    + "RealPlayer Audio Filter""Audio Filter Plugin""RealNetworks, Inc.""c:\program files (x86)\real\realplayer\rdsf3260.dll""11/30/2012 4:23 PM"
    + "RealPlayer Mp3 Transform Filter""Audio Filter Plugin""RealNetworks, Inc.""c:\program files (x86)\real\realplayer\rdsf3260.dll""11/30/2012 4:23 PM"
    + "RealPlayer MPEG4 Transform Filter""Audio Filter Plugin""RealNetworks, Inc.""c:\program files (x86)\real\realplayer\rdsf3260.dll""11/30/2012 4:23 PM"
    + "RealPlayer Transcode Filter""Audio Filter Plugin""RealNetworks, Inc.""c:\program files (x86)\real\realplayer\rdsf3260.dll""11/30/2012 4:23 PM"
    + "RealPlayer Video Filter""Audio Filter Plugin""RealNetworks, Inc.""c:\program files (x86)\real\realplayer\rdsf3260.dll""11/30/2012 4:23 PM"
    + "Record Queue""Windows Live Video Acquisition Filters""Microsoft Corporation""c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll""3/8/2012 7:32 PM"
    + "WM VIH2 Fix""Windows Live Video Acquisition Filters""Microsoft Corporation""c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll""3/8/2012 7:32 PM"
    + "WMT DV Extract Filter""Windows Live Video Acquisition Filters""Microsoft Corporation""c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll""3/8/2012 7:32 PM"
    + "WMT Sample Info Filter""Windows Live Video Acquisition Filters""Microsoft Corporation""c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll""3/8/2012 7:32 PM"
    + "WMT Switch Filter""Windows Live Video Acquisition Filters""Microsoft Corporation""c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll""3/8/2012 7:32 PM"
    + "WMT Virtual Renderer""Windows Live Video Acquisition Filters""Microsoft Corporation""c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll""3/8/2012 7:32 PM"
    + "WMT Virtual Source""Windows Live Video Acquisition Filters""Microsoft Corporation""c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll""3/8/2012 7:32 PM"
    "HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries""""""""12/19/2012 8:37 PM"
    + "mdnsNSP""Bonjour Namespace Provider""Apple Inc.""c:\program files (x86)\bonjour\mdnsnsp.dll""8/30/2011 10:44 PM"
    "HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64""""""""12/19/2012 8:37 PM"
    + "mdnsNSP""Bonjour Namespace Provider""Apple Inc.""c:\program files\bonjour\mdnsnsp.dll""8/30/2011 10:53 PM"
    "HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors""""""""6/24/2013 6:48 PM"
    + "Canon BJ Language Monitor MP530""IJ Language Monitor""CANON INC.""c:\windows\system32\cnmlm7r.dll""9/12/2006 1:36 PM"
    + "Canon MP FAX Language Monitor MP530""MP FAX Language Monitor DLL""Canon Inc.""c:\windows\system32\cncf2la.dll""9/28/2006 10:29 PM"
    + "HP 8911 Status Monitor""Print Status Language Monitor""Hewlett-Packard Co.""c:\windows\system32\hpinksts8911lm.dll""6/5/2010 2:13 AM"
    + "HP B011 Status Monitor""Print Status Language Monitor""Hewlett-Packard Co.""c:\windows\system32\hpinkstsb011lm.dll""6/13/2012 11:10 AM"
    + "HP Discovery Port Monitor (HP Deskjet 3520 series)""HP Discovery Port Monitor""Hewlett-Packard Co.""c:\windows\system32\hpdiscopmb011.dll""10/17/2012 4:31 AM"
  12. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    Whoops... here's the attachment

    Attached Files:

  13. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    Well, you definitely picked up some crap in a meantime.
    I'm afraid you must be be clicking on stuff before double checking.

    We need to re-run some scans.
    ...and please be more careful.

    Update MBAM run it and post new log.

    Then re-run AdwCleaner and Junkware Removal Tool.

    Finally post new OTL log.
     
  14. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    MBAM? or MBAR?
  15. Broni

    Broni Malware Annihilator Posts: 45,208   +243

  16. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    Full scan or quick scan?
  17. Broni

    Broni Malware Annihilator Posts: 45,208   +243

  18. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    Malwarebytes' Anti-Malware 1.41
    Database version: 2775
    Windows 6.0.6002 Service Pack 2

    6/24/2013 9:25:22 PM
    mbam-log-2013-06-24 (21-25-14).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 405335
    Time elapsed: 1 hour(s), 16 minute(s), 40 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\END (Trojan.FakeAlert) -> No action taken.
  19. Broni

    Broni Malware Annihilator Posts: 45,208   +243

    It says "No action taken".
    Re-run MBAM, fix all issues and post new log.

    Bed time here though...
  20. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    # AdwCleaner v2.303 - Logfile created 06/24/2013 at 21:35:03
    # Updated 08/06/2013 by Xplode
    # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
    # User : Marie - ADMIN-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Marie\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : CltMngSvc
    Stopped & Deleted : WebCake Desktop Updater

    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
    Deleted on reboot : C:\Program Files (x86)\Conduit
    Deleted on reboot : C:\Program Files (x86)\SearchProtect
    Deleted on reboot : C:\Program Files (x86)\WebCake
    Deleted on reboot : C:\ProgramData\APN
    Deleted on reboot : C:\ProgramData\eSafe
    Deleted on reboot : C:\ProgramData\Tarma Installer
    Deleted on reboot : C:\Users\John\AppData\LocalLow\Search Settings
    Deleted on reboot : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zzgh3ra2.default\extensions\crossriderapp12555@crossrider.com
    Deleted on reboot : C:\Users\Lancee\AppData\LocalLow\Search Settings
    Deleted on reboot : C:\Users\Marie\AppData\Local\Conduit
    Deleted on reboot : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
    Deleted on reboot : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
    Deleted on reboot : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
    Deleted on reboot : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmaikkamgfhkjbadgihldfmkpngkhgbb
    Deleted on reboot : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmaikkamgfhkjbadgihldfmkpngkhgbb
    Deleted on reboot : C:\Users\Marie\AppData\LocalLow\Conduit
    Deleted on reboot : C:\Users\Marie\AppData\LocalLow\PriceGong
    Deleted on reboot : C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\u97bgjga.default\CT3298567
    Deleted on reboot : C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\u97bgjga.default\extensions\{988919ff-0cd8-4d0c-bc7e-60d55a49eb64}
    Deleted on reboot : C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\u97bgjga.default\extensions\plugin@getwebcake.com
    Deleted on reboot : C:\Users\Marie\AppData\Roaming\SearchProtect
    Deleted on reboot : C:\Users\Marie\AppData\Roaming\WebCake
    File Deleted : C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\u97bgjga.default\searchplugins\Conduit.xml

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\nmaikkamgfhkjbadgihldfmkpngkhgbb
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\eSafeSecControl
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\SearchProtect
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298567
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Desksvc
    Key Deleted : HKLM\Software\eSafeSecControl
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : HKLM\Software\V9
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nmaikkamgfhkjbadgihldfmkpngkhgbb
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\eSafeSecControl
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
    Key Deleted : HKLM\SOFTWARE\Tarma Installer
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WebCake Desktop]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16490

    [OK] Registry is clean.

    -\\ Mozilla Firefox v [Unable to get version]

    File : C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\u97bgjga.default\prefs.js

    C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\u97bgjga.default\user.js ... Deleted !

    Deleted : user_pref("CT3298567.FF19Solved", "true");
    Deleted : user_pref("CT3298567.UserID", "UN51392530024841301");
    Deleted : user_pref("CT3298567.browser.search.defaultthis.engineName", "true");
    Deleted : user_pref("CT3298567.fullUserID", "UN51392530024841301.IN.20130623151704");
    Deleted : user_pref("CT3298567.installDate", "23/06/2013 15:17:04");
    Deleted : user_pref("CT3298567.installSessionId", "{15F21E16-5781-4FF9-8F75-395A3F8762AF}");
    Deleted : user_pref("CT3298567.installSp", "TRUE");
    Deleted : user_pref("CT3298567.installerVersion", "1.4.3.0");
    Deleted : user_pref("CT3298567.keyword", "true");
    Deleted : user_pref("CT3298567.originalHomepage", "about:home");
    Deleted : user_pref("CT3298567.originalSearchAddressUrl", "");
    Deleted : user_pref("CT3298567.originalSearchEngine", "");
    Deleted : user_pref("CT3298567.searchRevert", "false");
    Deleted : user_pref("CT3298567.searchUserMode", "2");
    Deleted : user_pref("CT3298567.smartbar.homepage", "true");
    Deleted : user_pref("CT3298567.versionFromInstaller", "10.16.1.21");
    Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3298567&octid=CT329856[...]
    Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
    Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V31 Customized Web Search");
    Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298567&CUI[...]
    Deleted : user_pref("browser.search.selectedEngine", "MixiDJ V31 Customized Web Search");
    Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3298567&CUI=UN5139253002484[...]
    Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298567&SearchSource=2&CU[...]
    Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3298567");
    Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298567&CUI=UN513925300[...]
    Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
    Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298567");
    Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3298567");

    File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\zzgh3ra2.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v27.0.1453.116

    File : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.27] : icon_url = "hxxp://search.conduit.com/fav.ico",
    Deleted [l.30] : keyword = "search.conduit.com",
    Deleted [l.34] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN34[...]
    Deleted [l.35] : suggest_url = "hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=U[...]

    File : C:\Users\Gilbert\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [12547 octets] - [24/06/2013 21:34:04]
    AdwCleaner[S1].txt - [52181 octets] - [23/06/2013 14:20:54]
    AdwCleaner[S2].txt - [11986 octets] - [24/06/2013 21:35:03]

    ########## EOF - C:\AdwCleaner[S2].txt - [12047 octets] ##########
  21. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.4 (05.06.2013:1)
    OS: Windows (TM) Vista Home Premium x64
    Ran by Marie on Mon 06/24/2013 at 21:54:48.34
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\speetitupfree



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{27C1B19B-890A-4246-B9A0-480125F4A81C}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
    Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
    Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 06/24/2013 at 21:59:30.36
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  22. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    OTL logfile created on: 6/24/2013 10:01:24 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marie\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.99 Gb Total Physical Memory | 3.68 Gb Available Physical Memory | 61.37% Memory free
    12.16 Gb Paging File | 9.37 Gb Available in Paging File | 77.01% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 450.69 Gb Total Space | 114.81 Gb Free Space | 25.47% Space Free | Partition Type: NTFS
    Drive D: | 15.00 Gb Total Space | 7.04 Gb Free Space | 46.94% Space Free | Partition Type: NTFS

    Computer Name: ADMIN-PC | User Name: Marie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found --
    PRC - [2013/06/23 15:48:15 | 001,015,984 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
    PRC - [2013/06/23 14:34:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marie\Desktop\OTL.exe
    PRC - [2013/06/14 18:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    PRC - [2013/05/24 17:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Marie\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    PRC - [2013/04/23 00:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    PRC - [2012/12/20 09:38:51 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2011/09/16 14:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2010/10/12 17:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    PRC - [2010/10/12 17:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    PRC - [2010/02/14 22:37:20 | 000,220,768 | ---- | M] (Arainia Solutions) -- C:\Program Files (x86)\Gizmo\gizmo.exe
    PRC - [2010/02/14 22:37:20 | 000,031,856 | ---- | M] (Arainia Solutions) -- C:\Program Files (x86)\Gizmo\gservice.exe
    PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    PRC - [2009/07/16 15:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
    PRC - [2009/01/05 15:19:10 | 000,824,560 | ---- | M] (Dell Inc.) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
    PRC - [2009/01/05 15:19:08 | 000,173,296 | ---- | M] (SingleClick Systems) -- C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
    PRC - [2008/12/18 11:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2008/07/20 15:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/07/20 15:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2008/07/15 17:02:26 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    PRC - [2007/09/21 11:26:34 | 000,015,872 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
    PRC - [2007/09/14 11:35:04 | 005,730,304 | ---- | M] () -- C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
    PRC - [2006/10/11 12:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/06/14 18:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll
    MOD - [2013/06/14 18:28:41 | 013,140,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
    MOD - [2013/06/14 18:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
    MOD - [2013/06/14 18:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll
    MOD - [2013/03/13 13:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Dropbox\bin\libcef.dll
    MOD - [2012/11/13 16:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/02/14 22:37:20 | 000,398,336 | ---- | M] () -- C:\Program Files (x86)\Gizmo\gdatabase.dll
    MOD - [2010/02/14 22:37:20 | 000,390,752 | ---- | M] () -- C:\Program Files (x86)\Gizmo\gdrive.dll
    MOD - [2010/02/14 22:37:20 | 000,366,592 | ---- | M] () -- C:\Program Files (x86)\Gizmo\ghash.dll
    MOD - [2010/02/14 22:37:20 | 000,333,824 | ---- | M] () -- C:\Program Files (x86)\Gizmo\gscript.dll
    MOD - [2010/02/14 22:37:20 | 000,333,824 | ---- | M] () -- C:\Program Files (x86)\Gizmo\geditor.dll
    MOD - [2010/02/14 22:37:20 | 000,310,272 | ---- | M] () -- C:\Program Files (x86)\Gizmo\gmanager.dll
    MOD - [2010/02/14 22:37:20 | 000,160,768 | ---- | M] () -- C:\Program Files (x86)\Gizmo\gimage.dll
    MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    MOD - [2009/10/14 13:36:34 | 000,181,592 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LvApi11\LvApi11.dll
    MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    MOD - [2009/07/16 15:36:20 | 000,138,000 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
    MOD - [2009/07/16 15:36:16 | 000,035,088 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
    MOD - [2009/07/16 15:36:16 | 000,028,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
    MOD - [2009/07/16 15:35:30 | 000,027,408 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\SDL.dll
    MOD - [2009/07/16 15:35:20 | 000,363,792 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\qtxml4.dll
    MOD - [2009/07/16 15:35:08 | 011,311,888 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtWebKit4.dll
    MOD - [2009/07/16 15:34:56 | 000,199,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\qtsql4.dll
    MOD - [2009/07/16 15:34:46 | 000,475,408 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtOpenGL4.dll
    MOD - [2009/07/16 15:34:34 | 000,968,976 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtNetwork4.dll
    MOD - [2009/07/16 15:34:22 | 007,704,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtGui4.dll
    MOD - [2009/07/16 15:34:22 | 002,140,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtCore4.dll
    MOD - [2009/07/16 15:34:12 | 000,291,600 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\phonon4.dll
    MOD - [2009/05/26 21:06:28 | 000,913,408 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
    MOD - [2008/05/19 14:47:00 | 000,450,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\Dell\apache\ioncube_loader_win_5.2.dll
    MOD - [2007/09/21 11:32:18 | 002,035,712 | ---- | M] () -- C:\Program Files (x86)\Common Files\Dell\apache\libmysql.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
    SRV:64bit: - [2009/02/24 02:12:04 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2008/12/18 11:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV:64bit: - [2008/10/17 03:24:26 | 000,905,216 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
    SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/06/23 15:48:15 | 001,015,984 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0)
    SRV - [2013/06/12 04:58:21 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/05/31 04:19:28 | 000,032,808 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
    SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/04/23 00:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
    SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/14 22:37:20 | 000,031,856 | ---- | M] (Arainia Solutions) [Auto | Running] -- C:\Program Files (x86)\Gizmo\gservice.exe -- (Gizmo Central)
    SRV - [2009/05/17 18:57:52 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/01/05 15:19:10 | 000,824,560 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
    SRV - [2009/01/05 15:19:08 | 000,173,296 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe -- (dsl-fs-sync)
    SRV - [2008/07/20 15:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
    SRV - [2008/01/20 19:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2008/01/20 19:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2007/09/21 11:26:34 | 000,015,872 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe -- (Apache2.2)
    SRV - [2007/09/14 11:35:04 | 005,730,304 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe -- (dsl-db)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/06/23 15:48:16 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2013/03/29 02:53:48 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2013/02/08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2013/02/08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgloga.sys -- (Avgloga)
    DRV:64bit: - [2013/02/08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2013/02/08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2013/02/08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/02/29 06:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2010/12/15 00:28:22 | 000,153,600 | ---- | M] (HTC Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcusbnet.sys -- (htcusbnet)
    DRV:64bit: - [2010/07/14 12:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ctxusbm.sys -- (ctxusbm)
    DRV:64bit: - [2010/02/14 22:37:26 | 000,032,840 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
    DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
    DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
    DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/08/09 19:16:04 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
    DRV:64bit: - [2009/07/14 20:46:48 | 001,708,800 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
    DRV:64bit: - [2009/04/10 22:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2009/04/10 22:42:21 | 000,140,288 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\RMCAST.sys -- (RMCAST)
    DRV:64bit: - [2009/04/02 15:03:40 | 000,161,256 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vnaap.sys -- (vna_ap)
    DRV:64bit: - [2009/04/02 15:03:40 | 000,161,256 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vna.sys -- (VNA)
    DRV:64bit: - [2009/03/16 05:51:38 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/02/13 12:00:12 | 000,146,312 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ncplelhp.sys -- (ncplelhp)
    DRV:64bit: - [2008/10/17 03:24:30 | 004,709,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
    DRV:64bit: - [2008/10/17 03:24:30 | 004,709,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2008/09/28 05:46:48 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress)
    DRV:64bit: - [2008/09/28 01:22:14 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
    DRV:64bit: - [2008/08/21 06:38:10 | 000,026,112 | ---- | M] (Dell Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\omci.sys -- (omci)
    DRV:64bit: - [2008/06/18 14:48:54 | 000,029,184 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\packet.sys -- (Packet)
    DRV:64bit: - [2008/01/20 19:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
    DRV:64bit: - [2007/11/14 01:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2007/04/19 07:55:50 | 000,029,696 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
    DRV:64bit: - [2007/04/19 07:55:50 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
    DRV:64bit: - [2007/04/19 07:55:50 | 000,016,896 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
    DRV:64bit: - [2007/04/01 21:42:48 | 000,020,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2007/04/01 21:42:44 | 000,096,048 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2007/04/01 21:42:42 | 000,087,856 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - No CLSID value found
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/...ahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\..\SearchScopes\{1B977252-65EC-DFCB-E752-794A37822658}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z006&form=ZGAIDF
    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\..\SearchScopes\{B06422FF-7A69-44E1-BFE5-E991BFEC709C}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\..\SearchScopes\{f629d4d6-d9d2-4d72-b61c-34223be78085}: "URL" = http://slirsredirect.search.aol.com...}&invocationType=tb50-ie-aim-chromesbox-en-us
    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\..\SearchScopes\{AA2BC32C-8D97-4790-A8F4-AB4C1C69C606}: "URL" = http://search.yahoo.com/search?p={s...e=W3i_DS,136,0_0,Search,20130417,19890,0,18,0
    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..extensions.enabledAddons: %7Ba131ab52-77f3-4bd7-acc7-e2dfdfd298f0%7D:1.0
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: 41ed8dee-33ed-4769-bdf4-2707c4199b97@45a3c648-db86-4b41-92e2-a77bbbf91f1d.com:0.88.4
    FF - prefs.js..extensions.enabledItems: addon@defaulttab.com:1.4.3
    FF - prefs.js..extensions.enabledItems: extension21802@extension21802.com:0.87.11
    FF - prefs.js..extensions.enabledItems: {739df940-c5ee-4bab-9d7e-270894ae687a}:10.14.65.43
    FF - prefs.js..extensions.enabledItems: {02A3ACBC-F3DA-11E1-8270-B8AC6F996F26}:2.0.14
    FF - prefs.js..extensions.enabledItems: crossriderapp12555@crossrider.com:0.91.76
    FF - prefs.js..extensions.enabledItems: {a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}:1.0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Marie\AppData\Local\Roblox\Versions\version-fbaf58bbbe84491d\\NPRobloxProxy.dll ()
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Marie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Marie\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Marie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marie\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marie\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/20 09:39:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/20 09:39:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}: C:\Users\Marie\AppData\Roaming\Mozilla\FireFox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{02A3ACBC-F3DA-11E1-8270-B8AC6F996F26}: C:\Users\Marie\AppData\Local\{02A3ACBC-F3DA-11E1-8270-B8AC6F996F26}\

    [2013/03/10 11:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Extensions
    [2013/06/24 21:53:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\u97bgjga.default\extensions
    [2010/04/27 07:46:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\u97bgjga.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2013/04/27 19:43:43 | 000,000,000 | ---D | M] (GPComponent) -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\u97bgjga.default\extensions\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}
    [2011/10/04 21:53:40 | 000,001,834 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\u97bgjga.default\searchplugins\bing.xml
    [2013/06/24 16:32:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/11/25 18:55:18 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/10/12 16:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
    [2010/10/12 16:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
    [2010/10/12 16:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
    [2010/10/12 16:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
    [2010/10/12 18:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
    [2012/12/20 09:38:55 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
    [2010/10/12 16:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll

    ========== Chrome ==========

    CHR - default_search_provider: Conduit (Enabled)
    CHR - default_search_provider: search_url = http://search.conduit.com/Results.a...9&CUI=UN34411827422993162&ctid=CT3298567&UM=2
    CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/C...ix={searchTerms}&CUI=UN34411827422993162&UM=2
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Marie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Marie\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Marie\AppData\Roaming\Mozilla\plugins\npo1d.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
    CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
    CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\Marie\AppData\Local\Roblox\Versions\version-fbaf58bbbe84491d\\NPRobloxProxy.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
    CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
    CHR - Extension: Surf Canyon = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem\3.4.0_0\
    CHR - Extension: RealDownloader = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
    CHR - Extension: Smiley Bar for Facebook = C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mocblcnaofikinigmceddfghppkkjbog\1.0.0.0_0\
  23. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    O1 HOSTS File: ([2013/06/23 00:02:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
    O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
    O4:64bit: - HKLM..\Run: [Bluetooth HCI Monitor] C:\Windows\SysNative\HCIMNTR.DLL (Logitech Inc.)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found
    O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Check Point Endpoint Connect] "TrGUI.exe" File not found
    O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
    O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL LLC)
    O4 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001..\Run: [GizmoDriveDelegate] C:\Program Files (x86)\Gizmo\gdrive.dll ()
    O4 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
    O4 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001..\Run: [ROC_JAN2013_TB] "C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe" /PROMPT /CMPID=JAN2013_TB File not found
    O4 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1002..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL LLC)
    O4 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1002..\Run: [cdloader] C:\Users\Marie\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
    O4 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1002..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
    O4 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1002..\Run: [GizmoDriveDelegate] C:\Program Files (x86)\Gizmo\gdrive.dll ()
    O4 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1002..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
    O4 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1002..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1002..\Run: [OurSoftUpdaterChecker] C:\Program Files (x86)\NetNucleous\GorillaPrice\GPCheck.exe File not found
    O4 - Startup: C:\Users\Admin`\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Gilbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\Lancee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Marie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
    O4 - Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = File not found
    O4 - Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O7 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-2355649138-3362126530-1860452381-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
    O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab (UnoCtrl Class)
    O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class)
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.25.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EB5217B-D408-480B-B834-370FD866A684}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2013/03/08 18:30:13 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/06/24 22:01:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marie\Desktop\OTL.exe
    [2013/06/24 19:15:15 | 000,660,160 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Marie\Desktop\autoruns.exe
    [2013/06/24 19:15:15 | 000,578,240 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Marie\Desktop\autorunsc.exe
    [2013/06/24 19:04:39 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
    [2013/06/24 19:04:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WOT
    [2013/06/24 18:33:09 | 000,000,000 | ---D | C] -- C:\Users\Marie\Desktop\JavaRa-1.16-16-12-11
    [2013/06/24 18:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
    [2013/06/24 16:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2013/06/24 16:21:31 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013/06/24 16:21:14 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/06/24 16:21:14 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/06/24 16:21:14 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/06/23 21:27:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2013/06/23 21:25:51 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Marie\Desktop\esetsmartinstaller_enu.exe
    [2013/06/23 15:50:37 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Local\AVG SafeGuard toolbar
    [2013/06/23 15:50:27 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\AVG2013
    [2013/06/23 15:49:25 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\TuneUp Software
    [2013/06/23 15:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2013/06/23 15:49:05 | 000,045,856 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2013/06/23 15:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
    [2013/06/23 15:48:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
    [2013/06/23 15:47:19 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2013/06/23 15:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
    [2013/06/23 15:44:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
    [2013/06/23 15:43:28 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Local\MFAData
    [2013/06/23 15:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
    [2013/06/23 15:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
    [2013/06/23 15:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2013/06/23 15:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebCake
    [2013/06/23 14:27:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/06/23 14:26:58 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/06/23 00:09:28 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Local\temp
    [2013/06/23 00:02:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/06/22 22:35:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/06/21 17:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2013/06/21 17:04:39 | 000,000,000 | ---D | C] -- C:\Users\Marie\Mbar
    [2013/06/20 14:50:19 | 000,000,000 | R--D | C] -- C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2013/06/19 17:35:12 | 000,000,000 | ---D | C] -- C:\Users\Marie\Desktop\Minecraft
    [2013/06/12 03:00:25 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2013/06/12 03:00:25 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2013/06/12 03:00:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/06/12 03:00:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/06/12 03:00:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2013/06/12 03:00:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2013/06/12 03:00:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2013/06/12 03:00:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2013/06/12 03:00:22 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/06/12 03:00:22 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2013/06/12 03:00:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2013/06/12 03:00:22 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/06/12 03:00:21 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/06/12 03:00:21 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/06/12 03:00:21 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2013/06/12 02:17:27 | 001,269,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2013/06/12 02:17:27 | 001,078,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
    [2013/06/12 02:17:27 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
    [2013/06/12 02:17:27 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
    [2013/06/12 02:17:27 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
    [2013/06/12 02:17:27 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
    [2013/06/12 02:17:21 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
    [2013/06/12 02:17:21 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
    [2013/06/12 02:16:47 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
    [2013/06/12 02:16:47 | 000,443,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
    [2013/06/12 02:16:47 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\printcom.dll
    [2013/06/11 20:58:08 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\WinRAR
    [2013/06/11 20:58:07 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2013/06/11 20:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2013/06/11 20:58:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
    [2013/06/11 20:54:14 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
    [2013/06/10 20:40:14 | 000,000,000 | ---D | C] -- C:\Users\Marie\Desktop\world
    [2009/08/09 19:16:04 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Marie\AppData\Roaming\pcouffin.sys

    ========== Files - Modified Within 30 Days ==========

    [2013/06/24 22:02:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3D20B27D-5952-4385-9DD3-9C5235C92FFE}.job
    [2013/06/24 21:58:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/06/24 21:52:51 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/06/24 21:37:25 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/06/24 21:37:25 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/06/24 21:37:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/06/24 21:37:21 | 2138,198,015 | -HS- | M] () -- C:\hiberfil.sys
    [2013/06/24 21:35:48 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2013/06/24 21:35:26 | 000,004,604 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
    [2013/06/24 21:30:10 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2355649138-3362126530-1860452381-1002UA.job
    [2013/06/24 21:21:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/06/24 19:14:35 | 000,551,072 | ---- | M] () -- C:\Users\Marie\Desktop\Autoruns.zip
    [2013/06/24 18:48:32 | 000,478,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/06/24 18:32:55 | 000,160,639 | ---- | M] () -- C:\Users\Marie\Desktop\JavaRa-1.16-16-12-11.zip
    [2013/06/24 16:21:03 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/06/24 16:21:02 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013/06/24 16:21:02 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/06/24 16:21:02 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/06/24 16:21:01 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
    [2013/06/24 16:21:01 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
    [2013/06/24 01:30:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2355649138-3362126530-1860452381-1002Core.job
    [2013/06/23 21:25:59 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Marie\Desktop\esetsmartinstaller_enu.exe
    [2013/06/23 16:43:37 | 000,890,978 | ---- | M] () -- C:\Users\Marie\Desktop\SecurityCheck.exe
    [2013/06/23 15:49:25 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2013/06/23 15:48:16 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2013/06/23 14:34:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marie\Desktop\OTL.exe
    [2013/06/23 14:19:51 | 000,648,201 | ---- | M] () -- C:\Users\Marie\Desktop\adwcleaner.exe
    [2013/06/23 00:02:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/06/19 17:36:57 | 000,263,186 | ---- | M] () -- C:\Users\Marie\Desktop\rebuilt.Minecraft.exe
    [2013/06/18 15:12:34 | 000,660,160 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Marie\Desktop\autoruns.exe
    [2013/06/18 15:12:34 | 000,578,240 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Marie\Desktop\autorunsc.exe
    [2013/06/12 17:06:17 | 001,620,421 | ---- | M] () -- C:\Users\Marie\Documents\application pg 1.pdf
    [2013/06/12 04:58:21 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/06/12 04:58:21 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/06/11 20:54:15 | 000,000,898 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
    [2013/06/11 20:53:56 | 001,517,376 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR_Installer.exe
    [2013/06/10 20:40:28 | 000,000,554 | ---- | M] () -- C:\Users\Marie\Desktop\server.properties
    [2013/06/09 11:21:50 | 000,001,884 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
    [2013/06/05 12:35:46 | 000,712,634 | ---- | M] () -- C:\Users\Marie\Documents\EvelynGreenPage2.pdf
    [2013/06/04 12:27:53 | 000,000,993 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2013/05/31 08:09:18 | 004,140,519 | ---- | M] () -- C:\Users\Marie\Documents\Randi 20130514.jpg
    [2013/05/31 07:47:52 | 000,466,407 | ---- | M] () -- C:\Users\Marie\Desktop\McMorran Mar to May.pdf
    [2013/05/29 22:19:34 | 000,658,298 | ---- | M] () -- C:\Users\Marie\Documents\Scan0016.jpg
    [2013/05/29 16:33:05 | 000,328,522 | ---- | M] () -- C:\Users\Marie\Documents\complete care 050213.pdf
    [2013/05/29 16:28:10 | 000,343,802 | ---- | M] () -- C:\Users\Marie\Documents\complete care 050813.pdf
    [2013/05/29 16:03:10 | 001,361,571 | ---- | M] () -- C:\Users\Marie\Documents\Scan0015.jpg

    ========== Files Created - No Company Name ==========

    [2013/06/24 19:15:15 | 000,049,518 | ---- | C] () -- C:\Users\Marie\Desktop\autoruns.chm
    [2013/06/24 19:14:35 | 000,551,072 | ---- | C] () -- C:\Users\Marie\Desktop\Autoruns.zip
    [2013/06/24 18:32:55 | 000,160,639 | ---- | C] () -- C:\Users\Marie\Desktop\JavaRa-1.16-16-12-11.zip
    [2013/06/23 16:45:10 | 000,890,978 | ---- | C] () -- C:\Users\Marie\Desktop\SecurityCheck.exe
    [2013/06/23 16:37:16 | 2138,198,015 | -HS- | C] () -- C:\hiberfil.sys
    [2013/06/23 16:13:37 | 000,000,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gizmo.lnk
    [2013/06/23 16:13:37 | 000,000,898 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
    [2013/06/23 16:13:37 | 000,000,880 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
    [2013/06/23 15:49:25 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2013/06/23 14:20:59 | 000,004,604 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
    [2013/06/23 14:19:49 | 000,648,201 | ---- | C] () -- C:\Users\Marie\Desktop\adwcleaner.exe
    [2013/06/19 17:32:45 | 000,263,186 | ---- | C] () -- C:\Users\Marie\Desktop\rebuilt.Minecraft.exe
    [2013/06/12 17:04:35 | 001,620,421 | ---- | C] () -- C:\Users\Marie\Documents\application pg 1.pdf
    [2013/06/11 20:53:37 | 001,517,376 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR_Installer.exe
    [2013/06/10 20:40:14 | 000,000,554 | ---- | C] () -- C:\Users\Marie\Desktop\server.properties
    [2013/06/09 11:21:50 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    [2013/06/09 11:21:50 | 000,001,884 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
    [2013/06/05 12:35:45 | 000,712,634 | ---- | C] () -- C:\Users\Marie\Documents\EvelynGreenPage2.pdf
    [2013/05/31 08:09:15 | 004,140,519 | ---- | C] () -- C:\Users\Marie\Documents\Randi 20130514.jpg
    [2013/05/31 07:47:52 | 000,466,407 | ---- | C] () -- C:\Users\Marie\Desktop\McMorran Mar to May.pdf
    [2013/05/29 22:19:33 | 000,658,298 | ---- | C] () -- C:\Users\Marie\Documents\Scan0016.jpg
    [2013/05/29 16:33:05 | 000,328,522 | ---- | C] () -- C:\Users\Marie\Documents\complete care 050213.pdf
    [2013/05/29 16:28:09 | 000,343,802 | ---- | C] () -- C:\Users\Marie\Documents\complete care 050813.pdf
    [2013/05/29 16:03:10 | 001,361,571 | ---- | C] () -- C:\Users\Marie\Documents\Scan0015.jpg
    [2013/05/03 07:32:40 | 000,586,232 | ---- | C] () -- C:\Users\Marie\Scan0003.jpg
    [2013/02/05 20:26:10 | 000,000,880 | ---- | C] () -- C:\Users\Marie\.recently-used.xbel
    [2013/01/05 17:10:34 | 000,004,133 | ---- | C] () -- C:\Windows\entrust.ini
    [2013/01/04 20:42:56 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
    [2012/12/31 14:14:25 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2012/08/31 19:09:10 | 000,000,000 | ---- | C] () -- C:\Users\Marie\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
    [2012/08/31 09:06:25 | 000,024,095 | ---- | C] () -- C:\Users\Marie\Benefits of CGCC.odt
    [2012/01/21 15:21:42 | 000,420,200 | ---- | C] () -- C:\Users\Marie\StandUpNight.pdf
    [2011/08/22 21:00:13 | 000,000,272 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\.backup.dm
    [2011/07/19 11:57:30 | 000,000,000 | ---- | C] () -- C:\Users\Marie\.gtk-bookmarks
    [2011/07/19 11:55:06 | 000,783,880 | ---- | C] () -- C:\Users\Marie\.fonts.cache-1
    [2011/07/09 23:16:38 | 000,000,129 | ---- | C] () -- C:\Users\Marie\jagex_runescape_preferences2.dat
    [2011/07/09 23:15:31 | 000,000,034 | ---- | C] () -- C:\Users\Marie\jagex_runescape_preferences.dat
    [2010/11/25 18:56:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/01/26 22:32:03 | 000,017,043 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\UserTile.png
    [2009/09/16 18:40:12 | 000,021,504 | ---- | C] () -- C:\Users\Marie\cited work pages for english.wps
    [2009/09/15 18:25:21 | 000,145,920 | ---- | C] () -- C:\Users\Marie\brine shrimp lab.wps
    [2009/09/15 16:54:27 | 000,023,552 | ---- | C] () -- C:\Users\Marie\Untitled Document.wps
    [2009/08/27 22:15:23 | 000,011,776 | ---- | C] () -- C:\Users\Marie\project for english.wps
    [2009/08/09 19:16:04 | 000,099,384 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\inst.exe
    [2009/08/09 19:16:04 | 000,007,859 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\pcouffin.cat
    [2009/08/09 19:16:04 | 000,001,167 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\pcouffin.inf
    [2009/08/09 19:11:22 | 000,025,600 | ---- | C] () -- C:\Users\Marie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/06/08 20:36:07 | 000,006,836 | ---- | C] () -- C:\Users\Marie\AppData\Local\d3d9caps.dat
    [2009/06/01 16:04:23 | 000,009,196 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\wklnhst.dat
    [2009/05/16 21:08:34 | 000,000,632 | RHS- | C] () -- C:\Users\Marie\ntuser.pol

    ========== ZeroAccess Check ==========

    [2006/11/02 08:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 10:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 00:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 19:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\SysWow64\wbem\wbemess.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3

    < End of report >
  24. Marie Olgin

    Marie Olgin Newcomer, in training Topic Starter Posts: 85

    OTL Extras logfile created on: 6/24/2013 10:01:24 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marie\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.99 Gb Total Physical Memory | 3.68 Gb Available Physical Memory | 61.37% Memory free
    12.16 Gb Paging File | 9.37 Gb Available in Paging File | 77.01% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 450.69 Gb Total Space | 114.81 Gb Free Space | 25.47% Space Free | Partition Type: NTFS
    Drive D: | 15.00 Gb Total Space | 7.04 Gb Free Space | 46.94% Space Free | Partition Type: NTFS

    Computer Name: ADMIN-PC | User Name: Marie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = D8 05 5F 39 DC 72 CA 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0BC983C1-D2ED-4EEA-ACE4-44CAB460453A}" = lport=40080 | protocol=6 | dir=in | name=remote access media server |
    "{110D04DF-28E7-41ED-88E1-BA4A2AE4E817}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1149577D-7090-4BA2-8E3E-32F5DD3A34CB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{13DE940B-16B8-4EAF-BA1F-9C156A501CF4}" = lport=40092 | protocol=6 | dir=in | name=streaming web cam |
    "{14C6B14C-6C6C-40FD-A418-9982B7BCB84C}" = lport=40093 | protocol=6 | dir=in | name=streaming web cam |
    "{1A193BC1-BA4A-42B3-B6EE-27B3DDEA6657}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{1C0F61C5-549C-4BF9-BB5A-8A87A25A5CF7}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{1F069A56-1736-417C-846C-3ACA03F6AA4F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{20485A4C-AC31-4A46-936B-F88F8411F5B7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{229B2E81-854D-49DC-A98D-31CE85C94DD4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{237238F4-16BB-4286-A707-B0CDC45FDA60}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{240AECE1-11F2-4D28-AFC4-6E63282ED355}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{249ABFD8-F1C8-444B-8658-243448E66B57}" = rport=10244 | protocol=6 | dir=out | app=system |
    "{298D3D02-8898-4C3F-88E1-FC63B030C769}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{3B68D5D6-1D32-453B-A0FF-F525A2C27A25}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{4B46D378-10BF-441C-90BF-5A10E2861EF6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4DAD5103-47C9-4275-AFF6-808F90EEEEAC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{576177F4-2673-44DD-9643-36A07B9C4198}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{5823C674-CB03-415D-A51F-89326B74B578}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{59F0196D-E289-4781-9420-18FC70C58484}" = rport=10244 | protocol=6 | dir=out | app=system |
    "{5B07E1C4-75A1-436E-99E5-4B837FD29D72}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5B95956B-4AA6-42B6-A588-A963934B3596}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{5CC51B66-F238-47A3-97E6-8016758739BD}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{5CD83181-EF29-4DE2-BC7B-950F4D9561BF}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{671CB1A2-BB7C-4706-AD28-18FBD3953A36}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{69584812-26B5-4495-A408-141590AB4E1C}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6C06B41E-FB5B-414E-AC3C-4614EA59141F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{6E3EB9F5-8EF9-4CBE-8003-DB6F68291206}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{6FAE0A13-B61E-4F1C-A227-4455AFBAF53E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{75833F58-3DB7-418C-A860-1AAA185D068D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{7A502ED7-B0FD-4670-A5A0-6D652CA731CD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{7BEEC133-CF89-493C-A275-2468DEDFAA84}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{7D9DA985-0468-40D1-A5AE-B00068F96AF1}" = rport=137 | protocol=17 | dir=out | app=system |
    "{803DEF6F-70EE-4EF7-8692-4B6C5056EC1D}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{8921C703-804A-46B8-B8D3-9ABB5879E1A0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{8B97571F-4231-4996-A6B9-1D79C7D01B01}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{8CD521D3-8DDA-44FD-9DCB-6DEABD7064F5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{911C62C5-68EC-4A24-AD49-05C353ACBAAE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{915AD26A-8313-4761-90F0-D66A2754D128}" = lport=40091 | protocol=6 | dir=in | name=streaming web cam |
    "{92CB85C2-A36D-444C-9F65-664ED7817AF7}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{948685E0-C3D5-49FF-9E20-B3EF38A749AD}" = lport=137 | protocol=17 | dir=in | app=system |
    "{975870A2-37B6-4045-A117-114150FFB4D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{98C5646F-113F-4277-A04D-5F79FCE39C50}" = lport=445 | protocol=6 | dir=in | app=system |
    "{99B6D8BC-A74E-40DE-9102-744DC9F0BAA1}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{A03150AE-694A-45BB-B740-C3E0ED63F624}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A54AE22F-E02F-44CE-9AA1-732899BEC615}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{A96038A0-8A35-45DB-897E-E00B2E296212}" = lport=40090 | protocol=6 | dir=in | name=streaming web cam |
    "{A97E1231-7D50-4C7F-A674-9CFDAA9F5452}" = rport=138 | protocol=17 | dir=out | app=system |
    "{B0AFC472-B3F3-4DF9-962D-A91475608F32}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{B43887CD-5A9F-4BBE-85E2-B20ABF63E469}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B4EE9705-6FA5-4A10-9758-FF10EBDE47D9}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam |
    "{B4FF6FFA-5ED3-4C5B-96AB-8CBE238790B1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B827D519-E246-4720-BBEF-4DF6790B06BF}" = lport=139 | protocol=6 | dir=in | app=system |
    "{BB252072-9640-4828-982B-C5EC61BA3BF2}" = lport=138 | protocol=17 | dir=in | app=system |
    "{BFC6093B-423A-45A8-99EB-695CDC9C1E05}" = lport=5900 | protocol=6 | dir=in | name=ultravnc server |
    "{C4D0E297-1BD5-4D5A-969E-823ADC4EBF8F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CA5D5104-4519-45EE-8CA0-3C35221CA4A1}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{D4D17E36-A99B-4B0E-BFFB-6C8C7F470FEC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{DBEE46A1-74AC-4B85-9DE3-7937A1992B4C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{DF0BF26B-42C8-4393-ABC7-A763BD787406}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E878FFF0-E9C4-48D9-B5C0-12EEBC35CB8A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EBB98E53-05E8-4D8F-ABF0-35C3F2791026}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{F4B7D705-3FB9-4CD8-A7FB-A46107E65D7B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F795727C-FBAB-4D3F-8A68-86B09FDF0473}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{FA442705-9C92-404D-8AB4-9F2D065CB8DB}" = rport=445 | protocol=6 | dir=out | app=system |
    "{FD854CB1-1E98-40A1-AADF-94E0B1B33F3B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FDBF8989-5A4C-486A-8893-0AFD0B4BA4CB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{013D694A-6C24-4829-B1B7-3D0E4ECCAA37}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{0144221C-E2C5-4B56-939B-D19A560FFBD3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{02F6C235-9E08-446F-B66B-42D15182769F}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe |
    "{03B39BA4-A9AB-479C-B1E8-D9AA5D4CAABB}" = protocol=17 | dir=in | app=c:\users\marie\appdata\roaming\dropbox\bin\dropbox.exe |
    "{07F472D5-0C7A-45E2-96DA-686EB0725F7D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
    "{099A40C4-80F5-42E1-AE26-304124697623}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{0CAC50B4-5FC5-4668-8BAC-6DDC318DCD9C}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{0F014101-C892-411A-90FB-5318C677FD3F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysql.exe |
    "{0FEA2215-116F-45AE-922E-F5ACAF4B44F8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{109B77A0-617B-4CA5-A1A4-C6976BFD8F76}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\apache\bin\httpd.exe |
    "{13423D55-609E-4737-AF1A-7FB7519EA389}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{144984B4-0922-424E-92E0-CF7C318D8C90}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{1A7035FA-CBE3-492A-9618-1DE0B270818A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
    "{1B846503-B427-444C-A239-D822C5095ACD}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\apache\bin\httpd.exe |
    "{21A28268-A57A-4CEC-AB92-5276047BA136}" = dir=in | app=tracsrvwrapper.exe |
    "{282FEE7E-491C-4C3C-A277-553C99F3C5B9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{28FCB6F9-5A69-402D-A3B4-9F8C47C34A8A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{29DAEA33-7AF9-423A-9A47-79EC30AC98F8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
    "{2BE7E735-9A88-4752-8FD3-3478406F9435}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
    "{2CEC4974-397C-4F70-9A0B-CD013878CD4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{33267A97-FF2E-4DDA-8426-16F3E74F0E38}" = dir=in | app=c:\program files (x86)\checkpoint\securemote\bin\sr_service.exe |
    "{352E7ED3-79AA-4BFD-BCCC-A7AA3FCAB884}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{36DC7654-719E-4B39-8505-78F006F345CD}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
    "{3A0BD7EF-EE09-4C2A-8A5B-69C4C6ED4463}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
    "{3B058E27-6D77-43DA-84A4-68E0A95FB08A}" = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe |
    "{3B8DC91E-A4F6-4355-A1FF-9E7382537CD1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{3C269FA9-2569-4F20-BCE3-D2B88C1C6A66}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{3FF5738A-7061-41A9-8D1D-AE1160299970}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{482F17EA-97AF-4BA8-BA03-64A0DA44A368}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\apache\php.exe |
    "{4929F89D-2F73-498C-9A62-A6D305B46504}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
    "{4B331E71-1BA7-4654-B1DA-9286673E9E86}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{4B4A096C-F421-4600-A879-0BAC323FC190}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{4E145EE3-B63A-4177-A40E-453F100B7F59}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "{4E1DFA30-D6D3-4A90-85F3-301F84A8B7B6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{50D52633-6312-43E2-A198-CE9F1B79DE6F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\apache\php.exe |
    "{51F84165-FE98-41BC-9E0C-3259E104D03B}" = protocol=17 | dir=in | app=c:\programdata\ultravnc\winvnc.exe |
    "{55724F4E-12B7-4BD2-9E52-A58250B259E6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{5722E152-E2B9-4817-95BF-3E8ED720F811}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{5BC41D47-540F-4726-9F48-E2CE3316B890}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{5CA582FF-F6C9-4E82-9CC7-D716177CD774}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
    "{5CA66D63-1E35-45D6-9E98-797FF2AE99CA}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{66535982-AC25-4669-BD4A-A311C768128B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
    "{6E2F6D72-2D2D-4FB2-A814-0A8C9B6C73F8}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
    "{6EABFA1C-3E20-48C0-B89C-A2714141250D}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\devicesetup.exe |
    "{6F9650D7-8669-4235-9422-78355AA97460}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{7264DB74-7CA9-4DD2-A22A-B2366BFE36AF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{73EC2E8B-6EE3-40B8-990E-733F41E0F7E4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{7460FF57-95C6-4A09-B1E6-5B8C444BCE50}" = dir=in | app=c:\program files (x86)\checkpoint\securemote\bin\sr_gui.exe |
    "{76954E87-E3F5-40D1-9937-C22C93B64A2A}" = protocol=6 | dir=out | app=system |
    "{7816547E-8718-49B2-8958-1385B1B34D62}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
    "{7835BB78-50D1-4E64-A126-E8D7E9756515}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
    "{7A72198D-EA94-4BB4-8E1B-3844457D7BAF}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
    "{7CDD1163-5181-4353-9DF1-8AB7226771CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{7D363997-1EEC-4F8E-BB90-EA82072DD613}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{7DE44A7F-6FFA-4757-8780-996065AAC1F3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{7F6677D0-9ECC-4478-B6D7-20675B26DC15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7FF7A5BB-0DE2-484C-A18F-EF9B426EC8FF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
    "{81C928F0-8E1E-4F5A-BF7C-D216E67B7544}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysql.exe |
    "{820F534C-211F-4C98-8525-9B094CBE8521}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{82A7AA83-570C-42A2-96DD-29919152B9A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{83A9C709-EC1F-4D8E-AAEC-24EF3749568A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{8BBC299C-F325-4BA9-A29B-BDA5F158575F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{8E23B41B-CF37-4AD4-8859-D7D45B3F764B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9202FE1C-A6E2-4E18-9B3C-AF383CC60FE1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{92E25A1F-B30A-42DF-840B-BE0A288BFC18}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{9373FAF0-2A3F-4E2C-9437-C5E22F22530F}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{938740F5-889E-40A3-ABA4-9D7E9111091D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{93B07C1B-8FAE-4AC3-A4C3-57D96A3EAD81}" = protocol=6 | dir=in | app=c:\programdata\ultravnc\winvnc.exe |
    "{96029AC9-3228-4638-83B6-CEFF5E04FC10}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9728EB0D-B8A6-4E96-BA90-16D534AEF556}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{988626C3-AA09-418E-AC8D-401FB2ADB743}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{9B443C55-4D75-4BA3-98AD-33329C3B949D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
    "{9CF06ABE-6456-4707-BA35-CEDAD11EEBB9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{9D7A4E8C-A2FD-44B9-9556-C18753B8AF43}" = dir=in | app=c:\program files (x86)\checkpoint\securemote\bin\scc.exe |
    "{9E45168F-A653-4BFD-ABFF-AAD9C5649EF2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
    "{9EFEF532-ECEC-45A2-ACA4-19930DB393CB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{A7E5F410-0C8F-48EE-A5E3-5290349825F3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{AC7A930E-D275-4DAB-841C-0F99A9C3EBB3}" = dir=in | app=trgui.exe |
    "{AD4C4973-BB89-4C02-B8D2-CA2CFA9C0EF2}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{AF0289D6-DEA9-4428-83B5-D36D5A6EFB65}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
    "{B0381D70-FE38-4090-AB00-DB6BE4BF5F28}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{B328CC70-EE12-4582-A5A2-E1C1907D47A4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
    "{B67F0036-1C03-469F-AD1A-C45D81B84B15}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicatorcom.exe |
    "{B84B7B01-34CE-4499-BF99-56FDAA3D4E58}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{B9734F1F-4A69-4FA5-A97B-12DB8DE23FBF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BD2E4BD2-5E5E-4B89-BB15-DC0BF71F90B9}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{C114B8F0-F2A5-4656-8F70-55199575216E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe |
    "{C3177110-CC2A-44BD-89F3-D5D6A39CF90A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{C5318E33-33C9-4955-8CC7-10BA0A332D37}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{C913A520-7236-4A30-8A96-D5F125F3AEA1}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
    "{CDA20227-35B5-4B9D-9A12-DF8B4058656F}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{CDE0D37F-4950-479D-9981-02A635357538}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{D0152CDB-2F4A-4AD5-A332-7D98DF28721C}" = dir=in | app=c:\program files (x86)\checkpoint\endpoint connect\trgui.exe |
    "{D1DCACF8-B1F9-41DA-8407-108D14B20628}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{D3750468-D431-424C-A16D-EEEB137991EF}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe |
    "{D4440A63-8CE3-470D-98CC-5D7F3A3A9DC7}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
    "{D58E3663-2A99-48EF-AD95-E8903FABD9FD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{DEF4EDDB-DC02-4110-B48A-48AD3452F5FB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{DF72939A-EA73-44F3-BA67-132507EEA922}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{DFEA7901-9E65-4544-9D94-40D4C13912BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E415B23D-06E6-4825-9ABF-A2C28A685A7D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{E448ACCF-5C0D-414B-95EF-A09A1CC777A7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{EA98B1F8-333B-4BA3-B1B2-D259515C78AE}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "{EED6C3C7-114F-4C41-AB6A-14E973E385AE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{F014BFFE-5861-49D7-9A64-EE0969B527E6}" = protocol=6 | dir=in | app=c:\users\marie\appdata\roaming\dropbox\bin\dropbox.exe |
    "{F6128022-3541-4C06-B3EE-0C03DFD2192A}" = dir=in | app=c:\program files (x86)\checkpoint\endpoint connect\tracsrvwrapper.exe |
    "{F94DF9F5-DEB7-4E58-BD3A-A0779C7C90D5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe |
    "{F9F9667C-F91C-4F82-BADE-91FBB1C08147}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{FA38D644-FB2B-44A1-A659-EB31055BB4CA}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
    "{FA5732A6-8DCD-42CC-A95C-63696AF369D7}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{FE50ADAA-9E50-4EF0-86E6-5DBCFF04573E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe |
    "{FE7E375B-EBD8-4042-82DA-11493622147B}" = dir=in | app=c:\program files (x86)\checkpoint\securemote\bin\sr_diagnostics.exe |
    "{FF0E6F59-37F4-4ED8-BA83-089B9759C88B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.