TechSpot

Help with Win64/Patched.A

Solved
By G-doctor
Jun 6, 2013
  1. Broni

    Broni Malware Annihilator Posts: 47,586   +267

    Looks good.

    Update me on current issues.
     
  2. G-doctor

    G-doctor TS Rookie Topic Starter Posts: 37

    My Internet doesn't work. My wifi connects. I don't really see any issues otherwise.
     
  3. Broni

    Broni Malware Annihilator Posts: 47,586   +267

    I'm not sure if I understand....
    Please explain.

    Then....

    Please download Farbar Service Scanner Download Link and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center/Action Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
    G-doctor likes this.
  4. G-doctor

    G-doctor TS Rookie Topic Starter Posts: 37

    Sorry, it's been like that ever since the virus. I get limited connectivity sign. HP connection manager says my mobility center disabled wireless LAN. I am able to access my modem/router via browser, but am not able to access any webpages. I know my Internet works as my iPad connects and so does my iPhone. I will try the Farber service scanner and get back to you soon.
     
  5. Broni

    Broni Malware Annihilator Posts: 47,586   +267

  6. G-doctor

    G-doctor TS Rookie Topic Starter Posts: 37

    FSS.txt

    Farbar Service Scanner Version: 31-05-2013 01
    Ran by G-Man (administrator) on 07-06-2013 at 19:27:45
    Running from "C:\Users\G-Man\Downloads"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error. Google IP is offline
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo IP returned error. Yahoo IP is offline
    Attempt to access Yahoo.com returned error: Other errors


    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.

    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

    bfe Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    wscsvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============
    Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
    Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
    Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
    Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
    Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
    Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  7. Broni

    Broni Malware Annihilator Posts: 47,586   +267

    We have number of registry keys missing there.
    Before we attempt to fix them we need to run one more scan.

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  8. G-doctor

    G-doctor TS Rookie Topic Starter Posts: 37

    I'm accessing Internet from my laptop :)! Thank you so much!

    Here is ComboFix.txt

    ComboFix 13-06-07.03 - G-Man 06/07/2013 19:51:10.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6092.3745 [GMT -7:00]
    Running from: c:\users\G-Man\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ADS - Windows: deleted 192 bytes in 1 streams.
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\FunWebProducts
    c:\program files (x86)\StartSearch plugin
    c:\program files (x86)\StartSearch plugin\IEhelperActiveX.dll
    c:\program files (x86)\StartSearch plugin\startsplg.crx
    c:\program files (x86)\StartSearch plugin\uninst.exe
    c:\programdata\conotinuetossave
    c:\programdata\conotinuetossave\51b00ab37e0f7.tlb
    c:\programdata\conotinuetossave\settings.ini
    c:\programdata\conotinuetossave\uninstall.exe
    c:\programdata\Microsoft\Windows\Start Menu\Programs\conotinuetossave
    c:\programdata\Microsoft\Windows\Start Menu\Programs\conotinuetossave\conotinuetossave.lnk
    c:\programdata\Microsoft\Windows\Start Menu\Programs\conotinuetossave\Uninstall.lnk
    c:\users\G-Man\AppData\Local\assembly\tmp
    c:\users\G-Man\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6119C698-5400-40C4-AD92-9E1CB193E8DF}.xps
    c:\users\G-Man\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E20C8EDA-473C-4F0B-9F6D-86F4901D1F03}.xps
    c:\users\G-Man\Documents\~WRL0005.tmp
    c:\windows\SysWow64\2f1ee195.exe
    c:\windows\SysWow64\WINSKKO.DLL
    c:\windows\XSxS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-05-08 to 2013-06-08 )))))))))))))))))))))))))))))))
    .
    .
    2013-06-08 03:07 . 2013-06-08 03:07 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-06-08 03:07 . 2013-06-08 03:07 -------- d-----w- c:\users\weoin\AppData\Local\temp
    2013-06-08 01:06 . 2013-06-08 01:45 -------- d-----w- C:\FRST
    2013-06-08 00:38 . 2013-06-08 00:38 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2013-06-07 23:32 . 2013-06-07 23:32 -------- d-----w- C:\Adolescent Medecine + Allergy &
    2013-06-07 22:50 . 2013-06-07 22:50 -------- d-----w- C:\General Pediatrics + Infectious
    2013-06-07 04:57 . 2012-07-21 19:55 180736 ----a-w- c:\windows\system32\AC3ACM.acm
    2013-06-07 04:57 . 2012-07-21 19:54 122880 ----a-w- c:\windows\SysWow64\AC3ACM.acm
    2013-06-07 04:24 . 2013-06-07 04:24 -------- d-----w- c:\program files (x86)\BitrateViewer
    2013-06-07 02:56 . 2013-06-07 02:56 -------- d-----w- C:\Infectious Disease 1of2
    2013-06-07 02:55 . 2013-06-07 02:55 -------- d-----w- c:\program files (x86)\DVD Decrypter
    2013-06-06 19:15 . 2013-06-06 19:15 -------- d-----w- c:\users\G-Man\AppData\Roaming\Malwarebytes
    2013-06-06 19:15 . 2013-06-07 07:07 -------- d-----w- c:\programdata\Malwarebytes
    2013-06-06 19:15 . 2013-06-06 19:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-06-06 19:15 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-06-06 18:13 . 2013-06-06 18:13 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-06-06 18:11 . 2013-06-06 18:11 -------- d-----w- c:\users\weoin\AppData\Local\Apple Computer
    2013-06-06 08:51 . 2013-06-06 08:51 -------- d-----w- c:\users\weoin\AppData\Roaming\Hewlett-Packard
    2013-06-06 08:49 . 2013-06-06 08:49 -------- d-----w- c:\users\weoin\AppData\Roaming\DivX
    2013-06-06 08:37 . 2013-06-06 08:37 -------- d-----w- c:\users\weoin\AppData\Local\Hewlett-Packard_Developme
    2013-06-06 08:36 . 2013-06-06 08:36 -------- d-----w- c:\users\weoin\AppData\Local\ElevatedDiagnostics
    2013-06-06 08:29 . 2013-06-06 08:29 -------- d-----w- c:\users\weoin\AppData\Roaming\TuneUp Software
    2013-06-06 08:26 . 2013-06-06 08:26 -------- d-----w- c:\users\weoin\AppData\Roaming\Yahoo!
    2013-06-06 08:25 . 2013-06-06 08:25 -------- d-----w- c:\users\weoin\AppData\Local\Opera
    2013-06-06 08:24 . 2013-06-06 08:24 -------- d-----w- c:\users\weoin\AppData\Local\AVG SafeGuard toolbar
    2013-06-06 08:24 . 2013-06-06 08:24 -------- d-----w- c:\users\weoin\AppData\Roaming\ControlCenter4
    2013-06-06 06:00 . 2013-06-06 06:01 -------- d-----w- c:\program files (x86)\AoA DVD Ripper
    2013-06-06 03:34 . 2013-06-06 03:34 -------- d-----w- C:\AcalaSoft
    2013-06-06 03:18 . 2013-06-06 03:18 -------- d-----w- c:\programdata\StarApp
    2013-06-06 03:13 . 2013-06-06 03:23 -------- d-----w- c:\program files (x86)\AcalaSoft
    2013-06-06 02:50 . 2013-06-06 02:50 -------- d-----w- c:\program files (x86)\Handbrake
    2013-06-06 00:53 . 2013-06-06 00:54 -------- d-----w- c:\users\G-Man\AppData\Roaming\ControlCenter4
    2013-06-05 23:28 . 2013-06-05 23:28 -------- d-----w- C:\Brother
    2013-06-05 23:28 . 2013-06-05 23:28 -------- d-----w- c:\program files (x86)\BrownyScn
    2013-06-05 23:28 . 2013-06-05 23:28 -------- d-----w- c:\programdata\ControlCenter4
    2013-06-05 23:28 . 2013-06-05 23:28 -------- d-----w- c:\program files (x86)\ControlCenter4
    2013-06-05 23:27 . 2009-07-13 22:37 1002728 ----a-w- c:\windows\system32\drivers\WinUSBCoInstaller2.dll
    2013-06-05 23:27 . 2009-07-14 05:21 1721576 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01009.dll
    2013-06-05 23:27 . 2012-07-31 11:56 95344 ----a-w- c:\windows\system32\drivers\BrSerIb.sys
    2013-06-05 23:27 . 2012-06-22 01:59 21872 ----a-w- c:\windows\system32\drivers\BrUsbSib.sys
    2013-06-05 23:27 . 2012-06-22 01:59 20592 ----a-w- c:\windows\system32\brciser.dll
    2013-06-05 23:27 . 2012-04-16 03:03 1441792 ----a-w- c:\windows\system32\BrWi211d.dll
    2013-06-05 23:27 . 2012-04-16 02:04 50688 ----a-w- c:\windows\system32\BrUsi11d.dll
    2013-06-05 23:27 . 2012-03-28 05:39 279040 ----a-w- c:\windows\system32\BrJDec.dll
    2013-06-05 23:27 . 2012-03-28 05:39 12800 ----a-w- c:\windows\system32\BrCiImg.dll
    2013-06-05 23:26 . 2013-06-05 23:27 -------- d-----w- c:\program files (x86)\Brother
    2013-06-05 23:25 . 2013-06-05 23:25 -------- d-----w- c:\programdata\Brother
    2013-06-05 23:25 . 2013-06-05 23:25 -------- d-----w- c:\users\G-Man\AppData\Roaming\InstallShield
    2013-06-05 20:42 . 2013-06-05 22:15 -------- d-----w- c:\users\G-Man\AppData\Roaming\HandBrake
    2013-06-03 20:42 . 2013-06-03 20:42 -------- d-----w- c:\program files (x86)\Application Updater
    2013-06-03 20:42 . 2013-06-03 20:42 -------- d-----w- c:\program files (x86)\YTD Toolbar
    2013-06-03 02:37 . 2013-06-03 02:37 -------- d-----w- c:\users\G-Man\AppData\Local\Opera
    2013-06-03 02:37 . 2013-06-03 02:37 -------- d-----w- c:\program files (x86)\Opera
    2013-06-01 01:42 . 2013-06-08 03:06 -------- d-----w- c:\users\G-Man\AppData\Local\assembly
    2013-05-31 18:26 . 2013-05-31 18:26 -------- d-----w- c:\users\G-Man\AppData\Roaming\Inbit
    2013-05-31 18:26 . 2013-05-31 18:26 172032 ----a-w- c:\windows\FS9Unins.exe
    2013-05-31 18:26 . 2013-05-31 18:26 -------- d-----w- c:\programdata\Inbit
    2013-05-31 18:26 . 2013-05-31 18:26 -------- d-----w- c:\program files\Inbit
    2013-05-24 07:19 . 2013-05-24 07:30 -------- d-----w- c:\program files (x86)\MultiPageEditor
    2013-05-24 05:39 . 2013-05-24 05:39 -------- d-----w- c:\programdata\A-PDF
    2013-05-24 05:39 . 2013-05-24 05:40 -------- d-----w- c:\programdata\flipBook
    2013-05-24 05:39 . 2013-05-24 05:39 -------- d-----w- c:\program files (x86)\Flip PDF
    2013-05-24 04:35 . 2013-05-24 04:35 -------- d-----w- c:\users\G-Man\AppData\Roaming\Nitro
    2013-05-24 04:35 . 2013-05-24 04:35 -------- d-----w- c:\users\G-Man\AppData\Roaming\FileOpen
    2013-05-24 04:35 . 2013-05-24 04:35 -------- d-----w- c:\programdata\FileOpen
    2013-05-24 04:29 . 2013-05-24 04:29 -------- d-----w- c:\programdata\Nitro
    2013-05-24 04:26 . 2013-05-24 04:26 -------- d-----w- c:\users\G-Man\AppData\Roaming\Downloaded Installations
    2013-05-24 03:41 . 2013-05-24 03:41 -------- d-----w- c:\program files\ImageMagick-6.8.5-Q16
    2013-05-24 02:14 . 2013-05-24 02:14 -------- d-----w- c:\users\G-Man\AppData\Roaming\Foxit Software
    2013-05-20 06:01 . 2013-05-20 06:21 -------- d-----w- c:\programdata\AdvancedTiffEditor
    2013-05-20 06:00 . 2013-05-20 06:00 -------- d-----w- c:\users\G-Man\AppData\Roaming\AdvancedTiffEditor
    2013-05-20 05:53 . 2011-09-08 13:06 155648 ----a-w- c:\windows\agent.exe
    2013-05-20 05:52 . 2011-09-08 13:08 46592 ----a-w- c:\windows\SysWow64\grtppm.dll
    2013-05-20 05:50 . 2013-05-20 05:53 -------- d-----w- c:\program files (x86)\GraphicRegion TIF Printer
    2013-05-20 05:50 . 2013-05-20 05:50 -------- d-----w- c:\program files (x86)\gs
    2013-05-20 05:50 . 2013-05-20 05:50 -------- d-----w- c:\program files (x86)\Advanced TIFF Editor
    2013-05-17 22:43 . 2013-05-17 22:45 -------- d-----w- C:\Adobe Acrobat XI
    2013-05-15 05:39 . 2013-05-15 05:39 -------- d-----w- c:\users\G-Man\AppData\Local\LogMeIn
    2013-05-15 05:39 . 2013-03-20 00:32 60776 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
    2013-05-15 05:38 . 2013-03-20 00:31 35688 ----a-w- c:\windows\system32\LMIport.dll
    2013-05-15 05:38 . 2013-03-20 00:32 88448 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2013-05-15 05:38 . 2012-11-29 18:56 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
    2013-05-15 05:38 . 2013-03-20 00:31 84328 ----a-w- c:\windows\system32\LMIinit.dll
    2013-05-15 05:38 . 2013-06-06 07:03 -------- d-----w- c:\programdata\LogMeIn
    2013-05-15 05:37 . 2013-05-15 05:41 -------- d-----w- c:\program files (x86)\LogMeIn
    2013-05-14 20:31 . 2013-05-14 20:31 6128760 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    2013-05-14 20:31 . 2013-05-14 20:31 6128760 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    2013-05-12 16:42 . 2013-06-03 09:34 -------- d-----r- c:\users\G-Man\Dropbox
    2013-05-12 16:38 . 2013-06-06 07:51 -------- d-----w- c:\users\G-Man\AppData\Roaming\Dropbox
    2013-05-09 03:46 . 2013-05-09 03:46 -------- d-----w- c:\program files (x86)\Common Files\Java
    2013-05-09 03:46 . 2013-04-04 12:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-05-29 02:20 . 2013-05-04 01:04 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2013-05-18 01:26 . 2012-04-06 02:02 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
    2013-05-17 23:24 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2013-05-17 04:52 . 2012-04-06 02:02 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2013-05-17 04:52 . 2011-12-05 01:58 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2013-04-30 10:03 . 2013-04-30 10:03 226304 ----a-w- c:\windows\system32\elshyph.dll
    2013-04-30 10:03 . 2013-04-30 10:03 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
    2013-04-30 10:03 . 2013-04-30 10:03 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2013-04-30 10:03 . 2013-04-30 10:03 158720 ----a-w- c:\windows\SysWow64\msls31.dll
    2013-04-30 10:03 . 2013-04-30 10:03 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
    2013-04-30 10:03 . 2013-04-30 10:03 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
    2013-04-30 10:03 . 2013-04-30 10:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2013-04-30 10:03 . 2013-04-30 10:03 138752 ----a-w- c:\windows\SysWow64\wextract.exe
    2013-04-30 10:03 . 2013-04-30 10:03 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
    2013-04-30 10:03 . 2013-04-30 10:03 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2013-04-30 10:03 . 2013-04-30 10:03 12800 ----a-w- c:\windows\SysWow64\mshta.exe
    2013-04-30 10:03 . 2013-04-30 10:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2013-04-30 10:03 . 2013-04-30 10:03 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2013-04-30 10:03 . 2013-04-30 10:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2013-04-30 10:03 . 2013-04-30 10:03 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
    2013-04-30 10:03 . 2013-04-30 10:03 361984 ----a-w- c:\windows\SysWow64\html.iec
    2013-04-30 10:03 . 2013-04-30 10:03 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2013-04-30 10:03 . 2013-04-30 10:03 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2013-04-30 10:03 . 2013-04-30 10:03 197120 ----a-w- c:\windows\system32\msrating.dll
    2013-04-30 10:03 . 2013-04-30 10:03 81408 ----a-w- c:\windows\system32\icardie.dll
    2013-04-30 10:03 . 2013-04-30 10:03 762368 ----a-w- c:\windows\system32\ieapfltr.dll
    2013-04-30 10:03 . 2013-04-30 10:03 452096 ----a-w- c:\windows\system32\dxtmsft.dll
    2013-04-30 10:03 . 2013-04-30 10:03 441856 ----a-w- c:\windows\system32\html.iec
    2013-04-30 10:03 . 2013-04-30 10:03 281600 ----a-w- c:\windows\system32\dxtrans.dll
    2013-04-30 10:03 . 2013-04-30 10:03 216064 ----a-w- c:\windows\system32\msls31.dll
    2013-04-30 10:03 . 2013-04-30 10:03 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
    2013-04-30 10:03 . 2013-04-30 10:03 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2013-04-30 10:03 . 2013-04-30 10:03 270848 ----a-w- c:\windows\system32\iedkcs32.dll
    2013-04-30 10:03 . 2013-04-30 10:03 235008 ----a-w- c:\windows\system32\url.dll
    2013-04-30 10:03 . 2013-04-30 10:03 97280 ----a-w- c:\windows\system32\mshtmled.dll
    2013-04-30 10:03 . 2013-04-30 10:03 27648 ----a-w- c:\windows\system32\licmgr10.dll
    2013-04-30 10:03 . 2013-04-30 10:03 247296 ----a-w- c:\windows\system32\webcheck.dll
    2013-04-30 10:03 . 2013-04-30 10:03 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-04-30 10:03 . 2013-04-30 10:03 102912 ----a-w- c:\windows\system32\inseng.dll
    2013-04-30 10:03 . 2013-04-30 10:03 599552 ----a-w- c:\windows\system32\vbscript.dll
    2013-04-30 10:03 . 2013-04-30 10:03 167424 ----a-w- c:\windows\system32\iexpress.exe
    2013-04-30 10:03 . 2013-04-30 10:03 144896 ----a-w- c:\windows\system32\wextract.exe
    2013-04-30 10:03 . 2013-04-30 10:03 173568 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-04-30 10:03 . 2013-04-30 10:03 149504 ----a-w- c:\windows\system32\occache.dll
    2013-04-30 10:03 . 2013-04-30 10:03 62976 ----a-w- c:\windows\system32\pngfilt.dll
    2013-04-30 10:03 . 2013-04-30 10:03 51200 ----a-w- c:\windows\system32\imgutil.dll
    2013-04-30 10:03 . 2013-04-30 10:03 13824 ----a-w- c:\windows\system32\mshta.exe
    2013-04-30 10:03 . 2013-04-30 10:03 136192 ----a-w- c:\windows\system32\iepeers.dll
    2013-04-30 10:03 . 2013-04-30 10:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
    2013-04-30 10:03 . 2013-04-30 10:03 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
    2013-04-30 10:03 . 2013-04-30 10:03 12800 ----a-w- c:\windows\system32\msfeedssync.exe
    2013-04-30 10:03 . 2013-04-30 10:03 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2013-04-30 10:03 . 2013-04-30 10:03 77312 ----a-w- c:\windows\system32\tdc.ocx
    2013-04-30 10:03 . 2013-04-30 10:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2013-04-20 14:09 . 2013-04-20 14:09 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
    2013-04-12 14:45 . 2013-04-23 19:32 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2013-04-01 07:22 . 2012-06-02 19:08 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2013-04-01 07:22 . 2011-05-31 04:53 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2013-03-19 06:04 . 2013-04-10 07:52 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-03-19 05:46 . 2013-04-10 07:52 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2013-03-19 05:04 . 2013-04-10 07:52 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-03-19 05:04 . 2013-04-10 07:52 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-03-19 04:47 . 2013-04-10 07:52 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
    2013-03-19 03:06 . 2013-04-10 07:52 112640 ----a-w- c:\windows\system32\smss.exe
    2009-01-13 18:45 . 2011-12-15 21:22 81920 ----a-w- c:\program files (x86)\Common Files\WIZ1x0SR_105SR_CFG.exe
    2009-01-13 18:45 . 2011-12-15 21:22 81920 ----a-w- c:\program files\Common Files\WIZ1x0SR_105SR_CFG.exe
    2006-12-01 09:54 . 2011-12-15 21:22 626688 ----a-w- c:\program files (x86)\Common Files\MSVCR80.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2FF7C269-7AE2-49C7-86C2-B2F5E26F96C1}]
    2013-05-02 08:59 78648 ----a-w- c:\users\G-Man\AppData\Local\getsavin\ie\getsavin_1367485142.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2013-05-29 02:20 1991344 ----a-w- c:\program files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}]
    2013-01-24 18:45 170840 ----a-w- c:\program files\Updater By SweetPacks\Extension32.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
    2011-01-17 20:54 175912 ----a-w- c:\program files (x86)\Veoh_Web_Player\prxtbVeoh.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
    2013-04-03 23:06 1310480 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
    2013-05-15 19:38 1353536 ----a-w- c:\program files (x86)\YTD Toolbar\IE\7.1\ytdToolbarIE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
    2012-08-01 18:13 233288 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
    2011-12-09 01:11 194848 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
    "{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files (x86)\Veoh_Web_Player\prxtbVeoh.dll" [2011-01-17 175912]
    "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2013-04-03 1310480]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll" [2013-05-29 1991344]
    "{F3FEE66E-E034-436a-86E4-9690573BEE8A}"= "c:\program files (x86)\YTD Toolbar\IE\7.1\ytdToolbarIE.dll" [2013-05-15 1353536]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
    .
    [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
    [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
    .
    [HKEY_CLASSES_ROOT\clsid\{f3fee66e-e034-436a-86e4-9690573bee8a}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-08 23:01 130736 ----a-w- c:\users\G-Man\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-08 23:01 130736 ----a-w- c:\users\G-Man\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-08 23:01 130736 ----a-w- c:\users\G-Man\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-08 23:01 130736 ----a-w- c:\users\G-Man\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
    @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
    [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
    2012-04-09 23:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
    "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-04-28 94264]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
    "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-03-11 1502776]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
    "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-03-27 73832]
    "ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-05-29 1226928]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-24 3477640]
    "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-09-11 143360]
    "BrScnStsMon00"="c:\program files (x86)\BrownyScn\Brother\BrStMonScn.exe" [2012-09-13 1642496]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "midi5"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
    .
     
  9. G-doctor

    G-doctor TS Rookie Topic Starter Posts: 37

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
    R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [x]
    R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82.sys;c:\windows\SYSNATIVE\Drivers\CSN5PDTS82.sys [x]
    R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20101201.001\IDSVia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20101201.001\IDSVia64.sys [x]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
    R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
    R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [x]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
    R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
    R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
    R3 CH341SER_A64;CH341SER_A64;c:\windows\system32\Drivers\CH341S64.SYS;c:\windows\SYSNATIVE\Drivers\CH341S64.SYS [x]
    R3 hhdspmc64;HHD Software Serial Port Monitoring Control Filter Driver;c:\windows\system32\DRIVERS\hhdspmc64.sys;c:\windows\SYSNATIVE\DRIVERS\hhdspmc64.sys [x]
    R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
    R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
    R3 ScannerStatusMonitorService;ScannerStatusMonitorService;c:\program files (x86)\BrownyScn\ScannerStatusMonitorService.exe;c:\program files (x86)\BrownyScn\ScannerStatusMonitorService.exe [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
    R4 Agent;Agent;c:\windows\agent.exe;c:\windows\agent.exe [x]
    R4 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
    R4 CSHelper;CopySafe Helper Service;c:\program files\Common Files\ArtistScope\CSHelper64.exe;c:\program files\Common Files\ArtistScope\CSHelper64.exe [x]
    R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
    R4 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [x]
    R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
    R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R4 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
    R4 Updater By SweetPacks;Updater By SweetPacks;c:\program files\Updater By SweetPacks\ExtensionUpdaterService.exe;c:\program files\Updater By SweetPacks\ExtensionUpdaterService.exe [x]
    R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
    R4 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
    R4 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [x]
    R4 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    R4 WysePocketCloud;Wyse PocketCloud;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [x]
    R4 WyseRemoteAccess;Wyse Remote Access;c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe;c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [x]
    S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSEH.Sys [x]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
    S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
    S1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys;c:\windows\SYSNATIVE\Drivers\CSN5PDTS82x64.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S1 EterlogicVirtualSerialDriver;EterlogicVirtualSerialDriver;c:\windows\system32\drivers\VSPE.sys;c:\windows\SYSNATIVE\drivers\VSPE.sys [x]
    S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
    S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys;c:\windows\SYSNATIVE\Drivers\pssdk42.sys [x]
    S1 PSSDKLBF;PSSDKLBF;c:\windows\system32\Drivers\pssdklbf.sys;c:\windows\SYSNATIVE\Drivers\pssdklbf.sys [x]
    S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
    S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [x]
    S2 AVTHelper;AVTHelper;c:\program files\Avatron\Air Display\AVTHelper.exe;c:\program files\Avatron\Air Display\AVTHelper.exe [x]
    S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
    S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
    S3 AirDisplay;Air Display Support;c:\windows\system32\DRIVERS\AVVideoCard.sys;c:\windows\SYSNATIVE\DRIVERS\AVVideoCard.sys [x]
    S3 AirDisplayMirror;Air Display Mirror Support;c:\windows\system32\DRIVERS\AVVideoCardMirror.sys;c:\windows\SYSNATIVE\DRIVERS\AVVideoCardMirror.sys [x]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSDriver.Sys [x]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSFilter.Sys [x]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
    S3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\DRIVERS\cbfs3.sys;c:\windows\SYSNATIVE\DRIVERS\cbfs3.sys [x]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
    S3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7;c:\windows\system32\DRIVERS\ts_athwx.sys;c:\windows\SYSNATIVE\DRIVERS\ts_athwx.sys [x]
    S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-02 06:43]
    .
    2013-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-514776539-1456282578-3287137058-1000Core.job
    - c:\users\G-Man\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-02 14:52]
    .
    2013-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-514776539-1456282578-3287137058-1000UA.job
    - c:\users\G-Man\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-02 14:52]
    .
    2013-05-30 c:\windows\Tasks\HPCeeScheduleForG-Man.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    2013-06-06 c:\windows\Tasks\HPCeeScheduleForweoin.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-08 23:01 164016 ----a-w- c:\users\G-Man\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-08 23:01 164016 ----a-w- c:\users\G-Man\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-08 23:01 164016 ----a-w- c:\users\G-Man\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-08 23:01 164016 ----a-w- c:\users\G-Man\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
    @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
    [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
    2012-04-09 23:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-05 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-05 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-05 418328]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-01 615584]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-01 379552]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-17 1128448]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={E7EE9D66-B307-11E2-96B4-D0DF9A0C39FB}
    mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={E7EE9D66-B307-11E2-96B4-D0DF9A0C39FB}
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118;ftp=127.0.0.1:8118;socks=127.0.0.1:9050
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=CA&userid=ab35b7ff-e51c-41ac-b0cf-88eca99cbbf4&searchtype=ds&q={searchTerms}
    IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
    Trusted Zone: kaptest.com\www
    TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine - error
    FF - prefs.js: browser.startup.homepage - error
    FF - prefs.js: keyword.URL - error
    FF - prefs.js: network.proxy.ftp - 127.0.0.1
    FF - prefs.js: network.proxy.ftp_port - 8118
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 8118
    FF - prefs.js: network.proxy.socks - 127.0.0.1
    FF - prefs.js: network.proxy.socks_port - 9050
    FF - prefs.js: network.proxy.ssl - 127.0.0.1
    FF - prefs.js: network.proxy.ssl_port - 8118
    FF - prefs.js: network.proxy.type - 0
    FF - ExtSQL: !HIDDEN! 2012-05-03 10:35; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - user.js: extentions.y2layers.installId - a2692161-a87d-4093-b3d7-708dd6aa232b
    FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: security.csp.enable - false
    .
    .
    ------- File Associations -------
    .
    .txt=bftxtfile
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{C453BC06-C896-B0C0-A6D3-6A9F9056E08D} - c:\programdata\conotinuetossave\51b00ab37e0f7.dll
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-ISW - (no file)
    AddRemove-2f1ee195 - c:\windows\system32\2f1ee195.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
    AddRemove-StartSearch Toolbar - c:\program files (x86)\StartSearch plugin\uninst.exe
    AddRemove-{C1C6816E-CBB3-A748-85F9-A8B47B68985B} - c:\programdata\conotinuetossave\uninstall.exe
    AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\NIS]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\ezSharedSvcHost.exe
    c:\windows\SysWOW64\vmnat.exe
    c:\windows\SysWOW64\vmnetdhcp.exe
    c:\program files (x86)\YourFileDownloader\YourFileUpdater.exe
    c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2013-06-07 20:20:50 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-06-08 03:20
    .
    Pre-Run: 29,653,053,440 bytes free
    Post-Run: 34,805,485,568 bytes free
    .
    - - End Of File - - 29A46307472732E6EA52462183A79A24
     
  10. Broni

    Broni Malware Annihilator Posts: 47,586   +267

    Good news :)

    [​IMG] You have some Norton leftovers.
    Please run this tool to remove them: http://www.majorgeeks.com/files/details/norton_removal_tool.html

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  11. G-doctor

    G-doctor TS Rookie Topic Starter Posts: 37

    Adwcleaner[S1].txt

    # AdwCleaner v2.302 - Logfile created 06/07/2013 at 21:31:00
    # Updated 06/06/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : G-Man - G-MAN-HP
    # Boot Mode : Normal
    # Running from : C:\Users\G-Man\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : Application Updater
    Stopped & Deleted : WajamUpdater

    ***** [Files / Folders] *****

    Deleted on reboot : C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\extensions\wtxpcom@mybrowserbar.com
    File Deleted : C:\END
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
    File Deleted : C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\searchplugins\Startsear.xml
    File Deleted : C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\searchplugins\SweetIm.xml
    File Deleted : C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\searchplugins\Web Search.xml
    File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
    Folder Deleted : C:\Program Files (x86)\Application Updater
    Folder Deleted : C:\Program Files (x86)\Browsers Protector
    Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Deleted : C:\Program Files (x86)\Common Files\spigot
    Folder Deleted : C:\Program Files (x86)\ConduitEngine
    Folder Deleted : C:\Program Files (x86)\Coupon Companion Plugin
    Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
    Folder Deleted : C:\Program Files (x86)\Software
    Folder Deleted : C:\Program Files (x86)\SweetIM
    Folder Deleted : C:\Program Files (x86)\uTorrentBar
    Folder Deleted : C:\Program Files (x86)\Veoh_Web_Player
    Folder Deleted : C:\Program Files (x86)\Wajam
    Folder Deleted : C:\Program Files (x86)\Yontoo
    Folder Deleted : C:\Program Files (x86)\yourfiledownloader
    Folder Deleted : C:\Program Files\Updater By SweetPacks
    Folder Deleted : C:\ProgramData\AVG Security Toolbar
    Folder Deleted : C:\ProgramData\InstallMate
    Folder Deleted : C:\ProgramData\Premium
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\G-Man\AppData\Local\Conduit
    Folder Deleted : C:\Users\G-Man\AppData\Local\getsavin
    Folder Deleted : C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Folder Deleted : C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Folder Deleted : C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
    Folder Deleted : C:\Users\G-Man\AppData\Local\Wajam
    Folder Deleted : C:\Users\G-Man\AppData\LocalLow\boost_interprocess
    Folder Deleted : C:\Users\G-Man\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\G-Man\AppData\LocalLow\ConduitEngine
    Folder Deleted : C:\Users\G-Man\AppData\LocalLow\Search Settings
    Folder Deleted : C:\Users\G-Man\AppData\LocalLow\SweetIM
    Folder Deleted : C:\Users\G-Man\AppData\LocalLow\uTorrentBar
    Folder Deleted : C:\Users\G-Man\AppData\LocalLow\Veoh_Web_Player
    Folder Deleted : C:\Users\G-Man\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
    Folder Deleted : C:\Users\G-Man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
    Folder Deleted : C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
    Folder Deleted : C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\extensions\addon@defaulttab.com
    Folder Deleted : C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\extensions\staged
    Folder Deleted : C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\SweetPacksToolbarData
    Folder Deleted : C:\Users\G-Man\AppData\Roaming\OpenCandy
    Folder Deleted : C:\Users\G-Man\AppData\Roaming\yourfiledownloader
    Folder Deleted : C:\Users\weoin\AppData\LocalLow\ConduitEngine
    Folder Deleted : C:\Users\weoin\AppData\LocalLow\SweetIM
    Folder Deleted : C:\Users\weoin\AppData\LocalLow\uTorrentBar
    Folder Deleted : C:\Users\weoin\AppData\LocalLow\Veoh_Web_Player
    Folder Deleted : C:\Users\weoin\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
    Key Deleted : HKCU\Software\AppDataLow\Software\Veoh_Web_Player
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\YourFileDownloader
    Key Deleted : HKCU\Software\Search Settings
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\StartSearch
    Key Deleted : HKCU\Software\Wajam
    Key Deleted : HKCU\Software\YourFileDownloader
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\Software\Application Updater
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000435.FBApi
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000435.FBApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000435.Sandbox
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000435.Sandbox.1
    Key Deleted : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843
    Key Deleted : HKLM\Software\Classes\Installer\Products\FB6D58DD787439A4995AF3C00FEA8843
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2645238
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
    Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
    Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
    Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\conduitEngine
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5FB25830-8CCD-46C5-B066-9FDD966626AC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\Search Settings
    Key Deleted : HKLM\Software\uTorrentBar
    Key Deleted : HKLM\Software\Veoh_Web_Player
    Key Deleted : HKLM\Software\Wajam
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5FB25830-8CCD-46C5-B066-9FDD966626AC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A97B89CD-B65C-49DD-AF46-2B772C627456}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0FC9433A-5455-4F5C-99B9-CBE3F56CDEE6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70C5FC80-81D7-415E-B27B-229A7801F1B8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85C9A7DB-5664-4CFD-8572-10FF7A037498}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C9853E7D-FA11-4231-847D-51238C63B76A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF4C2485-2959-49C0-8CE4-9EB4066447EC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\startsearch Toolbar
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Veoh_Web_Player Toolbar
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
    Key Deleted : HKLM\Software\YourFileDownloader
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16537

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={E7EE9D66-B307-11E2-96B4-D0DF9A0C39FB} --> hxxp://www.google.com
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=CA&userid=ab35b7ff-e51c-41ac-b0cf-88eca99cbbf4&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=CA&userid=ab35b7ff-e51c-41ac-b0cf-88eca99cbbf4&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=CA&userid=ab35b7ff-e51c-41ac-b0cf-88eca99cbbf4&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=CA&userid=ab35b7ff-e51c-41ac-b0cf-88eca99cbbf4&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={E7EE9D66-B307-11E2-96B4-D0DF9A0C39FB} --> hxxp://www.google.com

    -\\ Mozilla Firefox v3.6.15 (en-US)

    File : C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\prefs.js

    C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\user.js ... Deleted !

    Deleted : user_pref("browser.newtab.url", "hxxp://start.sweetpacks.com/?src=97&barid={E7EE9D66-B307-11E2-96B4-[...]
    Deleted : user_pref("browser.search.defaultengine", "Web Search");
    Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
    Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
    Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "Buzzdock,Buzzdock,");
    Deleted : user_pref("extentions.y2layers.installId", "a2692161-a87d-4093-b3d7-708dd6aa232b");
    Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
    Deleted : user_pref("sweetim.toolbar.SearchBoxLogo", "bing.png");
    Deleted : user_pref("sweetim.toolbar.SearchBoxText", "Search with Bing");
    Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
    Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
    Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");
    Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
    Deleted : user_pref("sweetim.toolbar.cargo", "3.5000006.10045");
    Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
    Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
    Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
    Deleted : user_pref("sweetim.toolbar.defaultProvider", "bng");
    Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
    Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
    Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
    Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
    Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
    Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
    Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
    Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
    Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
    Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
    Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
    Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
    Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
    Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
    Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
    Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
    Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");
    Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
    Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
    Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
    Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");
    Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
    Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
    Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
    Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
    Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
    Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
    Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
    Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
    Deleted : user_pref("sweetim.toolbar.newtab.created", "true");
    Deleted : user_pref("sweetim.toolbar.newtab.enable", "true");
    Deleted : user_pref("sweetim.toolbar.newtab.url", "hxxp://start.sweetpacks.com/?src=97&barid=$toolbar_id;&crg=[...]
    Deleted : user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:blank");
    Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "error");
    Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "error");
    Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "error");
    Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "error");
    Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]
    Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
    Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
    Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
    Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
    Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
    Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "true");
    Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
    Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
    Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
    Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
    Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
    Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
    Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
    Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
    Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
    Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
    Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
    Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");
    Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
    Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
    Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
    Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");
    Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
    Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
    Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
    Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
    Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
    Deleted : user_pref("sweetim.toolbar.simapp_id", "{E7EE9D66-B307-11E2-96B4-D0DF9A0C39FB}");
    Deleted : user_pref("sweetim.toolbar.urls.afteruninstall", "hxxp://toolbar.sweetpacks.com/uninstallbar.asp?bar[...]
    Deleted : user_pref("sweetim.toolbar.urls.contactus", "hxxp://www.perion.com/contact-us");
    Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]
    Deleted : user_pref("sweetim.toolbar.urls.privacy", "hxxp://www.perion.com/privacy-policy");
    Deleted : user_pref("sweetim.toolbar.urls.searchpage", "hxxp://start.sweetpacks.com/?barid=$toolbar_id;");
    Deleted : user_pref("sweetim.toolbar.urls.uninstall", "hxxp://toolbar.sweetpacks.com/uninstall");
    Deleted : user_pref("sweetim.toolbar.version", "1.13.0.1");
    Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks")[...]

    File : C:\Users\weoin\AppData\Roaming\Mozilla\Firefox\Profiles\64yjsicz.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v27.0.1453.110

    File : C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    -\\ Opera v12.15.1748.0

    File : C:\Users\G-Man\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] File is clean.

    File : C:\Users\weoin\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [35329 octets] - [07/06/2013 21:31:00]

    ########## EOF - C:\AdwCleaner[S1].txt - [35390 octets] ##########

    JRT.txt

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.4 (05.06.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by G-Man on Fri 06/07/2013 at 21:36:23.56
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services

    Successfully stopped: [Service] updater by sweetpacks
    Successfully deleted: [Service] updater by sweetpacks



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{22222222-2222-2222-2222-220022042235}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{33333333-3333-3333-3333-330033043335}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\wow6432node\clsid\{22222222-2222-2222-2222-220022042235}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\wow6432node\clsid\{33333333-3333-3333-3333-330033043335}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6C3E0D76-5B2A-4B60-97C9-689F07D839CE}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E4CA3E78-EF2A-4D75-8457-2B4C4B78A115}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6C3E0D76-5B2A-4B60-97C9-689F07D839CE}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E4CA3E78-EF2A-4D75-8457-2B4C4B78A115}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
    Successfully deleted: [Folder] "C:\Users\G-Man\AppData\Roaming\software informer"
    Successfully deleted: [Folder] "C:\Users\G-Man\appdata\local\premiumplay codec-c"
    Successfully deleted: [Folder] "C:\Program Files (x86)\premiumplay codec-c"
    Successfully deleted: [Folder] "C:\Program Files (x86)\ytd toolbar"
    Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
    Successfully deleted: [Empty Folder] C:\Users\G-Man\appdata\local\{0B809B12-9038-46E3-A08F-5923E09D607B}
    Successfully deleted: [Empty Folder] C:\Users\G-Man\appdata\local\{5991F4ED-655B-4E9A-8BAD-14D61294A8B0}
    Successfully deleted: [Empty Folder] C:\Users\G-Man\appdata\local\{5D9516D5-8C3A-4762-BA7B-0083A056ED35}
    Successfully deleted: [Empty Folder] C:\Users\G-Man\appdata\local\{7FB23736-5CCC-43A7-8BC9-3FADF0090DC9}
    Successfully deleted: [Empty Folder] C:\Users\G-Man\appdata\local\{9C7758D0-5ACC-47D6-8EEC-D43692F79C99}
    Successfully deleted: [Empty Folder] C:\Users\G-Man\appdata\local\{A67DF0FE-B76D-4789-A52A-E75407365354}
    Successfully deleted: [Empty Folder] C:\Users\G-Man\appdata\local\{ED36F0E6-CF0B-45B8-B8F8-887B4715C9BB}



    ~~~ FireFox

    Successfully deleted: [Folder] C:\Users\G-Man\AppData\Roaming\mozilla\firefox\profiles\gjn7ymqu.default\extensions\getsavin@jetpack
    Failed to delete: [Folder] C:\Users\G-Man\AppData\Roaming\mozilla\firefox\profiles\gjn7ymqu.default\extensions\wtxpcom@mybrowserbar.com
    Failed to delete: [Folder] C:\Users\G-Man\AppData\Roaming\mozilla\firefox\profiles\gjn7ymqu.default\extensions\ytd@mybrowserbar.com
    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
    Successfully deleted the following from C:\Users\G-Man\AppData\Roaming\mozilla\firefox\profiles\gjn7ymqu.default\prefs.js

    user_pref("extensions.crossrider.bic", "137ae571da9798ea6ce85769224f9c07");
    user_pref("extensions.defaulttab.active.affiliate", 2401);
    user_pref("extensions.defaulttab.active.overridechromesearch", false);
    user_pref("extensions.defaulttab.active.overridekeywordsearch", false);
    user_pref("extensions.defaulttab.browserID", "ffffa41fcb4d84bf121dcf754ced3484");
    user_pref("extensions.defaulttab.firstrun", false);
    user_pref("extensions.defaulttab.installedVersion", "1.4.4");



    ~~~ Chrome

    Dumping contents of C:\Users\G-Man\appdata\local\Google\Chrome\User Data\Default\Default
    C:\Users\G-Man\appdata\local\Google\Chrome\User Data\Default\Default\aandjjnanknkgpdnilkdobijomlmhbbk
    C:\Users\G-Man\appdata\local\Google\Chrome\User Data\Default\Default\aandjjnanknkgpdnilkdobijomlmhbbk\background.html
    C:\Users\G-Man\appdata\local\Google\Chrome\User Data\Default\Default\aandjjnanknkgpdnilkdobijomlmhbbk\ContentScript.js
    C:\Users\G-Man\appdata\local\Google\Chrome\User Data\Default\Default\aandjjnanknkgpdnilkdobijomlmhbbk\manifest.json

    Successfully deleted: [Folder] C:\Users\G-Man\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bildoibdboopgomcbiplincneeicgipj



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 06/07/2013 at 21:44:32.18
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
  12. G-doctor

    G-doctor TS Rookie Topic Starter Posts: 37

    OTL.txt



    OTL logfile created on: 6/7/2013 9:45:39 PM - Run 1

    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\G-Man\Downloads

    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

    Internet Explorer (Version = 9.10.9200.16540)

    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



    5.95 Gb Total Physical Memory | 3.97 Gb Available Physical Memory | 66.75% Memory free

    11.90 Gb Paging File | 9.79 Gb Available in Paging File | 82.33% Paging File free

    Paging file location(s): ?:\pagefile.sys [binary data]



    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

    Drive C: | 556.30 Gb Total Space | 32.73 Gb Free Space | 5.88% Space Free | Partition Type: NTFS

    Drive D: | 22.87 Gb Total Space | 2.42 Gb Free Space | 10.60% Space Free | Partition Type: NTFS

    Drive E: | 6.69 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF



    Computer Name: G-MAN-HP | User Name: G-Man | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days



    ========== Processes (SafeList) ==========



    PRC - [2013/06/07 21:13:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\G-Man\Downloads\OTL.exe

    PRC - [2012/12/06 12:14:42 | 000,056,416 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

    PRC - [2012/11/01 00:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe

    PRC - [2012/11/01 00:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe

    PRC - [2012/09/23 20:43:48 | 003,477,640 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe

    PRC - [2012/09/13 16:26:58 | 001,642,496 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\BrownyScn\Brother\BrStMonScn.exe

    PRC - [2012/09/11 15:59:20 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\BrownyScn\ScannerStatusMonitorService.exe

    PRC - [2012/09/11 12:06:06 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

    PRC - [2012/09/11 12:00:50 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

    PRC - [2012/08/01 01:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe

    PRC - [2011/04/27 17:01:14 | 001,102,904 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

    PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

    PRC - [2011/03/22 11:42:40 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

    PRC - [2011/03/11 11:28:38 | 001,502,776 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

    PRC - [2011/03/01 15:44:50 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

    PRC - [2011/02/10 04:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

    PRC - [2011/02/08 02:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

    PRC - [2011/01/27 12:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

    PRC - [2011/01/12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

    PRC - [2011/01/12 19:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

    PRC - [2010/12/22 13:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

    PRC - [2010/12/22 13:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

    PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

    PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

    PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

    PRC - [2010/05/10 09:04:16 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe

    PRC - [2010/04/23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe

    PRC - [2010/04/23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe

    PRC - [2010/04/23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe





    ========== Modules (No Company Name) ==========



    MOD - [2013/02/13 05:41:01 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll

    MOD - [2013/01/10 05:48:27 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll

    MOD - [2013/01/10 05:48:27 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll

    MOD - [2013/01/10 05:45:33 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll

    MOD - [2013/01/10 05:44:49 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll

    MOD - [2013/01/10 05:44:32 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll

    MOD - [2013/01/10 05:44:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll

    MOD - [2013/01/10 05:44:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll

    MOD - [2013/01/10 05:44:19 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll

    MOD - [2013/01/10 05:44:13 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll

    MOD - [2011/11/01 12:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

    MOD - [2011/11/01 12:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

    MOD - [2011/02/10 04:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

    MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll





    ========== Services (SafeList) ==========



    SRV:64bit: - [2013/06/05 23:05:36 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

    SRV:64bit: - [2012/11/22 07:35:22 | 000,828,072 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)

    SRV:64bit: - [2012/06/02 12:14:52 | 000,479,736 | ---- | M] (ArtistScope Pty Ltd) [Disabled | Stopped] -- C:\Program Files\Common Files\ArtistScope\CSHelper64.exe -- (CSHelper)

    SRV:64bit: - [2012/05/03 09:33:54 | 000,207,872 | ---- | M] (Avatron Software) [Auto | Running] -- C:\Program Files\Avatron\Air Display\AVTHelper.exe -- (AVTHelper)

    SRV:64bit: - [2011/03/17 04:14:56 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

    SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)

    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

    SRV:64bit: - [2010/08/12 16:24:30 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)

    SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)

    SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

    SRV - [2013/05/13 04:56:02 | 002,245,232 | ---- | M] (Giraffic) [Disabled | Stopped] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)

    SRV - [2013/04/23 00:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)

    SRV - [2013/03/27 14:02:42 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)

    SRV - [2013/03/19 17:31:52 | 000,148,328 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)

    SRV - [2013/03/19 17:31:48 | 000,376,168 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)

    SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

    SRV - [2013/01/30 20:25:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

    SRV - [2012/12/12 23:43:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

    SRV - [2012/11/29 11:56:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)

    SRV - [2012/11/05 15:02:52 | 001,436,160 | ---- | M] (Wyse Technology.) [Disabled | Stopped] -- C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe -- (WyseRemoteAccess)

    SRV - [2012/11/05 15:01:14 | 000,191,488 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe -- (WysePocketCloud)

    SRV - [2012/11/01 00:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)

    SRV - [2012/11/01 00:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)

    SRV - [2012/10/31 23:57:50 | 013,234,176 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)

    SRV - [2012/10/31 22:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)

    SRV - [2012/10/11 15:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)

    SRV - [2012/09/23 20:43:36 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

    SRV - [2012/09/11 15:59:20 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\BrownyScn\ScannerStatusMonitorService.exe -- (ScannerStatusMonitorService)

    SRV - [2012/08/02 18:20:24 | 000,078,072 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)

    SRV - [2012/08/02 18:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe -- (HssSrv)

    SRV - [2012/06/02 12:17:26 | 000,129,976 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

    SRV - [2012/01/31 12:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

    SRV - [2011/09/08 06:06:14 | 000,155,648 | ---- | M] () [Disabled | Stopped] -- C:\Windows\agent.exe -- (Agent)

    SRV - [2011/08/29 19:44:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)

    SRV - [2011/04/27 17:01:14 | 001,102,904 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)

    SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

    SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

    SRV - [2011/03/01 15:44:50 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)

    SRV - [2011/03/01 15:43:52 | 000,076,448 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)

    SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

    SRV - [2011/02/08 02:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)

    SRV - [2011/01/12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

    SRV - [2010/12/22 13:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)

    SRV - [2010/12/22 13:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)

    SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

    SRV - [2010/10/22 10:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

    SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

    SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)

    SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)

    SRV - [2010/03/18 10:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)





    ========== Driver Services (SafeList) ==========



    DRV:64bit: - [2013/05/28 19:20:53 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)

    DRV:64bit: - [2013/03/19 17:32:04 | 000,088,448 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)

    DRV:64bit: - [2013/01/30 20:27:20 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

    DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

    DRV:64bit: - [2012/12/13 09:49:42 | 000,450,136 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)

    DRV:64bit: - [2012/11/29 11:56:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

    DRV:64bit: - [2012/11/29 11:56:30 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)

    DRV:64bit: - [2012/11/22 07:35:36 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)

    DRV:64bit: - [2012/11/14 18:38:20 | 000,040,712 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)

    DRV:64bit: - [2012/11/11 17:47:46 | 000,312,160 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

    DRV:64bit: - [2012/11/01 00:34:54 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)

    DRV:64bit: - [2012/11/01 00:34:32 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)

    DRV:64bit: - [2012/11/01 00:34:10 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)

    DRV:64bit: - [2012/11/01 00:34:08 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)

    DRV:64bit: - [2012/10/24 12:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)

    DRV:64bit: - [2012/10/24 12:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)

    DRV:64bit: - [2012/10/11 15:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)

    DRV:64bit: - [2012/10/11 15:15:06 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)

    DRV:64bit: - [2012/08/21 10:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

    DRV:64bit: - [2012/08/01 11:13:42 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)

    DRV:64bit: - [2012/08/01 11:13:40 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)

    DRV:64bit: - [2012/07/31 04:56:58 | 000,095,344 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)

    DRV:64bit: - [2012/06/21 18:59:36 | 000,021,872 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)

    DRV:64bit: - [2012/06/13 00:50:10 | 000,084,992 | ---- | M] (Vyacheslav Frolov) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\com0com.sys -- (com0com)

    DRV:64bit: - [2012/06/02 12:14:52 | 000,048,632 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Common Files\ArtistScope\CSDriver64.sys -- (CSDriver)

    DRV:64bit: - [2012/05/03 09:33:28 | 000,015,768 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVVideoCardMirror.sys -- (AirDisplayMirror)

    DRV:64bit: - [2012/05/03 09:33:28 | 000,015,768 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVVideoCard.sys -- (AirDisplay)

    DRV:64bit: - [2012/04/09 16:27:34 | 000,352,144 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3)

    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

    DRV:64bit: - [2012/01/17 22:20:18 | 000,065,600 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pssdklbf.sys -- (PSSDKLBF)

    DRV:64bit: - [2012/01/17 22:20:18 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pssdk42.sys -- (PSSDK42)

    DRV:64bit: - [2011/12/15 10:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)

    DRV:64bit: - [2011/11/12 09:00:25 | 000,040,928 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VSPE.sys -- (EterlogicVirtualSerialDriver)

    DRV:64bit: - [2011/11/04 21:00:00 | 000,058,368 | ---- | M] (www.winchiphead.com) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CH341S64.SYS -- (CH341SER_A64)

    DRV:64bit: - [2011/09/05 07:56:38 | 002,156,872 | ---- | M] (TamoSoft) [CommView] Atheros AR5008 Wireless Network Adapter Service 7.7 [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ts_athwx.sys -- (TS_AR5416)

    DRV:64bit: - [2011/05/27 16:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

    DRV:64bit: - [2011/04/21 20:17:10 | 002,727,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

    DRV:64bit: - [2011/04/04 21:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

    DRV:64bit: - [2011/03/23 11:20:58 | 000,077,936 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

    DRV:64bit: - [2011/03/17 04:14:56 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

    DRV:64bit: - [2011/03/16 13:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

    DRV:64bit: - [2011/03/01 15:44:08 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)

    DRV:64bit: - [2011/03/01 15:44:06 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)

    DRV:64bit: - [2011/03/01 15:44:06 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)

    DRV:64bit: - [2011/03/01 15:44:06 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)

    DRV:64bit: - [2011/03/01 15:44:06 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)

    DRV:64bit: - [2011/03/01 15:44:06 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)

    DRV:64bit: - [2011/03/01 15:44:06 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)

    DRV:64bit: - [2011/03/01 11:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

    DRV:64bit: - [2011/02/22 05:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)

    DRV:64bit: - [2011/02/10 04:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

    DRV:64bit: - [2011/01/31 17:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)

    DRV:64bit: - [2011/01/27 09:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

    DRV:64bit: - [2011/01/13 20:46:18 | 001,412,144 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

    DRV:64bit: - [2011/01/12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

    DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

    DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

    DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

    DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

    DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

    DRV:64bit: - [2010/10/15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

    DRV:64bit: - [2010/10/13 04:10:22 | 000,039,472 | ---- | M] (HHD Software Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hhdspmc64.sys -- (hhdspmc64)

    DRV:64bit: - [2010/08/12 16:24:30 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)

    DRV:64bit: - [2010/08/12 16:24:30 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)

    DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

    DRV:64bit: - [2010/06/25 10:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)

    DRV:64bit: - [2010/05/20 12:13:28 | 000,034,840 | ---- | M] (Colasoft Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSN5PDTS82x64.sys -- (CSN5PDTS82x64)

    DRV:64bit: - [2010/05/05 13:38:26 | 000,014,592 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)

    DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

    DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

    DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

    DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

    DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

    DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

    DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

    DRV:64bit: - [2008/05/06 05:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

    DRV - [2012/11/29 11:56:52 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)

    DRV - [2011/12/09 16:07:15 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\giveio.sys -- (giveio)

    DRV - [2010/01/29 08:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)

    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

    DRV - [2004/03/23 19:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\nsndis5.sys -- (NSNDIS5)

    DRV - [2003/04/04 12:07:20 | 000,030,336 | ---- | M] (Politecnico di Torino) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf.sys -- (NPF)





    ========== Standard Registry (SafeList) ==========





    ========== Internet Explorer ==========



    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

    IE:64bit: - HKLM\..\SearchScopes\{6C3E0D76-5B2A-4B60-97C9-689F07D839CE}: "URL" = http://www.amazon.ca/s/ref=azs_osd_...ode=qs&index=aps&field-keywords={searchTerms}

    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

    IE - HKLM\..\SearchScopes,DefaultScope =

    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox





    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =



    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =



    IE - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

    IE - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com

    IE - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

    IE - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

    IE - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\..\SearchScopes\{996754E5-D47D-4F52-9D54-84DFFFAE3FE1}: "URL" = http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}

    IE - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\..\SearchScopes\{D5F3D94D-79C3-4D64-A5C1-B9BB4ADE90F9}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}

    IE - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

    IE - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118;ftp=127.0.0.1:8118;socks=127.0.0.1:9050
     
  13. G-doctor

    G-doctor TS Rookie Topic Starter Posts: 37

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "error"
    FF - prefs.js..browser.search.defaulturl: ""
    FF - prefs.js..browser.search.order.1: "error"
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
    FF - prefs.js..browser.search.selectedEngine: "error"
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.startup.homepage: "error"
    FF - prefs.js..extensions.enabledAddons: helperbar@helperbar.com:1.0
    FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
    FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
    FF - prefs.js..extensions.enabledItems: 5
    FF - prefs.js..extensions.enabledItems: 3
    FF - prefs.js..extensions.enabledItems: 1
    FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.8
    FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.17
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1423
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
    FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
    FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.9.0.12585
    FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:6.6
    FF - prefs.js..extensions.enabledItems: ytd@mybrowserbar.com:7.0
    FF - prefs.js..extensions.enabledItems: {4062fe39-31cf-474a-fe32-012dbaf91dc8}:4.6.8.5
    FF - prefs.js..extensions.enabledItems: addon@defaulttab.com:1.4.4
    FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.13.0.1
    FF - prefs.js..extensions.enabledItems: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}:2.0.0.566
    FF - prefs.js..extensions.enabledItems: avg@toolbar:15.0.1.2
    FF - prefs.js..keyword.URL: "error"
    FF - prefs.js..network.proxy.ftp: "127.0.0.1"
    FF - prefs.js..network.proxy.ftp_port: 8118
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 8118
    FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"
    FF - prefs.js..network.proxy.socks: "127.0.0.1"
    FF - prefs.js..network.proxy.socks_port: 9050
    FF - prefs.js..network.proxy.ssl: "127.0.0.1"
    FF - prefs.js..network.proxy.ssl_port: 8118
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
    FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope Plugin: C:\Program Files (x86)\Common Files\ArtistScope\npArtistScope.dll (ArtistScope Pty Ltd)
    FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
    FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope Plugin: C:\Program Files (x86)\Common Files\ArtistScope\npArtistScope.dll (ArtistScope Pty Ltd)
    FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\G-Man\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\G-Man\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\G-Man\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\G-Man\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\G-Man\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2013/05/25 00:13:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013/05/25 00:13:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2013/04/09 09:49:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/14 07:07:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/03 10:35:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013/05/17 16:07:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\uiqw4-2cfk@dxcqiw-ixnbnqyn.net: C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\extensions\uiqw4-2cfk@dxcqiw-ixnbnqyn.net [2013/06/05 20:19:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/14 20:58:21 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/07 21:31:12 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/03 10:35:43 | 000,000,000 | ---D | M]

    [2012/06/03 08:19:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\G-Man\AppData\Roaming\Mozilla\Extensions
    [2013/06/07 21:43:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\extensions
    [2012/01/15 22:56:43 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
    [2012/05/27 08:38:14 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\extensions\firefox@tvunetworks.com
    [2013/06/05 20:19:49 | 000,000,000 | ---D | M] (conotinuetossave) -- C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\extensions\uiqw4-2cfk@dxcqiw-ixnbnqyn.net
    [2013/06/07 21:31:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/09/28 06:11:07 | 000,000,000 | ---D | M] (z) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{4062fe39-31cf-474a-fe32-012dbaf91dc8}
    [2013/05/24 22:57:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/05/01 03:21:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2013/05/24 22:57:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/04/09 09:49:30 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
    File not found (No name found) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
    [2012/02/14 07:07:58 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
    [2012/05/03 10:35:43 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
    File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\AFURLADVISOR@ANCHORFREE.COM
    [2012/09/12 06:05:40 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\PROGRAM FILES (X86)\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER
    File not found (No name found) -- C:\PROGRAM FILES (X86)\YTD TOOLBAR\FF
    File not found (No name found) -- C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
    [2013/05/03 18:04:36 | 000,000,000 | ---D | M] (AVG SafeGuard toolbar) -- C:\PROGRAMDATA\AVG SAFEGUARD TOOLBAR\FIREFOXEXT\15.0.1.2
    File not found (No name found) -- C:\USERS\G-MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GJN7YMQU.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}
    File not found (No name found) -- C:\USERS\G-MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GJN7YMQU.DEFAULT\EXTENSIONS\ADDON@DEFAULTTAB.COM
    [2009/01/15 10:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScope42.dll
    [2011/07/27 23:00:19 | 000,532,480 | ---- | M] (ArtistScope Pty Ltd) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScope5.dll
    [2009/02/01 22:06:56 | 000,211,456 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScopeDRM11.dll
    [2013/05/28 19:21:25 | 000,003,723 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = https://www.google.com/#output=search&sclient=psy-ab&q={searchTerms}
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://google.com/
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\G-Man\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\G-Man\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\G-Man\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
    CHR - plugin: HP Product Detection Plugin for Mozilla (Disabled) = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npProductDetectPlugin.dll
    CHR - plugin: HP Active Check Plugin (Disabled) = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npAclmPlugin.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: ArtistScope plugin 42 (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll
    CHR - plugin: ArtistScope Plugin 5 (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope5.dll
    CHR - plugin: ArtistScope DRM plugin 1 (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: StartSearch Video plug-in (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
    CHR - plugin: Orbit Downloader (Disabled) = C:\Users\G-Man\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll
    CHR - plugin: Google Talk Plugin (Disabled) = C:\Users\G-Man\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Disabled) = C:\Users\G-Man\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Google Talk Plugin Video Renderer (Disabled) = C:\Users\G-Man\AppData\Roaming\Mozilla\plugins\npo1d.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: ArtistScope Plugin (Disabled) = C:\Program Files (x86)\Common Files\ArtistScope\npArtistScope.dll
    CHR - plugin: DivX VOD Helper Plug-in (Disabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: npFFApi (Disabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
    CHR - plugin: Google Update (Disabled) = C:\Users\G-Man\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
    CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: TVU Web Player for FireFox (Disabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
    CHR - Extension: HP Product Detection Plugin = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.26.1_0\
    CHR - Extension: YouTube = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Adobe Acrobat - Create PDF = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0\
    CHR - Extension: AdBlock = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
    CHR - Extension: Skype Click to Call = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
    CHR - Extension: HP Product Detection Plugin = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
    CHR - Extension: HP Product Detection Plugin = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.26.1_0\
    CHR - Extension: YouTube = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Adobe Acrobat - Create PDF = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0\
    CHR - Extension: AdBlock = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
    CHR - Extension: Skype Click to Call = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
    CHR - Extension: HP Product Detection Plugin = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2013/06/07 20:10:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
    O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
    O2 - BHO: (GetSavin 5.0) - {2FF7C269-7AE2-49C7-86C2-B2F5E26F96C1} - C:\Users\G-Man\AppData\Local\getsavin\ie\getsavin_1367485142.dll File not found
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (conotinuetossave) - {C453BC06-C896-B0C0-A6D3-6A9F9056E08D} - C:\ProgramData\conotinuetossave\51b00ab37e0f7.dll File not found
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
    O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [ISW] File not found
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BrScnStsMon00] C:\Program Files (x86)\BrownyScn\Brother\BrStMonScn.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
    O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
    O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
    O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
    O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\..Trusted Domains: kaptest.com ([www] http in Trusted sites)
    O15 - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\..Trusted Domains: kaptest.com ([www] https in Trusted sites)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.0)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.0)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.21.2)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.21.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{885E906B-000A-4675-88FD-B592424B15F1}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA411C95-7845-4644-8623-EEC9B9622A9F}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
    O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
    O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
  14. G-doctor

    G-doctor TS Rookie Topic Starter Posts: 37

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/06/07 21:36:18 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/06/07 21:36:01 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/06/07 21:13:55 | 000,000,000 | ---D | C] -- C:\HP_TOOLS_mountHPSF
    [2013/06/07 20:11:08 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2013/06/07 19:48:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/06/07 19:48:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/06/07 19:48:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/06/07 19:47:55 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/06/07 19:47:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/06/07 19:43:58 | 005,078,746 | R--- | C] (Swearware) -- C:\Users\G-Man\Desktop\ComboFix.exe
    [2013/06/07 18:06:59 | 000,000,000 | ---D | C] -- C:\FRST
    [2013/06/07 17:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2013/06/07 17:23:10 | 000,000,000 | ---D | C] -- C:\Users\G-Man\Desktop\RK_Quarantine
    [2013/06/07 16:32:31 | 000,000,000 | ---D | C] -- C:\Adolescent Medecine + Allergy &
    [2013/06/07 15:50:47 | 000,000,000 | ---D | C] -- C:\General Pediatrics + Infectious
    [2013/06/06 21:57:40 | 000,180,736 | ---- | C] (fccHandler) -- C:\Windows\SysNative\AC3ACM.acm
    [2013/06/06 21:57:40 | 000,122,880 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\AC3ACM.acm
    [2013/06/06 21:24:29 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitrate Viewer
    [2013/06/06 21:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitrateViewer
    [2013/06/06 19:56:44 | 000,000,000 | ---D | C] -- C:\Infectious Disease 1of2
    [2013/06/06 19:55:45 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVD Decrypter
    [2013/06/06 19:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Decrypter
    [2013/06/06 19:55:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Decrypter
    [2013/06/06 12:15:21 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\Malwarebytes
    [2013/06/06 12:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/06/06 12:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/06/06 12:15:07 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/06/06 12:15:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/06/06 11:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    [2013/06/05 23:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AoA DVD Ripper
    [2013/06/05 23:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AoA DVD Ripper
    [2013/06/05 20:34:02 | 000,000,000 | ---D | C] -- C:\AcalaSoft
    [2013/06/05 20:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcalaSoft
    [2013/06/05 20:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
    [2013/06/05 20:13:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AcalaSoft
    [2013/06/05 19:50:43 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
    [2013/06/05 19:50:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Handbrake
    [2013/06/05 17:53:44 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\ControlCenter4
    [2013/06/05 16:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
    [2013/06/05 16:28:28 | 000,000,000 | ---D | C] -- C:\Brother
    [2013/06/05 16:28:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrownyScn
    [2013/06/05 16:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ControlCenter4
    [2013/06/05 16:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ControlCenter4
    [2013/06/05 16:27:00 | 001,441,792 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWi211d.dll
    [2013/06/05 16:27:00 | 000,279,040 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrJDec.dll
    [2013/06/05 16:27:00 | 000,095,344 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\BrSerIb.sys
    [2013/06/05 16:27:00 | 000,050,688 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrUsi11d.dll
    [2013/06/05 16:27:00 | 000,021,872 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\BrUsbSib.sys
    [2013/06/05 16:27:00 | 000,020,592 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\brciser.dll
    [2013/06/05 16:27:00 | 000,012,800 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\BrCiImg.dll
    [2013/06/05 16:26:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
    [2013/06/05 16:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
    [2013/06/05 16:25:28 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\InstallShield
    [2013/06/05 13:43:59 | 000,000,000 | ---D | C] -- C:\Users\G-Man\Documents\Medstudy Pediatrics
    [2013/06/05 13:42:08 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\HandBrake
    [2013/06/05 13:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
    [2013/06/02 19:37:54 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Local\Opera
    [2013/06/02 19:37:53 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\Opera
    [2013/06/02 19:37:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
    [2013/05/31 18:43:22 | 000,000,000 | ---D | C] -- C:\Users\G-Man\Documents\Snagit
    [2013/05/31 18:42:54 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Local\assembly
    [2013/05/31 11:26:56 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\Inbit
    [2013/05/31 11:26:47 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FullShot 9
    [2013/05/31 11:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FullShot 9
    [2013/05/31 11:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Inbit
    [2013/05/31 11:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Inbit
    [2013/05/24 00:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multi-Page TIFF Editor v.2.7
    [2013/05/24 00:19:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\TIFF_stamps
    [2013/05/24 00:19:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multi-Page TIFF Editor v.2.4
    [2013/05/24 00:19:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\TIFF_files
    [2013/05/24 00:19:09 | 000,000,000 | ---D | C] -- C:\Users\G-Man\Documents\TIFF_Editor_Output
    [2013/05/24 00:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MultiPageEditor
    [2013/05/23 22:40:33 | 000,000,000 | ---D | C] -- C:\Users\G-Man\Documents\Flip PDF
    [2013/05/23 22:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\A-PDF
    [2013/05/23 22:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flip PDF
    [2013/05/23 22:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\flipBook
    [2013/05/23 22:39:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flip PDF
    [2013/05/23 21:35:31 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\Nitro
    [2013/05/23 21:35:31 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\FileOpen
    [2013/05/23 21:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
    [2013/05/23 21:29:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro
    [2013/05/23 21:26:17 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\Downloaded Installations
    [2013/05/23 20:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.8.5 Q16 (64-bit)
    [2013/05/23 20:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\ImageMagick-6.8.5-Q16
    [2013/05/23 19:14:08 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\Foxit Software
    [2013/05/19 23:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AdvancedTiffEditor
    [2013/05/19 23:00:57 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\AdvancedTiffEditor
    [2013/05/19 22:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GraphicRegion TIF Printer
    [2013/05/19 22:50:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GraphicRegion TIF Printer
    [2013/05/19 22:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript
    [2013/05/19 22:50:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gs
    [2013/05/19 22:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced TIFF Editor
    [2013/05/19 22:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced TIFF Editor
    [2013/05/17 15:43:24 | 000,000,000 | ---D | C] -- C:\Adobe Acrobat XI
    [2013/05/14 22:39:21 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Local\LogMeIn
    [2013/05/14 22:38:59 | 000,035,688 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
    [2013/05/14 22:38:58 | 000,088,448 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
    [2013/05/14 22:38:57 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys
    [2013/05/14 22:38:51 | 000,084,328 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
    [2013/05/14 22:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
    [2013/05/14 22:37:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn
    [2013/05/12 09:42:07 | 000,000,000 | R--D | C] -- C:\Users\G-Man\Dropbox
    [2013/05/12 09:40:52 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    [2013/05/12 09:38:02 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\Dropbox
    [2011/12/15 14:22:36 | 000,081,920 | ---- | C] (WIZnet Corp.) -- C:\Program Files (x86)\Common Files\WIZ1x0SR_105SR_CFG.exe
    [2011/12/15 14:22:35 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\MSVCR80.dll
    [2011/12/15 14:22:35 | 000,081,920 | ---- | C] (WIZnet Corp.) -- C:\Program Files\Common Files\WIZ1x0SR_105SR_CFG.exe
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/06/07 21:40:59 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/06/07 21:40:59 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/06/07 21:33:29 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
    [2013/06/07 21:32:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/06/07 21:32:24 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
    [2013/06/07 21:31:31 | 000,000,176 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
    [2013/06/07 21:16:13 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-514776539-1456282578-3287137058-1000UA.job
    [2013/06/07 21:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/06/07 20:10:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/06/07 19:44:07 | 005,078,746 | R--- | M] (Swearware) -- C:\Users\G-Man\Desktop\ComboFix.exe
    [2013/06/07 19:02:39 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
    [2013/06/07 16:12:35 | 077,474,627 | ---- | M] () -- C:\Users\G-Man\Documents\Medstudy 2013 Video Board Review of Pediatrics.pdf
    [2013/06/07 04:16:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-514776539-1456282578-3287137058-1000Core.job
    [2013/06/07 00:00:20 | 007,276,239 | ---- | M] () -- C:\Users\G-Man\Documents\7.pdf
    [2013/06/06 11:30:36 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForweoin.job
    [2013/06/06 11:25:17 | 000,782,956 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/06/06 11:25:17 | 000,667,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/06/06 11:25:17 | 000,126,732 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/06/05 23:01:14 | 000,000,000 | ---- | M] () -- C:\Windows\AoADVDRipper.INI
    [2013/06/05 17:40:41 | 122,197,846 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2013/06/03 21:35:24 | 001,472,007 | ---- | M] () -- C:\Users\G-Man\Documents\Pediatrics shelf.pdf
    [2013/06/02 23:57:24 | 118,147,072 | ---- | M] () -- C:\Users\G-Man\Documents\Pediatrics5.avi
    [2013/06/02 23:55:15 | 171,366,400 | ---- | M] () -- C:\Users\G-Man\Documents\Pediatrics4.avi
    [2013/06/02 23:48:26 | 159,426,560 | ---- | M] () -- C:\Users\G-Man\Documents\Pediatrics3.avi
    [2013/06/02 23:39:41 | 107,358,208 | ---- | M] () -- C:\Users\G-Man\Documents\Pediatrics2.avi
    [2013/06/02 23:34:19 | 141,242,368 | ---- | M] () -- C:\Users\G-Man\Documents\Pediatrics1.avi
    [2013/06/02 23:32:39 | 123,844,608 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics14.avi
    [2013/06/02 23:30:26 | 088,494,080 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics13.avi
    [2013/06/02 23:28:19 | 144,107,520 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics1.avi
    [2013/06/02 23:26:30 | 178,618,368 | ---- | M] () -- C:\Users\G-Man\Documents\Dermatology2.avi
    [2013/06/02 23:20:34 | 025,811,439 | ---- | M] () -- C:\Users\G-Man\Documents\IMQA2.pdf
    [2013/06/02 21:44:20 | 025,255,986 | ---- | M] () -- C:\Users\G-Man\Documents\IMQA1.pdf
    [2013/06/02 21:26:06 | 015,895,797 | ---- | M] () -- C:\Users\G-Man\Documents\IMA1.pdf
    [2013/06/02 21:24:01 | 010,076,091 | ---- | M] () -- C:\Users\G-Man\Documents\IMQ1.pdf
    [2013/06/02 17:05:50 | 134,424,576 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics12.avi
    [2013/06/02 17:03:44 | 131,995,648 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics11.avi
    [2013/06/02 16:59:16 | 197,730,304 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics10.avi
    [2013/06/02 16:50:11 | 139,982,848 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics9.avi
    [2013/06/02 16:39:34 | 193,695,744 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics8.avi
    [2013/06/02 16:37:37 | 167,692,288 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics7.avi
    [2013/06/02 16:35:16 | 184,424,448 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics6.avi
    [2013/06/02 16:32:04 | 115,236,864 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics5.avi
    [2013/06/02 15:36:16 | 000,009,216 | ---- | M] () -- C:\Users\G-Man\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/06/01 21:22:47 | 110,297,088 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics4.avi
    [2013/06/01 21:21:25 | 213,127,168 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics3.avi
    [2013/06/01 21:19:34 | 197,054,464 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics2.avi
    [2013/06/01 21:17:53 | 197,595,136 | ---- | M] () -- C:\Users\G-Man\Documents\Gynecology9.avi
    [2013/06/01 21:15:43 | 256,935,936 | ---- | M] () -- C:\Users\G-Man\Documents\Gynecology8.avi
    [2013/06/01 21:12:56 | 097,089,536 | ---- | M] () -- C:\Users\G-Man\Documents\Gynecology7.avi
    [2013/06/01 21:11:44 | 099,547,136 | ---- | M] () -- C:\Users\G-Man\Documents\Gynecology6.avi
    [2013/06/01 21:09:53 | 135,491,584 | ---- | M] () -- C:\Users\G-Man\Documents\Dermatology3.avi
    [2013/06/01 21:04:41 | 199,809,024 | ---- | M] () -- C:\Users\G-Man\Documents\Gynecology11.avi
    [2013/06/01 21:02:47 | 115,986,432 | ---- | M] () -- C:\Users\G-Man\Documents\Gynecology10.avi
    [2013/06/01 20:59:27 | 112,611,328 | ---- | M] () -- C:\Users\G-Man\Documents\Gynecology5.avi
    [2013/06/01 20:57:37 | 111,798,272 | ---- | M] () -- C:\Users\G-Man\Documents\Gynecology4.avi
    [2013/06/01 20:55:43 | 231,178,240 | ---- | M] () -- C:\Users\G-Man\Documents\Gynecology3.avi
    [2013/06/01 20:53:37 | 112,418,816 | ---- | M] () -- C:\Users\G-Man\Documents\Gynecology2.avi
    [2013/06/01 20:52:00 | 129,560,576 | ---- | M] () -- C:\Users\G-Man\Documents\Gynecology1.avi
    [2013/06/01 20:50:33 | 136,605,696 | ---- | M] () -- C:\Users\G-Man\Documents\Dermatology6.avi
    [2013/06/01 20:49:04 | 094,531,584 | ---- | M] () -- C:\Users\G-Man\Documents\Dermatology5.avi
    [2013/06/01 20:47:52 | 208,646,144 | ---- | M] () -- C:\Users\G-Man\Documents\Dermatology4.avi
    [2013/06/01 20:35:26 | 145,287,168 | ---- | M] () -- C:\Users\G-Man\Documents\Dermatology1.avi
    [2013/06/01 20:31:50 | 141,981,696 | ---- | M] () -- C:\Users\G-Man\Documents\Musculoskeletal7.avi
    [2013/06/01 20:29:50 | 156,817,408 | ---- | M] () -- C:\Users\G-Man\Documents\Musculoskeletal6.avi
    [2013/06/01 20:27:46 | 176,216,064 | ---- | M] () -- C:\Users\G-Man\Documents\Musculoskeletal5.avi
    [2013/06/01 20:25:48 | 174,204,928 | ---- | M] () -- C:\Users\G-Man\Documents\Musculoskeletal4.avi
    [2013/06/01 20:23:28 | 200,384,512 | ---- | M] () -- C:\Users\G-Man\Documents\Musculoskeletal3.avi
    [2013/06/01 20:20:35 | 149,174,272 | ---- | M] () -- C:\Users\G-Man\Documents\Musculoskeletal2.avi
    [2013/06/01 20:18:01 | 211,662,848 | ---- | M] () -- C:\Users\G-Man\Documents\Musculoskeletal1.avi
    [2013/06/01 20:14:11 | 063,778,816 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC13.avi
    [2013/06/01 20:11:49 | 152,082,432 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC12.avi
    [2013/06/01 20:10:24 | 159,956,992 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC11.avi
    [2013/06/01 20:08:11 | 116,518,912 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC10.avi
    [2013/06/01 20:06:43 | 163,385,344 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC9.avi
    [2013/06/01 20:05:02 | 117,499,904 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC8.avi
    [2013/06/01 20:03:04 | 157,421,568 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC7.avi
    [2013/06/01 19:59:52 | 229,197,824 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC6.avi
    [2013/06/01 19:56:38 | 169,351,168 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC5.avi
    [2013/06/01 19:54:49 | 119,226,368 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC4.avi
    [2013/05/31 18:41:20 | 000,001,156 | ---- | M] () -- C:\Users\G-Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 11.lnk
    [2013/05/31 11:26:46 | 000,172,032 | ---- | M] () -- C:\Windows\FS9Unins.exe
    [2013/05/30 16:44:13 | 000,137,933 | ---- | M] () -- C:\Users\G-Man\Documents\Study_Guide_-_The_Step_2_Survival_Guide.pdf
    [2013/05/30 13:38:57 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForG-Man.job
    [2013/05/28 19:20:53 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2013/05/28 15:10:12 | 174,886,912 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology1.avi
    [2013/05/28 02:03:13 | 092,516,352 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC3.avi
    [2013/05/28 02:00:34 | 130,932,736 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC2.avi
    [2013/05/28 01:58:47 | 151,492,608 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC1.avi
    [2013/05/28 01:55:52 | 064,655,360 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary13.avi
    [2013/05/28 01:53:53 | 129,296,384 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary12.avi
    [2013/05/28 01:52:15 | 134,426,624 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary11.avi
    [2013/05/28 01:45:15 | 148,002,816 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary10.avi
    [2013/05/28 01:43:36 | 104,798,208 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary9.avi
    [2013/05/28 01:41:49 | 194,592,768 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary8.avi
    [2013/05/28 01:36:10 | 180,508,672 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary7.avi
    [2013/05/28 01:31:59 | 088,590,336 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary6.avi
    [2013/05/27 15:29:38 | 234,104,832 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary5.avi
    [2013/05/27 15:27:50 | 074,510,336 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary4.avi
    [2013/05/27 15:26:52 | 104,890,368 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary3.avi
    [2013/05/27 15:25:38 | 162,848,768 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary2.avi
    [2013/05/27 15:23:57 | 126,267,392 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary1.avi
    [2013/05/27 15:21:09 | 147,456,000 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology15.avi
    [2013/05/27 15:18:48 | 160,088,064 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology14.avi
    [2013/05/27 15:17:01 | 189,960,192 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology13.avi
    [2013/05/27 15:15:01 | 138,936,320 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology12.avi
    [2013/05/27 15:11:00 | 122,617,856 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology11.avi
    [2013/05/27 15:04:28 | 259,946,496 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology10.avi
    [2013/05/27 14:59:36 | 157,450,240 | ---- | M] () -- C:\Users\G-Man\Documents\EPI-ETHICS3.avi
    [2013/05/27 14:54:57 | 161,533,952 | ---- | M] () -- C:\Users\G-Man\Documents\EPI-ETHICS2.avi
    [2013/05/27 14:28:07 | 230,907,904 | ---- | M] () -- C:\Users\G-Man\Documents\EPI-ETHICS1.avi
    [2013/05/27 14:18:31 | 172,566,528 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology9.avi
    [2013/05/26 12:40:25 | 167,925,760 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology8.avi
    [2013/05/26 12:38:22 | 162,502,656 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology7.avi
    [2013/05/26 12:36:44 | 142,813,184 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology6.avi
    [2013/05/26 12:35:08 | 101,529,600 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology5.avi
    [2013/05/26 12:33:28 | 188,934,144 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology4.avi
    [2013/05/26 12:31:10 | 169,019,392 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology3.avi
    [2013/05/26 12:29:12 | 143,128,576 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology2.avi
    [2013/05/25 01:53:55 | 124,549,120 | ---- | M] () -- C:\Users\G-Man\Documents\Pulmonology12.avi
    [2013/05/25 00:17:31 | 000,417,563 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
    [2013/05/25 00:12:41 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
    [2013/05/25 00:06:42 | 165,902,336 | ---- | M] () -- C:\Users\G-Man\Documents\Pulmonology11.avi
    [2013/05/25 00:05:30 | 149,331,968 | ---- | M] () -- C:\Users\G-Man\Documents\Pulmonology10.avi
    [2013/05/25 00:03:42 | 174,401,536 | ---- | M] () -- C:\Users\G-Man\Documents\Pulmonology9.avi
    [2013/05/25 00:01:58 | 134,875,136 | ---- | M] () -- C:\Users\G-Man\Documents\Pulmonology8.avi
    [2013/05/24 23:59:16 | 152,502,272 | ---- | M] () -- C:\Users\G-Man\Documents\Pulmonology7.avi
    [2013/05/24 23:57:46 | 074,620,928 | ---- | M] () -- C:\Users\G-Man\Documents\Pulmonology6.avi
    [2013/05/24 23:56:00 | 137,676,800 | ---- | M] () -- C:\Users\G-Man\Documents\Pulmonology5.avi
    [2013/05/24 06:38:24 | 345,839,318 | ---- | M] () -- C:\Users\G-Man\Documents\DIT Step2 2013mm.pdf
    [2013/05/24 00:14:32 | 133,623,808 | ---- | M] () -- C:\Users\G-Man\Documents\Pulmonology4.avi
    [2013/05/24 00:13:05 | 121,100,288 | ---- | M] () -- C:\Users\G-Man\Documents\Pulmonology3.avi
    [2013/05/24 00:09:26 | 052,072,448 | ---- | M] () -- C:\Users\G-Man\Documents\Pulmonology2.avi
    [2013/05/24 00:06:16 | 119,549,952 | ---- | M] () -- C:\Users\G-Man\Documents\Pulmonology1.avi
    [2013/05/24 00:04:06 | 181,006,336 | ---- | M] () -- C:\Users\G-Man\Documents\ER-ICU-SURG12.avi
    [2013/05/23 23:46:17 | 170,041,344 | ---- | M] () -- C:\Users\G-Man\Documents\ER-ICU-SURG11.avi
    [2013/05/23 23:44:22 | 081,131,520 | ---- | M] () -- C:\Users\G-Man\Documents\ER-ICU-SURG10.avi
    [2013/05/23 23:42:39 | 175,093,760 | ---- | M] () -- C:\Users\G-Man\Documents\ER-ICU-SURG9.avi
    [2013/05/23 23:38:30 | 126,640,128 | ---- | M] () -- C:\Users\G-Man\Documents\ER-ICU-SURG8.avi
    [2013/05/23 23:30:00 | 233,779,200 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular18.avi
    [2013/05/23 23:26:33 | 132,210,688 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular17.avi
    [2013/05/23 23:22:44 | 200,976,384 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular16.avi
    [2013/05/23 23:20:11 | 185,077,760 | ---- | M] () -- C:\Users\G-Man\Documents\ER-ICU-SURG7.avi
    [2013/05/23 23:16:28 | 098,770,944 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular15.avi
    [2013/05/23 22:33:59 | 056,514,582 | ---- | M] () -- C:\Users\G-Man\Documents\DIT Step2 2013-1.pdf
    [2013/05/22 20:14:45 | 088,774,833 | ---- | M] () -- C:\Users\G-Man\Documents\PedsShelfReview_pt4.wmv
    [2013/05/22 20:09:14 | 101,489,637 | ---- | M] () -- C:\Users\G-Man\Documents\PedsShelfReview_pt3.wmv
    [2013/05/22 20:01:24 | 126,423,937 | ---- | M] () -- C:\Users\G-Man\Documents\PedsShelfReview_pt2.wmv
    [2013/05/22 19:48:51 | 119,812,373 | ---- | M] () -- C:\Users\G-Man\Documents\PedsShelfReview_pt1.wmv
    [2013/05/21 08:13:04 | 095,255,040 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular2.avi
    [2013/05/21 06:16:01 | 120,705,024 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular8.avi
    [2013/05/21 00:36:51 | 170,762,240 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular14.avi
    [2013/05/21 00:35:12 | 134,875,136 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular13.avi
    [2013/05/21 00:32:59 | 157,114,368 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular12.avi
    [2013/05/21 00:29:13 | 190,992,384 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular11.avi
    [2013/05/21 00:25:27 | 127,539,200 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular10.avi
    [2013/05/21 00:18:42 | 176,117,760 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular9.avi
    [2013/05/21 00:17:05 | 132,687,872 | ---- | M] () -- C:\Users\G-Man\Documents\ER-ICU-SURG6.avi
    [2013/05/21 00:00:23 | 116,420,608 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular7.avi
    [2013/05/20 23:50:16 | 115,984,384 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular6.avi
    [2013/05/20 23:49:23 | 093,501,440 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular5.avi
    [2013/05/20 23:48:15 | 093,480,960 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular4.avi
    [2013/05/20 23:46:16 | 194,766,848 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular3.avi
    [2013/05/20 23:28:08 | 112,074,752 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular1.avi
    [2013/05/20 23:26:49 | 109,074,432 | ---- | M] () -- C:\Users\G-Man\Documents\ER-ICU-SURG5.avi
    [2013/05/20 23:25:55 | 084,701,184 | ---- | M] () -- C:\Users\G-Man\Documents\ER-ICU-SURG4.avi
    [2013/05/20 23:24:14 | 115,888,128 | ---- | M] () -- C:\Users\G-Man\Documents\ER-ICU-SURG3.avi
    [2013/05/20 23:22:36 | 113,246,208 | ---- | M] () -- C:\Users\G-Man\Documents\ER-ICU-SURG2.avi
    [2013/05/20 23:19:01 | 150,478,848 | ---- | M] () -- C:\Users\G-Man\Documents\ER-ICU-SURG1.avi
    [2013/05/20 12:55:50 | 267,992,976 | ---- | M] () -- C:\Users\G-Man\Documents\DIT Step2 2013.pdf
    [2013/05/17 16:21:53 | 004,989,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/05/17 00:32:56 | 154,730,496 | ---- | M] () -- C:\Users\G-Man\Documents\Endocrine9.avi
    [2013/05/17 00:11:18 | 000,007,668 | ---- | M] () -- C:\Windows\hworks64.INI
    [2013/05/17 00:00:47 | 161,775,616 | ---- | M] () -- C:\Users\G-Man\Documents\Endocrine2.avi
    [2013/05/16 00:12:56 | 172,009,472 | ---- | M] () -- C:\Users\G-Man\Documents\Endocrine10.avi
    [2013/05/16 00:09:41 | 137,199,616 | ---- | M] () -- C:\Users\G-Man\Documents\Endocrine8.avi
    [2013/05/16 00:08:43 | 141,318,144 | ---- | M] () -- C:\Users\G-Man\Documents\Endocrine7.avi
    [2013/05/16 00:07:38 | 095,733,760 | ---- | M] () -- C:\Users\G-Man\Documents\Endocrine6.avi
    [2013/05/16 00:05:41 | 146,540,544 | ---- | M] () -- C:\Users\G-Man\Documents\Endocrine5.avi
    [2013/05/16 00:01:56 | 233,635,840 | ---- | M] () -- C:\Users\G-Man\Documents\Endocrine4.avi
    [2013/05/14 22:38:47 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2013/05/14 21:31:59 | 067,129,344 | ---- | M] () -- C:\Users\G-Man\Documents\Endocrine3.avi
    [2013/05/14 21:27:17 | 131,670,016 | ---- | M] () -- C:\Users\G-Man\Documents\Endocrine1.avi
    [2013/05/14 21:25:26 | 124,712,960 | ---- | M] () -- C:\Users\G-Man\Documents\Psychiatry11.avi
    [2013/05/14 21:23:35 | 130,269,184 | ---- | M] () -- C:\Users\G-Man\Documents\Psychiatry10.avi
    [2013/05/14 21:21:53 | 150,839,296 | ---- | M] () -- C:\Users\G-Man\Documents\Psychiatry9.avi
    [2013/05/14 21:19:41 | 094,154,752 | ---- | M] () -- C:\Users\G-Man\Documents\Psychiatry8.avi
    [2013/05/14 21:17:19 | 140,003,328 | ---- | M] () -- C:\Users\G-Man\Documents\Psychiatry7.avi
    [2013/05/14 21:15:04 | 084,938,752 | ---- | M] () -- C:\Users\G-Man\Documents\Psychiatry6.avi
    [2013/05/10 01:03:46 | 000,000,717 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
     
  15. G-doctor

    G-doctor TS Rookie Topic Starter Posts: 37

    ========== Files Created - No Company Name ==========

    [2013/06/07 21:31:12 | 000,000,176 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
    [2013/06/07 19:48:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/06/07 19:48:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/06/07 19:48:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/06/07 19:48:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/06/07 19:48:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/06/06 23:59:31 | 007,276,239 | ---- | C] () -- C:\Users\G-Man\Documents\7.pdf
    [2013/06/06 01:52:01 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForweoin.job
    [2013/06/05 23:23:43 | 077,474,627 | ---- | C] () -- C:\Users\G-Man\Documents\Medstudy 2013 Video Board Review of Pediatrics.pdf
    [2013/06/05 23:01:14 | 000,000,000 | ---- | C] () -- C:\Windows\AoADVDRipper.INI
    [2013/06/03 21:35:12 | 001,472,007 | ---- | C] () -- C:\Users\G-Man\Documents\Pediatrics shelf.pdf
    [2013/06/02 23:57:04 | 118,147,072 | ---- | C] () -- C:\Users\G-Man\Documents\Pediatrics5.avi
    [2013/06/02 23:49:42 | 171,366,400 | ---- | C] () -- C:\Users\G-Man\Documents\Pediatrics4.avi
    [2013/06/02 23:40:57 | 159,426,560 | ---- | C] () -- C:\Users\G-Man\Documents\Pediatrics3.avi
    [2013/06/02 23:35:34 | 107,358,208 | ---- | C] () -- C:\Users\G-Man\Documents\Pediatrics2.avi
    [2013/06/02 23:34:01 | 141,242,368 | ---- | C] () -- C:\Users\G-Man\Documents\Pediatrics1.avi
    [2013/06/02 23:32:15 | 123,844,608 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics14.avi
    [2013/06/02 23:30:05 | 088,494,080 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics13.avi
    [2013/06/02 23:28:04 | 144,107,520 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics1.avi
    [2013/06/02 23:20:34 | 025,811,439 | ---- | C] () -- C:\Users\G-Man\Documents\IMQA2.pdf
    [2013/06/02 21:44:20 | 025,255,986 | ---- | C] () -- C:\Users\G-Man\Documents\IMQA1.pdf
    [2013/06/02 21:26:05 | 015,895,797 | ---- | C] () -- C:\Users\G-Man\Documents\IMA1.pdf
    [2013/06/02 21:24:01 | 010,076,091 | ---- | C] () -- C:\Users\G-Man\Documents\IMQ1.pdf
    [2013/06/02 19:37:37 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
    [2013/06/02 17:05:34 | 134,424,576 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics12.avi
    [2013/06/02 17:00:45 | 131,995,648 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics11.avi
    [2013/06/02 16:58:58 | 197,730,304 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics10.avi
    [2013/06/02 16:49:57 | 139,982,848 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics9.avi
    [2013/06/02 16:39:15 | 193,695,744 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics8.avi
    [2013/06/02 16:37:16 | 167,692,288 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics7.avi
    [2013/06/02 16:34:50 | 184,424,448 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics6.avi
    [2013/06/02 16:31:45 | 115,236,864 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics5.avi
    [2013/06/01 21:22:28 | 110,297,088 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics4.avi
    [2013/06/01 21:21:05 | 213,127,168 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics3.avi
    [2013/06/01 21:19:14 | 197,054,464 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics2.avi
    [2013/06/01 21:17:32 | 197,595,136 | ---- | C] () -- C:\Users\G-Man\Documents\Gynecology9.avi
    [2013/06/01 21:15:00 | 256,935,936 | ---- | C] () -- C:\Users\G-Man\Documents\Gynecology8.avi
    [2013/06/01 21:12:45 | 097,089,536 | ---- | C] () -- C:\Users\G-Man\Documents\Gynecology7.avi
    [2013/06/01 21:11:31 | 099,547,136 | ---- | C] () -- C:\Users\G-Man\Documents\Gynecology6.avi
    [2013/06/01 21:09:36 | 135,491,584 | ---- | C] () -- C:\Users\G-Man\Documents\Dermatology3.avi
    [2013/06/01 21:04:25 | 199,809,024 | ---- | C] () -- C:\Users\G-Man\Documents\Gynecology11.avi
    [2013/06/01 21:02:37 | 115,986,432 | ---- | C] () -- C:\Users\G-Man\Documents\Gynecology10.avi
    [2013/06/01 20:59:18 | 112,611,328 | ---- | C] () -- C:\Users\G-Man\Documents\Gynecology5.avi
    [2013/06/01 20:57:27 | 111,798,272 | ---- | C] () -- C:\Users\G-Man\Documents\Gynecology4.avi
    [2013/06/01 20:55:27 | 231,178,240 | ---- | C] () -- C:\Users\G-Man\Documents\Gynecology3.avi
    [2013/06/01 20:53:28 | 112,418,816 | ---- | C] () -- C:\Users\G-Man\Documents\Gynecology2.avi
    [2013/06/01 20:51:49 | 129,560,576 | ---- | C] () -- C:\Users\G-Man\Documents\Gynecology1.avi
    [2013/06/01 20:50:21 | 136,605,696 | ---- | C] () -- C:\Users\G-Man\Documents\Dermatology6.avi
    [2013/06/01 20:48:56 | 094,531,584 | ---- | C] () -- C:\Users\G-Man\Documents\Dermatology5.avi
    [2013/06/01 20:47:33 | 208,646,144 | ---- | C] () -- C:\Users\G-Man\Documents\Dermatology4.avi
    [2013/06/01 20:40:03 | 178,618,368 | ---- | C] () -- C:\Users\G-Man\Documents\Dermatology2.avi
    [2013/06/01 20:35:14 | 145,287,168 | ---- | C] () -- C:\Users\G-Man\Documents\Dermatology1.avi
    [2013/06/01 20:31:38 | 141,981,696 | ---- | C] () -- C:\Users\G-Man\Documents\Musculoskeletal7.avi
    [2013/06/01 20:29:37 | 156,817,408 | ---- | C] () -- C:\Users\G-Man\Documents\Musculoskeletal6.avi
    [2013/06/01 20:27:33 | 176,216,064 | ---- | C] () -- C:\Users\G-Man\Documents\Musculoskeletal5.avi
    [2013/06/01 20:25:34 | 174,204,928 | ---- | C] () -- C:\Users\G-Man\Documents\Musculoskeletal4.avi
    [2013/06/01 20:23:10 | 200,384,512 | ---- | C] () -- C:\Users\G-Man\Documents\Musculoskeletal3.avi
    [2013/06/01 20:20:24 | 149,174,272 | ---- | C] () -- C:\Users\G-Man\Documents\Musculoskeletal2.avi
    [2013/06/01 20:17:44 | 211,662,848 | ---- | C] () -- C:\Users\G-Man\Documents\Musculoskeletal1.avi
    [2013/06/01 20:14:05 | 063,778,816 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC13.avi
    [2013/06/01 20:11:36 | 152,082,432 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC12.avi
    [2013/06/01 20:10:11 | 159,956,992 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC11.avi
    [2013/06/01 20:08:02 | 116,518,912 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC10.avi
    [2013/06/01 20:06:30 | 163,385,344 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC9.avi
    [2013/06/01 20:04:52 | 117,499,904 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC8.avi
    [2013/06/01 20:02:52 | 157,421,568 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC7.avi
    [2013/06/01 19:59:35 | 229,197,824 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC6.avi
    [2013/06/01 19:56:26 | 169,351,168 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC5.avi
    [2013/06/01 19:54:40 | 119,226,368 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC4.avi
    [2013/05/31 18:41:20 | 000,001,156 | ---- | C] () -- C:\Users\G-Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 11.lnk
    [2013/05/31 11:26:46 | 000,172,032 | ---- | C] () -- C:\Windows\FS9Unins.exe
    [2013/05/30 16:44:04 | 000,137,933 | ---- | C] () -- C:\Users\G-Man\Documents\Study_Guide_-_The_Step_2_Survival_Guide.pdf
    [2013/05/29 12:45:51 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForG-Man.job
    [2013/05/29 02:46:52 | 174,886,912 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology1.avi
    [2013/05/28 02:02:07 | 092,516,352 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC3.avi
    [2013/05/28 02:00:20 | 130,932,736 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC2.avi
    [2013/05/28 01:58:27 | 151,492,608 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC1.avi
    [2013/05/28 01:54:54 | 064,655,360 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary13.avi
    [2013/05/28 01:53:41 | 129,296,384 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary12.avi
    [2013/05/28 01:49:38 | 134,426,624 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary11.avi
    [2013/05/28 01:45:00 | 148,002,816 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary10.avi
    [2013/05/28 01:43:23 | 104,798,208 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary9.avi
    [2013/05/28 01:37:53 | 194,592,768 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary8.avi
    [2013/05/28 01:33:06 | 180,508,672 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary7.avi
    [2013/05/28 01:31:47 | 088,590,336 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary6.avi
    [2013/05/27 15:29:12 | 234,104,832 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary5.avi
    [2013/05/27 15:27:44 | 074,510,336 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary4.avi
    [2013/05/27 15:26:41 | 104,890,368 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary3.avi
    [2013/05/27 15:25:22 | 162,848,768 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary2.avi
    [2013/05/27 15:23:42 | 126,267,392 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary1.avi
    [2013/05/27 15:20:45 | 147,456,000 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology15.avi
    [2013/05/27 15:18:28 | 160,088,064 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology14.avi
    [2013/05/27 15:16:35 | 189,960,192 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology13.avi
    [2013/05/27 15:13:15 | 138,936,320 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology12.avi
    [2013/05/27 15:06:28 | 122,617,856 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology11.avi
    [2013/05/27 15:02:33 | 259,946,496 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology10.avi
    [2013/05/27 14:57:37 | 157,450,240 | ---- | C] () -- C:\Users\G-Man\Documents\EPI-ETHICS3.avi
    [2013/05/27 14:50:13 | 161,533,952 | ---- | C] () -- C:\Users\G-Man\Documents\EPI-ETHICS2.avi
    [2013/05/27 14:24:03 | 230,907,904 | ---- | C] () -- C:\Users\G-Man\Documents\EPI-ETHICS1.avi
    [2013/05/27 14:10:22 | 172,566,528 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology9.avi
    [2013/05/26 12:40:07 | 167,925,760 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology8.avi
    [2013/05/26 12:38:07 | 162,502,656 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology7.avi
    [2013/05/26 12:36:29 | 142,813,184 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology6.avi
    [2013/05/26 12:34:52 | 101,529,600 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology5.avi
    [2013/05/26 12:33:03 | 188,934,144 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology4.avi
    [2013/05/26 12:30:51 | 169,019,392 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology3.avi
    [2013/05/26 12:28:54 | 143,128,576 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology2.avi
    [2013/05/25 01:49:54 | 124,549,120 | ---- | C] () -- C:\Users\G-Man\Documents\Pulmonology12.avi
    [2013/05/25 00:58:22 | 098,770,944 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular15.avi
    [2013/05/25 00:58:12 | 170,762,240 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular14.avi
    [2013/05/25 00:58:09 | 134,875,136 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular13.avi
    [2013/05/25 00:58:03 | 157,114,368 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular12.avi
    [2013/05/25 00:57:51 | 190,992,384 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular11.avi
    [2013/05/25 00:57:46 | 127,539,200 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular10.avi
    [2013/05/25 00:57:35 | 176,117,760 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular9.avi
    [2013/05/25 00:57:25 | 175,093,760 | ---- | C] () -- C:\Users\G-Man\Documents\ER-ICU-SURG9.avi
    [2013/05/25 00:57:19 | 126,640,128 | ---- | C] () -- C:\Users\G-Man\Documents\ER-ICU-SURG8.avi
    [2013/05/25 00:57:09 | 185,077,760 | ---- | C] () -- C:\Users\G-Man\Documents\ER-ICU-SURG7.avi
    [2013/05/25 00:56:59 | 233,779,200 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular18.avi
    [2013/05/25 00:56:56 | 132,210,688 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular17.avi
    [2013/05/25 00:56:51 | 200,976,384 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular16.avi
    [2013/05/25 00:06:33 | 165,902,336 | ---- | C] () -- C:\Users\G-Man\Documents\Pulmonology11.avi
    [2013/05/25 00:05:20 | 149,331,968 | ---- | C] () -- C:\Users\G-Man\Documents\Pulmonology10.avi
    [2013/05/25 00:03:32 | 174,401,536 | ---- | C] () -- C:\Users\G-Man\Documents\Pulmonology9.avi
    [2013/05/25 00:01:49 | 134,875,136 | ---- | C] () -- C:\Users\G-Man\Documents\Pulmonology8.avi
    [2013/05/24 23:59:08 | 152,502,272 | ---- | C] () -- C:\Users\G-Man\Documents\Pulmonology7.avi
    [2013/05/24 23:53:42 | 074,620,928 | ---- | C] () -- C:\Users\G-Man\Documents\Pulmonology6.avi
    [2013/05/24 23:51:36 | 137,676,800 | ---- | C] () -- C:\Users\G-Man\Documents\Pulmonology5.avi
    [2013/05/24 06:38:24 | 345,839,318 | ---- | C] () -- C:\Users\G-Man\Documents\DIT Step2 2013mm.pdf
    [2013/05/24 00:14:21 | 133,623,808 | ---- | C] () -- C:\Users\G-Man\Documents\Pulmonology4.avi
    [2013/05/24 00:11:20 | 121,100,288 | ---- | C] () -- C:\Users\G-Man\Documents\Pulmonology3.avi
    [2013/05/24 00:08:11 | 052,072,448 | ---- | C] () -- C:\Users\G-Man\Documents\Pulmonology2.avi
    [2013/05/24 00:06:07 | 119,549,952 | ---- | C] () -- C:\Users\G-Man\Documents\Pulmonology1.avi
    [2013/05/24 00:03:49 | 181,006,336 | ---- | C] () -- C:\Users\G-Man\Documents\ER-ICU-SURG12.avi
    [2013/05/23 23:45:50 | 170,041,344 | ---- | C] () -- C:\Users\G-Man\Documents\ER-ICU-SURG11.avi
    [2013/05/23 23:44:15 | 081,131,520 | ---- | C] () -- C:\Users\G-Man\Documents\ER-ICU-SURG10.avi
    [2013/05/23 22:33:58 | 056,514,582 | ---- | C] () -- C:\Users\G-Man\Documents\DIT Step2 2013-1.pdf
    [2013/05/22 20:09:42 | 088,774,833 | ---- | C] () -- C:\Users\G-Man\Documents\PedsShelfReview_pt4.wmv
    [2013/05/22 20:03:02 | 101,489,637 | ---- | C] () -- C:\Users\G-Man\Documents\PedsShelfReview_pt3.wmv
    [2013/05/22 19:49:57 | 126,423,937 | ---- | C] () -- C:\Users\G-Man\Documents\PedsShelfReview_pt2.wmv
    [2013/05/22 19:39:48 | 119,812,373 | ---- | C] () -- C:\Users\G-Man\Documents\PedsShelfReview_pt1.wmv
    [2013/05/21 01:12:46 | 120,705,024 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular8.avi
    [2013/05/21 00:11:08 | 132,687,872 | ---- | C] () -- C:\Users\G-Man\Documents\ER-ICU-SURG6.avi
    [2013/05/20 23:57:45 | 116,420,608 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular7.avi
    [2013/05/20 23:50:08 | 115,984,384 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular6.avi
    [2013/05/20 23:49:15 | 093,501,440 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular5.avi
    [2013/05/20 23:48:07 | 093,480,960 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular4.avi
    [2013/05/20 23:45:42 | 194,766,848 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular3.avi
    [2013/05/20 23:43:21 | 095,255,040 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular2.avi
    [2013/05/20 23:27:58 | 112,074,752 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular1.avi
    [2013/05/20 23:26:41 | 109,074,432 | ---- | C] () -- C:\Users\G-Man\Documents\ER-ICU-SURG5.avi
    [2013/05/20 23:25:48 | 084,701,184 | ---- | C] () -- C:\Users\G-Man\Documents\ER-ICU-SURG4.avi
    [2013/05/20 23:24:05 | 115,888,128 | ---- | C] () -- C:\Users\G-Man\Documents\ER-ICU-SURG3.avi
    [2013/05/20 23:22:16 | 113,246,208 | ---- | C] () -- C:\Users\G-Man\Documents\ER-ICU-SURG2.avi
    [2013/05/20 23:18:46 | 150,478,848 | ---- | C] () -- C:\Users\G-Man\Documents\ER-ICU-SURG1.avi
    [2013/05/19 22:53:17 | 000,155,648 | ---- | C] () -- C:\Windows\agent.exe
    [2013/05/19 22:52:20 | 000,046,592 | ---- | C] () -- C:\Windows\SysWow64\grtppm.dll
    [2013/05/17 19:03:29 | 267,992,976 | ---- | C] () -- C:\Users\G-Man\Documents\DIT Step2 2013.pdf
    [2013/05/17 16:08:00 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
    [2013/05/17 16:08:00 | 000,002,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
    [2013/05/17 16:08:00 | 000,002,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
    [2013/05/16 00:12:43 | 172,009,472 | ---- | C] () -- C:\Users\G-Man\Documents\Endocrine10.avi
    [2013/05/16 00:10:52 | 154,730,496 | ---- | C] () -- C:\Users\G-Man\Documents\Endocrine9.avi
    [2013/05/16 00:09:32 | 137,199,616 | ---- | C] () -- C:\Users\G-Man\Documents\Endocrine8.avi
    [2013/05/16 00:08:33 | 141,318,144 | ---- | C] () -- C:\Users\G-Man\Documents\Endocrine7.avi
    [2013/05/16 00:07:31 | 095,733,760 | ---- | C] () -- C:\Users\G-Man\Documents\Endocrine6.avi
    [2013/05/16 00:05:27 | 146,540,544 | ---- | C] () -- C:\Users\G-Man\Documents\Endocrine5.avi
    [2013/05/15 01:19:25 | 233,635,840 | ---- | C] () -- C:\Users\G-Man\Documents\Endocrine4.avi
    [2013/05/14 22:38:42 | 000,001,024 | ---- | C] () -- C:\.rnd
    [2013/05/14 22:38:08 | 000,000,988 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
    [2013/05/14 21:31:51 | 067,129,344 | ---- | C] () -- C:\Users\G-Man\Documents\Endocrine3.avi
    [2013/05/14 21:29:43 | 161,775,616 | ---- | C] () -- C:\Users\G-Man\Documents\Endocrine2.avi
    [2013/05/14 21:27:06 | 131,670,016 | ---- | C] () -- C:\Users\G-Man\Documents\Endocrine1.avi
    [2013/05/14 21:25:15 | 124,712,960 | ---- | C] () -- C:\Users\G-Man\Documents\Psychiatry11.avi
    [2013/05/14 21:23:24 | 130,269,184 | ---- | C] () -- C:\Users\G-Man\Documents\Psychiatry10.avi
    [2013/05/14 21:21:39 | 150,839,296 | ---- | C] () -- C:\Users\G-Man\Documents\Psychiatry9.avi
    [2013/05/14 21:19:30 | 094,154,752 | ---- | C] () -- C:\Users\G-Man\Documents\Psychiatry8.avi
    [2013/05/14 21:17:07 | 140,003,328 | ---- | C] () -- C:\Users\G-Man\Documents\Psychiatry7.avi
    [2013/05/14 21:14:57 | 084,938,752 | ---- | C] () -- C:\Users\G-Man\Documents\Psychiatry6.avi
    [2013/05/02 02:08:36 | 000,000,258 | RHS- | C] () -- C:\Users\G-Man\ntuser.pol
    [2013/05/02 00:34:43 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2013/05/02 00:34:43 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2013/01/30 17:40:25 | 155,271,168 | ---- | C] () -- C:\Users\G-Man\Rosetta Stone v3 & Patch.iso
    [2013/01/25 15:58:13 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\DreamUPLAN.ini
    [2013/01/18 20:54:58 | 000,009,216 | ---- | C] () -- C:\Users\G-Man\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/01/03 21:31:49 | 000,001,106 | ---- | C] () -- C:\Users\G-Man\advanced_ip_scanner_MAC.bin
    [2012/12/13 06:16:46 | 443,927,742 | ---- | C] () -- C:\Users\G-Man\[A-Destiny] Kingdom - 05 (1280x720 Hi10p AAC) [F75430DD].mkv
    [2012/12/13 05:50:33 | 336,261,779 | ---- | C] () -- C:\Users\G-Man\[Hadena] Kingdom - 04 [10bit][720p][81589BD5].mkv
    [2012/12/13 05:15:44 | 392,282,599 | ---- | C] () -- C:\Users\G-Man\[Hadena] Kingdom - 03 [720p][9CA9CAA5].mkv
    [2012/12/13 04:04:28 | 250,325,302 | ---- | C] () -- C:\Users\G-Man\[Hadena] Kingdom - 02 [10bit][720p][44601AC8].mkv
    [2012/12/12 23:26:02 | 287,235,716 | ---- | C] () -- C:\Users\G-Man\[URW]_Chuunibyou_demo_Koi_ga_Shitai!_-_11_[720p][C31B6869].mkv
    [2012/11/19 20:21:50 | 347,046,753 | ---- | C] () -- C:\Users\G-Man\[rori] Sakurasou no Pet na Kanojo - 07 [DADADAAA].mkv
    [2012/05/03 10:28:57 | 000,221,606 | ---- | C] () -- C:\Windows\hpoins19.dat
    [2012/05/03 10:28:57 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
    [2012/03/10 07:42:34 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat
    [2012/01/03 08:42:43 | 000,769,042 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/12/19 12:37:59 | 000,000,600 | ---- | C] () -- C:\Users\G-Man\AppData\Local\PUTTY.RND
    [2011/12/09 16:07:15 | 000,005,248 | ---- | C] () -- C:\Windows\SysWow64\giveio.sys
    [2011/11/24 22:08:24 | 000,196,832 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011/11/15 07:17:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
    [2011/10/26 19:58:07 | 000,007,668 | ---- | C] () -- C:\Windows\hworks64.INI
    [2011/10/16 21:46:36 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2011/09/19 11:50:57 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
    [2011/09/11 11:42:03 | 000,000,032 | ---- | C] () -- C:\Windows\tdlp32.ini
    [2011/08/29 19:45:24 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
    [2011/07/17 06:13:14 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
    [2011/07/17 06:09:31 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/07/17 06:09:31 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/07/17 06:09:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/07/17 06:05:59 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat

    ========== ZeroAccess Check ==========

    [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/12/11 22:58:40 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2012/12/11 22:58:40 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
    [2013/05/19 23:00:57 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\AdvancedTiffEditor
    [2011/08/29 18:01:08 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\AVG10
    [2013/02/13 09:56:52 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\calibre
    [2011/10/22 14:11:49 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2013/06/07 21:33:26 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\CheckPoint
    [2012/01/17 21:08:03 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Colasoft Capsa 7.4 - Free Edition
    [2012/01/17 21:08:04 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Colasoft MAC Scanner
    [2013/06/05 17:54:10 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\ControlCenter4
    [2013/01/30 20:28:46 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\DAEMON Tools Lite
    [2012/05/05 13:05:03 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Digiarty
    [2012/01/10 07:56:27 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\DocumentsToGoDesktop
    [2012/03/10 07:42:34 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\DonationCoder
    [2013/05/23 21:26:17 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Downloaded Installations
    [2013/06/06 00:51:23 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Dropbox
    [2012/11/07 13:06:33 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Echo Software
    [2011/11/23 18:40:28 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\enchant
    [2013/05/23 21:35:31 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\FileOpen
    [2013/06/07 22:00:04 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\FileZilla
    [2013/04/08 21:00:47 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Foxit Advanced PDF Editor
    [2013/05/23 19:14:08 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Foxit Software
    [2012/03/10 07:14:28 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\GrabPro
    [2011/11/23 18:43:28 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\gtk-2.0
    [2013/06/05 15:15:01 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\HandBrake
    [2012/09/21 15:04:17 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Hensense.com
    [2012/11/07 08:30:21 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Hex-Rays
    [2013/05/03 22:08:47 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Hobbyist Software
    [2013/05/08 12:46:29 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\iFunbox_UserCache
    [2012/01/20 07:33:38 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\illumination
    [2013/01/31 18:37:41 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\ImgBurn
    [2013/05/31 11:26:56 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Inbit
    [2012/12/03 11:14:51 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\InfoServ
    [2012/04/18 13:16:04 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\mjusbsp
    [2013/05/23 21:35:31 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Nitro
    [2013/04/13 17:37:21 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\oCam
    [2011/11/04 20:38:28 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\ooVoo Details
    [2013/06/02 19:37:53 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Opera
    [2012/12/03 10:36:33 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\OptiFlasher
    [2013/06/05 11:29:51 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Orbit
    [2012/03/10 07:14:31 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\ProgSense
    [2013/05/10 20:30:57 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\redsn0w
    [2013/02/19 21:26:43 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Softland
    [2011/08/29 13:50:22 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Synaptics
    [2012/04/27 18:30:00 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\TeamViewer
    [2013/04/30 22:20:39 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\TechSmith
    [2013/05/26 21:30:31 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\uTorrent
    [2011/10/27 11:19:22 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Windows Live Writer
    [2012/01/23 17:02:53 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Wireshark
    [2013/04/17 20:57:09 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\WysePocketCloud
    [2011/12/20 01:16:36 | 000,000,000 | ---D | M] -- C:\Users\weoin\AppData\Roaming\AVG10
    [2013/06/07 21:31:11 | 000,000,000 | ---D | M] -- C:\Users\weoin\AppData\Roaming\CheckPoint
    [2013/06/06 01:24:40 | 000,000,000 | ---D | M] -- C:\Users\weoin\AppData\Roaming\ControlCenter4
    [2013/06/06 01:25:24 | 000,000,000 | ---D | M] -- C:\Users\weoin\AppData\Roaming\Opera
    [2012/05/10 00:36:01 | 000,000,000 | ---D | M] -- C:\Users\weoin\AppData\Roaming\Orbit
    [2012/05/10 00:33:45 | 000,000,000 | ---D | M] -- C:\Users\weoin\AppData\Roaming\ProgSense
    [2011/12/20 01:16:31 | 000,000,000 | ---D | M] -- C:\Users\weoin\AppData\Roaming\Synaptics
    [2013/06/06 01:29:06 | 000,000,000 | ---D | M] -- C:\Users\weoin\AppData\Roaming\TuneUp Software

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2013/03/20 14:23:21 | 000,000,000 | ---D | M](C:\Users\G-Man\Documents\STEP 2? Clinicals) -- C:\Users\G-Man\Documents\STEP 2" Clinicals
    [2013/03/20 14:19:22 | 000,000,000 | ---D | C](C:\Users\G-Man\Documents\STEP 2? Clinicals) -- C:\Users\G-Man\Documents\STEP 2" Clinicals
    [2011/09/20 18:15:27 | 000,013,348 | ---- | M] ()(C:\Users\G-Man\Documents\Final Exam, DO NOT SHARE! ?.docx) -- C:\Users\G-Man\Documents\Final Exam, DO NOT SHARE! .docx
    [2011/09/20 18:15:26 | 000,013,348 | ---- | C] ()(C:\Users\G-Man\Documents\Final Exam, DO NOT SHARE! ?.docx) -- C:\Users\G-Man\Documents\Final Exam, DO NOT SHARE! .docx

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 60 bytes -> C:\Users\G-Man\Documents\lec 6 dermatomes and peripheral receptors fall 2011.ppt:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\G-Man\Documents\lec 4 neurohistology summer 2011 umhs ernst.ppt:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\G-Man\Documents\lec 3 neurodevelopment summer 2011 umhs ernst.ppt:AFP_AfpInfo
    @Alternate Data Stream - 163 bytes -> C:\Users\G-Man\Documents\Musculoskeletal2.avi:com.dropbox.attributes
    @Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Pulmonology10.avi:com.dropbox.attributes
    @Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Musculoskeletal7.avi:com.dropbox.attributes
    @Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Musculoskeletal4.avi:com.dropbox.attributes
    @Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Gynecology2.avi:com.dropbox.attributes
    @Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Endocrine4.avi:com.dropbox.attributes
    @Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Cardiovascular3.avi:com.dropbox.attributes
    @Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Cardiovascular15.avi:com.dropbox.attributes
    @Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Cardiovascular13.avi:com.dropbox.attributes
    @Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Cardiovascular10.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology9.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology7.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology6.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology2.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology12.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology11.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology1.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Psychiatry9.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Psychiatry6.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Neurology8.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Musculoskeletal5.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Gynecology1.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG8.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG7.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG5.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG4.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG3.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG12.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG11.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG10.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Endocrine7.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Endocrine5.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Endocrine3.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Endocrine10.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Dermatology6.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Dermatology5.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Dermatology4.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Dermatology1.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Cardiovascular6.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Cardiovascular5.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Cardiovascular4.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Pulmonology5.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Pulmonology4.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Pulmonology3.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Psychiatry8.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Psychiatry7.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Psychiatry11.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Musculoskeletal6.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Musculoskeletal3.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG1.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Endocrine9.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Endocrine8.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Endocrine2.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Endocrine1.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular2.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular18.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular17.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular16.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular14.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular12.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular11.avi:com.dropbox.attributes
    @Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Pulmonology8.avi:com.dropbox.attributes
    @Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Psychiatry10.avi:com.dropbox.attributes
    @Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Musculoskeletal1.avi:com.dropbox.attributes
    @Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG9.avi:com.dropbox.attributes
    @Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG6.avi:com.dropbox.attributes
    @Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG2.avi:com.dropbox.attributes
    @Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Endocrine6.avi:com.dropbox.attributes
    @Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Cardiovascular9.avi:com.dropbox.attributes
    @Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Cardiovascular8.avi:com.dropbox.attributes
    @Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Cardiovascular7.avi:com.dropbox.attributes
    @Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Cardiovascular1.avi:com.dropbox.attributes
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:30FD0CBD

    < End of report >
     
  16. G-doctor

    G-doctor TS Rookie Topic Starter Posts: 37

    Extras.txt

    OTL Extras logfile created on: 6/7/2013 9:45:39 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\G-Man\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16540)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.95 Gb Total Physical Memory | 3.97 Gb Available Physical Memory | 66.75% Memory free
    11.90 Gb Paging File | 9.79 Gb Available in Paging File | 82.33% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 556.30 Gb Total Space | 32.73 Gb Free Space | 5.88% Space Free | Partition Type: NTFS
    Drive D: | 22.87 Gb Total Space | 2.42 Gb Free Space | 10.60% Space Free | Partition Type: NTFS
    Drive E: | 6.69 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: G-MAN-HP | User Name: G-Man | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .js[@ = bfjsfile] -- C:\Program Files (x86)\Bluefish\bluefish.exe (The Bluefish Developers)
    .txt[@ = bftxtfile] -- C:\Program Files (x86)\Bluefish\bluefish.exe (The Bluefish Developers)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
    .js [@ = bfjsfile] -- C:\Program Files (x86)\Bluefish\bluefish.exe (The Bluefish Developers)
    .txt [@ = bftxtfile] -- C:\Program Files (x86)\Bluefish\bluefish.exe (The Bluefish Developers)

    [HKEY_USERS\S-1-5-21-514776539-1456282578-3287137058-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6A64BA78-27A8-4DA8-9467-DF4C9B3A35A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{86B05A6F-BBF5-48C7-A064-B1C7E99BA5E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A0E4FA91-99C5-4122-A86D-0116B8289357}" = protocol=17 | dir=in | app=c:\users\g-man\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{C5048B25-B328-41AA-9BC8-941D74F80558}" = protocol=6 | dir=in | app=c:\users\g-man\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00BCC0AD-0699-48B6-9900-3C53BBCD4DAC}" = AVG 2011
    "{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
    "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
    "{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
    "{0DF3F266-B52E-4309-B3CC-233607DF4E50}" = HP 3D DriveGuard
    "{10940C91-59FD-48D4-BE53-1A30A0C3235B}" = AVG 2011
    "{122CFA16-E9CF-488D-9D4E-60D81F619724}" = AVG 2011
    "{17118574-A5FD-4323-B005-311326F748B3}" = AVG 2011
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1C6C05E6-FF52-4A03-BCA5-1497579B0B89}" = calibre 64bit
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
    "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
    "{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64
    "{2E295B5B-1AD4-4d36-97C2-A316084722C0}" = Python 2.7.2 (64-bit)
    "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
    "{34C5BC15-2401-4980-9D95-ABD2CE8DD08A}" = AVG 2011
    "{38D1C189-B133-401C-A729-3C47ED984B31}" = AVG 2011
    "{46840293-2480-4754-824E-E7374F9C96E9}" = AVG 2011
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{61A3F855-4587-4187-9D77-2EF8CD825A47}" = AVG 2011
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{68554FC7-CB3A-4B8B-ABDF-5125794FE98E}" = AVG 2011
    "{68F85A21-1EBD-436C-8BB4-778771D00ECA}" = Air Display Support
    "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8965228E-F4F1-4281-AAD2-31448A6561B7}" = Foxit PDF IFilter
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
    "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
    "{BAF9E4D0-F3D1-4355-B973-1384CDF1941C}" = Hex Workshop v6.6
    "{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}_is1" = Updater By SweetPacks 2.0.0.566
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EB505EA6-2D5E-4920-A3BD-89C28EEFA5FA}" = AVG 2011
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "5118100F6945E20FB40C6DEA7D3D348AFD9E43D7" = Windows Driver Package - Silicon Laboratories (silabenm) Ports (10/05/2012 6.6.0.0)
    "AC3ACM" = AC-3 ACM Codec x64 2.2
    "AVG" = AVG 2011
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.62.0
    "D680DEE0F68D64EC53D0C5769879D15D387054CC" = Windows Driver Package - Silicon Laboratories (silabenm) Ports (12/10/2012 6.6.1.0)
    "doPDF 7 printer_is1" = doPDF 7.3 printer
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.51
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "ImageMagick 6.8.5 Q16 (64-bit)_is1" = ImageMagick 6.8.5-7 Q16 (64-bit) (2013-05-15)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Shop for HP Supplies" = Shop for HP Supplies
    "Software Informer_is1" = Software Informer 1.2
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinRAR archiver" = WinRAR 4.01 (64-bit)
    "XviD MPEG-4 Video Codec_is1" = XviD v1.3.0 CVS

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
    "{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
    "{01E40F91-EAA2-44F6-9E43-77EF4FDC95CD}" = Bulk Image Resizer
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
    "{0330FC8D-EDB2-455E-A3DC-B56DD107E4BC}" = LogMeIn
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{15E65828-58FA-426B-899B-7E6D1694FA6A}" = usbjtagnt
    "{164965E8-4BB0-4EEB-AFBA-75785A2A2A7F}" = Adobe Fireworks CS5
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9
    "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F4F8934-FD9B-4BF7-9798-3C38A150824C}" = Brother MFL-Pro Suite ADS-2000
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
    "{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{265C837F-8675-4327-A9B8-DC35789C133E}" = DishWorld
    "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
    "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2C73154B-F7F9-4B53-AF56-D06846C99EC4}_is1" = VAP11G
    "{2E87F4AB-99BF-421C-AF7B-365A9C08549A}" = F300
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{303DCBD5-1AC2-45F9-A8AE-194CE2BA871D}_is1" = ArtistScope Plugin IE 64-bit
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{325988C2-8D7B-460E-8F6F-4747129CA495}" = ZoneAlarm Security
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3BA5091B-CD1D-43DA-A0E0-A93A85E3D555}" = YTD Toolbar v7.1
    "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{42D10994-A566-495D-A5E7-D0C6B5C6B35C}" = HP Product Detection
    "{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{44BD21C2-9132-48DB-B65B-23817E4C6F4B}" = Snagit 11
    "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4B0C1F44-2C49-4C6F-A7A6-658444C8D874}" = HP Connection Manager
    "{4BFDDD47-EA77-4F1C-A96E-14B4C61EE04A}_is1" = Illumination Software Creator version 4.1.1
    "{4DDBDC46-B7F0-4D39-AAF9-53CA5B692499}" = HP Documentation
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{51268A7D-4E1A-371A-9849-496D48930952}" = Google Talk Plugin
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{53652DA6-AD2D-4B0F-80BA-6F3CFE2B48D7}" = ZoneAlarm Security
    "{54CCA4E2-D15D-4927-A866-2D33BFED4A8E}" = ZoneAlarm Firewall
    "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
    "{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4
    "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{64C96428-3A75-4AAE-A538-C450EF68175F}" = Xara3D6
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6ADCBB79-7B9A-449B-AE31-E1C7116042B9}" = ZoneAlarm Firewall
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72144B9D-58C4-4C09-A5CF-C6A914B912E8}" = Camtasia Studio 8
    "{7270C835-15DB-4236-B235-DD6B2EBBD4BA}" = HP CoolSense
    "{7774E6AB-D658-40A2-B9FA-7136FA917BAE}" = Advanced IP Scanner
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7FB64E72-9B0E-4460-A821-040C341E414A}" = ASUS Ai Charger
    "{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 3.2.2.4
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8C8C169B-D493-42C7-A975-7C1E0E4C5847}" = PocketCloud Windows Companion
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F3F769D-E9C4-42E5-9B35-82DDCE0790C1}" = Virtual Serial Ports Emulator
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.2
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A9CEF47-6227-4D03-A3E0-55C2B64F61DE}" = Smart Cutter for DV and DVB
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
    "{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{B158F76F-76AB-4115-A4F0-4C6EF6956093}_is1" = VirtualDubMOD 1.5.10.3 US
    "{B4920103-09F6-4AD2-B150-CFC4474D2DDC}" = Simple Adblock
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}" = HP Software Framework
    "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C1C6816E-CBB3-A748-85F9-A8B47B68985B}" = conotinuetossave
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CB011820-5484-4BC9-9644-88C17A69E708}" = WIZ1x0_105SR Configtool
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CDED9EF0-D072-11DF-2EA6-0104A00B0BB3}" = CommView for WiFi
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
    "{D14AB89E-2775-465E-BDF6-AE7EF3047A0A}" = Onl9-TV
    "{D1725D54-279A-41C5-A73D-23C1785DB920}_is1" = AoA DVD Ripper
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1" = Sothink SWF Quicker
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
    "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
    "{E92D47A1-D27D-430A-8368-0BAFD956507D}" = HP Support Assistant
    "{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
    "{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
    "{F446A69E-FD7F-40CB-A1BC-848DB6C582D1}" = usbjtagnt
    "{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
    "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
    "2f1ee195" = Contextual Tool Extrafind
    "AC3ACM" = AC-3 ACM Codec 2.2
    "Acala DVD Ripper Professional_is1" = Acala DVD Ripper Professional 6.3.6.326
    "Ace Password Sniffer v1.4" = Ace Password Sniffer v1.4
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe flex sdk redistributed by sothink_is1" = 3.4.0.9271.1
    "Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Advanced TIFF Editor_is1" = Advanced TIFF Editor 3.6.1.9
    "Alarm Clock_is1" = Alarm Clock v1.0
    "Amazon Kindle" = Amazon Kindle
    "AnalogX NetStat Live" = AnalogX NetStat Live
    "AnalogX PacketMon" = AnalogX PacketMon
    "ArtistScope Plugin FX" = ArtistScope Plugin FX
    "ArtistScope Plugin FX4.2.0.3" = ArtistScope Plugin FX
    "ArtistScope Plugin IE" = ArtistScope Plugin IE
    "ArtistScope Plugin IE4.2.0.3" = ArtistScope Plugin IE
    "Audacity_is1" = Audacity 1.2.6
    "AVG SafeGuard toolbar" = AVG SafeGuard toolbar
    "AviSplit Classic (Freeware)_is1" = AviSplit Classic Version 1.43
    "B521582C-6BE3-491D-BCC8-FFB8301298E9_is1" = Foxit Advanced PDF Editor 3
    "Bitrate Viewer" = Bitrate Viewer 2.3
    "Bluefish" = Bluefish 2.0.2
    "Browsers Protector" = Browsers Protector
    "Channel Master" = Channel Master
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Colasoft Capsa 7 Free_is1" = Colasoft Capsa 7 Free
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com0com" = Null-modem emulator (com0com)
    "Coupon Companion Plugin" = Coupon Companion Plugin
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "DAPlayer_is1" = DAPlayer 1.0.1.9
    "devkitProUpdater" = devkitProUpdater 1.5.3
    "DivX Setup" = DivX Setup
    "DTGDesktop" = Documents To Go Desktop for iPhone
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "EasyBits Magic Desktop" = Magic Desktop
    "EffeTech HTTP Sniffer v4.1" = EffeTech HTTP Sniffer v4.1
    "FastStone Photo Resizer" = FastStone Photo Resizer 3.1
    "Fausto" = Fausto
    "FileZilla Client" = FileZilla Client 3.7.0.2
    "Flip PDF_is1" = Flip PDF
    "Foxit Reader" = Foxit Reader
    "Free HTTP Sniffer" = Free HTTP Sniffer
    "FullShot 9" = FullShot 9.5 (Remove Only)
    "GetSavin" = GetSavin
    "Giraffic" = Veoh Giraffic Video Accelerator
    "GPL Ghostscript 9.06" = GPL Ghostscript
    "Graboid Video" = Graboid Video 2.1
    "GraphicRegion TIF Printer_is1" = GraphicRegion TIF Printer 1.0
    "GTK2-Runtime" = GTK2-Runtime
    "Handbrake" = Handbrake 0.9.2
    "Havij_is1" = Havij 1.15 Free
    "HotspotShield" = Hotspot Shield 2.78
    "IDA PRO Advanced Editionv6.1.1" = IDA PRO Advanced Edition
    "iFunbox_is1" = iFunbox (v2.6.2375.747), iFunbox DevTeam
    "ImgBurn" = ImgBurn
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
    "KLiteCodecPack_is1" = K-Lite Codec Pack 9.9.0 (Full)
    "LEECHBOX" = LEECHBOX
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "MediaBox" = Ó°ÒôºÐ×Ó(MediaBox) 1.2.0.353
    "Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Multi-Page TIFF Editor v.2.4_is1" = Multi-Page TIFF Editor v.2.4
    "Multi-Page TIFF Editor v.2.7_is1" = Multi-Page TIFF Editor v.2.7
    "Network Stumbler" = Network Stumbler 0.4.0 (remove only)
    "NirSoft SniffPass" = NirSoft SniffPass
    "NokiaFREE Unlock Codes Calculator" = NokiaFREE Unlock Codes Calculator
    "oCam_is1" = oCam version 11.5.0.0
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "Opera 12.15.1748" = Opera 12.15
    "Orbit_is1" = Orbit Downloader
    "PremElem90" = Adobe Premiere Elements 9
    "Premiumplay Codec-C" = Premiumplay Codec-C
    "RS232 Data Logger_is1" = RS232 Data Logger 2.7 (Build 2.7.0.117)
    "SerialMon" = SerialMon
    "SMPlayer" = SMPlayer 0.8.1
    "SoftPerfect Network Protocol Analyzer_is1" = SoftPerfect Network Protocol Analyzer 2.7
    "TeamViewer 8" = TeamViewer 8
    "TMACv5.0R3" = Technitium MAC Address Changer v5.0 Release 3
    "UltraISO_is1" = UltraISO Premium V9.36
    "URLSnooper 2_is1" = URL Snooper v2.32.01
    "uTorrent" = µTorrent
    "Veoh Web Player Beta" = Veoh Web Player
    "VLC media player" = VLC media player 2.0.6
    "VLC Streamer_is1" = VLC Streamer 3.28
    "VMware_Workstation" = VMware Workstation
    "VSHD Edit_is1" = VSHD Edit 1.7
    "Web_4.0.1460.0" = Microsoft Expression Web 4
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.1.2
    "Wireshark" = Wireshark 1.6.5
    "WT087328" = Blackhawk Striker 2
    "WT087330" = Bounce Symphony
    "WT087335" = Build-a-lot 2
    "WT087343" = Dora's World Adventure
    "WT087393" = Mah Jong Medley
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087536" = Diner Dash 2 Restaurant Rescue
    "WT089307" = Virtual Villagers 4 - The Tree of Life
    "WT089308" = Blasterball 3
    "WT089328" = Farm Frenzy
    "WT089359" = Cake Mania
    "WT089362" = Agatha Christie - Peril at End House
    "WT089453" = Bejeweled 2 Deluxe
    "WT089454" = Chuzzle Deluxe
    "WT089455" = Zuma Deluxe
    "WT089457" = Slingo Supreme
    "WT089458" = Plants vs. Zombies - Game of the Year
    "WT089470" = FATE - The Traitor Soul
    "WT089484" = Namco All-Stars PAC-MAN
    "WT089496" = Mystery P.I. - Stolen in San Francisco
    "WT089498" = Bejeweled 3
    "WT089504" = Final Drive Nitro
    "Wubi" = Ubuntu
    "Xvid Video Codec 1.3.2" = Xvid Video Codec
    "Xvid_is1" = Xvid 1.2.2 final uninstall
    "Yahoo! Companion" = Yahoo! Toolbar
    "ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-514776539-1456282578-3287137058-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Adobe Connect Add-in" = Adobe Connect Add-in
    "AlwaysOnPC" = AlwaysOnPC
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "GoToMeeting" = GoToMeeting 5.4.0.1082
    "magicJack" = magicJack

    ========== Last 20 Event Log Errors ==========

    [ Hewlett-Packard Events ]
    Error - 12/28/2012 4:40:41 AM | Computer Name = G-Man-HP | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121228021009.xml
    File not created by asset agent

    Error - 1/1/2013 1:23:05 PM | Computer Name = G-Man-HP | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011301105232.xml
    File not created by asset agent

    Error - 1/1/2013 1:23:37 PM | Computer Name = G-Man-HP | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011301105305.xml
    File not created by asset agent

    Error - 1/2/2013 1:52:52 PM | Computer Name = G-Man-HP | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011302112220.xml
    File not created by asset agent

    Error - 1/2/2013 1:53:24 PM | Computer Name = G-Man-HP | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011302112252.xml
    File not created by asset agent

    Error - 1/3/2013 2:22:46 PM | Computer Name = G-Man-HP | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011303115214.xml
    File not created by asset agent

    Error - 1/3/2013 2:23:18 PM | Computer Name = G-Man-HP | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011303115246.xml
    File not created by asset agent

    Error - 1/29/2013 1:23:32 PM | Computer Name = G-Man-HP | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011329122326.xml
    File not created by asset agent

    Error - 3/19/2013 3:12:26 PM | Computer Name = G-Man-HP | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031319121218.xml
    File not created by asset agent

    Error - 5/24/2013 4:38:27 PM | Computer Name = G-Man-HP | Source = Hewlett-Packard | ID = 0
    Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051324013821.xml
    File not created by asset agent

    [ HP Connection Manager Events ]
    Error - 6/8/2013 12:14:02 AM | Computer Name = G-Man-HP | Source = hpCMSrv | ID = 5
    Description = 2013/06/07 21:14:02.229|00000F14|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 6/8/2013 12:17:50 AM | Computer Name = G-Man-HP | Source = hpMobile | ID = 5
    Description = 2013/06/07 21:17:50.189|00001B20|Error |[HP.Mobile]Wlan::RefreshPolicies{bool()}|Error
    HRESULT E_FAIL has been returned from a call to a COM component.

    Error - 6/8/2013 12:17:50 AM | Computer Name = G-Man-HP | Source = hpMobile | ID = 5
    Description = 2013/06/07 21:17:50.298|00001B20|Error |[HP.Mobile]Bluetooth::RefreshPolicies{bool()}|Error
    HRESULT E_FAIL has been returned from a call to a COM component.

    Error - 6/8/2013 12:31:10 AM | Computer Name = G-Man-HP | Source = hpCMSrv | ID = 5
    Description = 2013/06/07 21:31:10.456|00001434|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 6/8/2013 12:31:14 AM | Computer Name = G-Man-HP | Source = hpCMSrv | ID = 5
    Description = 2013/06/07 21:31:14.840|00001434|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 6/8/2013 12:31:40 AM | Computer Name = G-Man-HP | Source = hpCMSrv | ID = 5
    Description = 2013/06/07 21:31:40.471|00001434|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 6/8/2013 12:31:45 AM | Computer Name = G-Man-HP | Source = hpCMSrv | ID = 5
    Description = 2013/06/07 21:31:45.448|00001434|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 6/8/2013 12:31:45 AM | Computer Name = G-Man-HP | Source = hpCMSrv | ID = 5
    Description = 2013/06/07 21:31:45.448|00001434|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
    failed [hr:0x800706BA]

    Error - 6/8/2013 12:35:55 AM | Computer Name = G-Man-HP | Source = hpMobile | ID = 5
    Description = 2013/06/07 21:35:55.060|00001AD0|Error |[HP.Mobile]Wlan::RefreshPolicies{bool()}|Error
    HRESULT E_FAIL has been returned from a call to a COM component.

    Error - 6/8/2013 12:35:55 AM | Computer Name = G-Man-HP | Source = hpMobile | ID = 5
    Description = 2013/06/07 21:35:55.506|00001AD0|Error |[HP.Mobile]Bluetooth::RefreshPolicies{bool()}|Error
    HRESULT E_FAIL has been returned from a call to a COM component.


    < End of report >
     
  17. Broni

    Broni Malware Annihilator Posts: 47,586   +267

    [​IMG] Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    IE - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
    IE - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118;ftp=127.0.0.1:8118;socks=127.0.0.1:9050 
    FF - prefs.js..browser.search.defaultenginename: "error"
    FF - prefs.js..browser.search.defaulturl: ""
    FF - prefs.js..browser.search.order.1: "error"
    FF - prefs.js..browser.search.selectedEngine: "error"
    FF - prefs.js..browser.startup.homepage: "error"
    FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:6.6
    FF - prefs.js..extensions.enabledItems: ytd@mybrowserbar.com:7.0
    FF - prefs.js..keyword.URL: "error"
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    File not found (No name found) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
    File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\AFURLADVISOR@ANCHORFREE.COM
    File not found (No name found) -- C:\PROGRAM FILES (X86)\YTD TOOLBAR\FF
    File not found (No name found) -- C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
    File not found (No name found) -- C:\USERS\G-MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GJN7YMQU.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}
    File not found (No name found) -- C:\USERS\G-MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GJN7YMQU.DEFAULT\EXTENSIONS\ADDON@DEFAULTTAB.COM
    CHR - plugin: StartSearch Video plug-in (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
    O2 - BHO: (GetSavin 5.0) - {2FF7C269-7AE2-49C7-86C2-B2F5E26F96C1} - C:\Users\G-Man\AppData\Local\getsavin\ie\getsavin_1367485142.dll File not found
    O2 - BHO: (conotinuetossave) - {C453BC06-C896-B0C0-A6D3-6A9F9056E08D} - C:\ProgramData\conotinuetossave\51b00ab37e0f7.dll File not found
    O4:64bit: - HKLM..\Run: [ISW] File not found
    O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
    O15 - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\..Trusted Domains: kaptest.com ([www] http in Trusted sites)
    O15 - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\..Trusted Domains: kaptest.com ([www] https in Trusted sites)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    @Alternate Data Stream - 60 bytes -> C:\Users\G-Man\Documents\lec 6 dermatomes and peripheral receptors fall 2011.ppt:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\G-Man\Documents\lec 4 neurohistology summer 2011 umhs ernst.ppt:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\G-Man\Documents\lec 3 neurodevelopment summer 2011 umhs ernst.ppt:AFP_AfpInfo
    @Alternate Data Stream - 163 bytes -> C:\Users\G-Man\Documents\Musculoskeletal2.avi:com.dropbox.attributes
    @Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Pulmonology10.avi:com.dropbox.attributes
    @Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Musculoskeletal7.avi:com.dropbox.attributes
    @Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Musculoskeletal4.avi:com.dropbox.attributes
    @Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Gynecology2.avi:com.dropbox.attributes
    @Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Endocrine4.avi:com.dropbox.attributes
    @Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Cardiovascular3.avi:com.dropbox.attributes
    @Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Cardiovascular15.avi:com.dropbox.attributes
    @Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Cardiovascular13.avi:com.dropbox.attributes
    @Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Cardiovascular10.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology9.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology7.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology6.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology2.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology12.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology11.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology1.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Psychiatry9.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Psychiatry6.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Neurology8.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Musculoskeletal5.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Gynecology1.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG8.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG7.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG5.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG4.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG3.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG12.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG11.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG10.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Endocrine7.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Endocrine5.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Endocrine3.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Endocrine10.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Dermatology6.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Dermatology5.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Dermatology4.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Dermatology1.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Cardiovascular6.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Cardiovascular5.avi:com.dropbox.attributes
    @Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Cardiovascular4.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Pulmonology5.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Pulmonology4.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Pulmonology3.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Psychiatry8.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Psychiatry7.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Psychiatry11.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Musculoskeletal6.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Musculoskeletal3.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG1.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Endocrine9.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Endocrine8.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Endocrine2.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Endocrine1.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular2.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular18.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular17.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular16.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular14.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular12.avi:com.dropbox.attributes
    @Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular11.avi:com.dropbox.attributes
    @Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Pulmonology8.avi:com.dropbox.attributes
    @Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Psychiatry10.avi:com.dropbox.attributes
    @Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Musculoskeletal1.avi:com.dropbox.attributes
    @Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG9.avi:com.dropbox.attributes
    @Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG6.avi:com.dropbox.attributes
    @Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG2.avi:com.dropbox.attributes
    @Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Endocrine6.avi:com.dropbox.attributes
    @Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Cardiovascular9.avi:com.dropbox.attributes
    @Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Cardiovascular8.avi:com.dropbox.attributes
    @Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Cardiovascular7.avi:com.dropbox.attributes
    @Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Cardiovascular1.avi:com.dropbox.attributes
    @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:30FD0CBD
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    [​IMG] Update Malwarebytes, run quick scan and post fresh log.

    Last scans....

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  18. Broni

    Broni Malware Annihilator Posts: 47,586   +267

    Still with me?
     
  19. G-doctor

    G-doctor TS Rookie Topic Starter Posts: 37

    Sorry for the delay in response. I had a bit of a rough few days with work. I will perform those and get back to you.
     
  20. Broni

    Broni Malware Annihilator Posts: 47,586   +267

  21. Broni

    Broni Malware Annihilator Posts: 47,586   +267

    Still with me?
     
  22. G-doctor

    G-doctor TS Rookie Topic Starter Posts: 37

    Yes sir. I have done everything except for the online scanning (it stopped midway). My Internet stopped working day before (some line problem with Comcast). They will be here to fix it in 2 days. I will be able to scan then. Sorry about that.
     
  23. Broni

    Broni Malware Annihilator Posts: 47,586   +267

    Let me know...
     
  24. G-doctor

    G-doctor TS Rookie Topic Starter Posts: 37

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.06.13.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16540
    G-Man :: G-MAN-HP [administrator]

    6/13/2013 9:32:07 PM
    mbam-log-2013-06-13 (21-32-07).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 246835
    Time elapsed: 9 minute(s), 23 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  25. G-doctor

    G-doctor TS Rookie Topic Starter Posts: 37

    OTL fix
    All processes killed
    ========== OTL ==========
    HKU\S-1-5-21-514776539-1456282578-3287137058-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-21-514776539-1456282578-3287137058-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    Prefs.js: "error" removed from browser.search.defaultenginename
    Prefs.js: "" removed from browser.search.defaulturl
    Prefs.js: "error" removed from browser.search.order.1
    Prefs.js: "error" removed from browser.search.selectedEngine
    Prefs.js: "error" removed from browser.startup.homepage
    Prefs.js: wtxpcom@mybrowserbar.com:6.6 removed from extensions.enabledItems
    Prefs.js: ytd@mybrowserbar.com:7.0 removed from extensions.enabledItems
    Prefs.js: "error" removed from keyword.URL
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
    File C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2FF7C269-7AE2-49C7-86C2-B2F5E26F96C1}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2FF7C269-7AE2-49C7-86C2-B2F5E26F96C1}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C453BC06-C896-B0C0-A6D3-6A9F9056E08D}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C453BC06-C896-B0C0-A6D3-6A9F9056E08D}\ deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ISW deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ not found.
    Registry key HKEY_USERS\S-1-5-21-514776539-1456282578-3287137058-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kaptest.com\www\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-514776539-1456282578-3287137058-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kaptest.com\www\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
    File Protocol\Handler\livecall - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
    File Protocol\Handler\ms-help - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
    File Protocol\Handler\msnim - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
    File Protocol\Handler\skype4com - No CLSID value found not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    ADS C:\Users\G-Man\Documents\lec 6 dermatomes and peripheral receptors fall 2011.ppt:AFP_AfpInfo deleted successfully.
    ADS C:\Users\G-Man\Documents\lec 4 neurohistology summer 2011 umhs ernst.ppt:AFP_AfpInfo deleted successfully.
    ADS C:\Users\G-Man\Documents\lec 3 neurodevelopment summer 2011 umhs ernst.ppt:AFP_AfpInfo deleted successfully.
    ADS C:\Users\G-Man\Documents\Musculoskeletal2.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Pulmonology10.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Musculoskeletal7.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Musculoskeletal4.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Gynecology2.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Endocrine4.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Cardiovascular3.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Cardiovascular15.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Cardiovascular13.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Cardiovascular10.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Pulmonology9.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Pulmonology7.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Pulmonology6.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Pulmonology2.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Pulmonology12.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Pulmonology11.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Pulmonology1.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Psychiatry9.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Psychiatry6.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Neurology8.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Musculoskeletal5.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Gynecology1.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\ER-ICU-SURG8.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\ER-ICU-SURG7.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\ER-ICU-SURG5.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\ER-ICU-SURG4.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\ER-ICU-SURG3.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\ER-ICU-SURG12.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\ER-ICU-SURG11.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\ER-ICU-SURG10.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Endocrine7.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Endocrine5.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Endocrine3.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Endocrine10.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Dermatology6.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Dermatology5.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Dermatology4.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Dermatology1.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Cardiovascular6.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Cardiovascular5.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Cardiovascular4.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Pulmonology5.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Pulmonology4.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Pulmonology3.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Psychiatry8.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Psychiatry7.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Psychiatry11.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Musculoskeletal6.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Musculoskeletal3.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\ER-ICU-SURG1.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Endocrine9.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Endocrine8.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Endocrine2.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Endocrine1.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Cardiovascular2.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Cardiovascular18.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Cardiovascular17.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Cardiovascular16.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Cardiovascular14.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Cardiovascular12.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Cardiovascular11.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Pulmonology8.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Psychiatry10.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Musculoskeletal1.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\ER-ICU-SURG9.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\ER-ICU-SURG6.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\ER-ICU-SURG2.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Endocrine6.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Cardiovascular9.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Cardiovascular8.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Cardiovascular7.avi:com.dropbox.attributes deleted successfully.
    ADS C:\Users\G-Man\Documents\Cardiovascular1.avi:com.dropbox.attributes deleted successfully.
    ADS C:\ProgramData\Temp:30FD0CBD deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: G-Man
    ->Temp folder emptied: 1140158522 bytes
    ->Temporary Internet Files folder emptied: 187662914 bytes
    ->Java cache emptied: 37889606 bytes
    ->FireFox cache emptied: 76703800 bytes
    ->Google Chrome cache emptied: 256111828 bytes
    ->Opera cache emptied: 11287951 bytes
    ->Flash cache emptied: 5368030 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: weoin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 463755 bytes
    ->FireFox cache emptied: 31012026 bytes
    ->Opera cache emptied: 240 bytes
    ->Flash cache emptied: 42231 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2623166 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 112579 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,668.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: G-Man
    ->Java cache emptied: 0 bytes

    User: Public

    User: weoin

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: G-Man
    ->Flash cache emptied: 0 bytes

    User: Public

    User: weoin
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 06132013_211037

    Files\Folders moved on Reboot...
    C:\Users\G-Man\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\G-Man\AppData\Local\Temp\~DF5102AE56534D7DCD.TMP not found!
    C:\Users\G-Man\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.