Solved Help with Win64/Patched.A

My Internet doesn't work. My wifi connects
Click to expand...
I'm not sure if I understand....
Please explain.

Then....

Please download Farbar Service Scanner Download Link and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
 
  • Like
Reactions: G-doctor
Sorry, it's been like that ever since the virus. I get limited connectivity sign. HP connection manager says my mobility center disabled wireless LAN. I am able to access my modem/router via browser, but am not able to access any webpages. I know my Internet works as my iPad connects and so does my iPhone. I will try the Farber service scanner and get back to you soon.
 
FSS.txt

Farbar Service Scanner Version: 31-05-2013 01
Ran by G-Man (administrator) on 07-06-2013 at 19:27:45
Running from "C:\Users\G-Man\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
We have number of registry keys missing there.
Before we attempt to fix them we need to run one more scan.

redtarget.gif
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

redtarget.gif
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
I'm accessing Internet from my laptop :)! Thank you so much!

Here is ComboFix.txt

ComboFix 13-06-07.03 - G-Man 06/07/2013 19:51:10.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.6092.3745 [GMT -7:00]
Running from: c:\users\G-Man\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\FunWebProducts
c:\program files (x86)\StartSearch plugin
c:\program files (x86)\StartSearch plugin\IEhelperActiveX.dll
c:\program files (x86)\StartSearch plugin\startsplg.crx
c:\program files (x86)\StartSearch plugin\uninst.exe
c:\programdata\conotinuetossave
c:\programdata\conotinuetossave\51b00ab37e0f7.tlb
c:\programdata\conotinuetossave\settings.ini
c:\programdata\conotinuetossave\uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\conotinuetossave
c:\programdata\Microsoft\Windows\Start Menu\Programs\conotinuetossave\conotinuetossave.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\conotinuetossave\Uninstall.lnk
c:\users\G-Man\AppData\Local\assembly\tmp
c:\users\G-Man\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6119C698-5400-40C4-AD92-9E1CB193E8DF}.xps
c:\users\G-Man\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E20C8EDA-473C-4F0B-9F6D-86F4901D1F03}.xps
c:\users\G-Man\Documents\~WRL0005.tmp
c:\windows\SysWow64\2f1ee195.exe
c:\windows\SysWow64\WINSKKO.DLL
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2013-05-08 to 2013-06-08 )))))))))))))))))))))))))))))))
.
.
2013-06-08 03:07 . 2013-06-08 03:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-08 03:07 . 2013-06-08 03:07 -------- d-----w- c:\users\weoin\AppData\Local\temp
2013-06-08 01:06 . 2013-06-08 01:45 -------- d-----w- C:\FRST
2013-06-08 00:38 . 2013-06-08 00:38 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-07 23:32 . 2013-06-07 23:32 -------- d-----w- C:\Adolescent Medecine + Allergy &
2013-06-07 22:50 . 2013-06-07 22:50 -------- d-----w- C:\General Pediatrics + Infectious
2013-06-07 04:57 . 2012-07-21 19:55 180736 ----a-w- c:\windows\system32\AC3ACM.acm
2013-06-07 04:57 . 2012-07-21 19:54 122880 ----a-w- c:\windows\SysWow64\AC3ACM.acm
2013-06-07 04:24 . 2013-06-07 04:24 -------- d-----w- c:\program files (x86)\BitrateViewer
2013-06-07 02:56 . 2013-06-07 02:56 -------- d-----w- C:\Infectious Disease 1of2
2013-06-07 02:55 . 2013-06-07 02:55 -------- d-----w- c:\program files (x86)\DVD Decrypter
2013-06-06 19:15 . 2013-06-06 19:15 -------- d-----w- c:\users\G-Man\AppData\Roaming\Malwarebytes
2013-06-06 19:15 . 2013-06-07 07:07 -------- d-----w- c:\programdata\Malwarebytes
2013-06-06 19:15 . 2013-06-06 19:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-06 19:15 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-06 18:13 . 2013-06-06 18:13 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-06 18:11 . 2013-06-06 18:11 -------- d-----w- c:\users\weoin\AppData\Local\Apple Computer
2013-06-06 08:51 . 2013-06-06 08:51 -------- d-----w- c:\users\weoin\AppData\Roaming\Hewlett-Packard
2013-06-06 08:49 . 2013-06-06 08:49 -------- d-----w- c:\users\weoin\AppData\Roaming\DivX
2013-06-06 08:37 . 2013-06-06 08:37 -------- d-----w- c:\users\weoin\AppData\Local\Hewlett-Packard_Developme
2013-06-06 08:36 . 2013-06-06 08:36 -------- d-----w- c:\users\weoin\AppData\Local\ElevatedDiagnostics
2013-06-06 08:29 . 2013-06-06 08:29 -------- d-----w- c:\users\weoin\AppData\Roaming\TuneUp Software
2013-06-06 08:26 . 2013-06-06 08:26 -------- d-----w- c:\users\weoin\AppData\Roaming\Yahoo!
2013-06-06 08:25 . 2013-06-06 08:25 -------- d-----w- c:\users\weoin\AppData\Local\Opera
2013-06-06 08:24 . 2013-06-06 08:24 -------- d-----w- c:\users\weoin\AppData\Local\AVG SafeGuard toolbar
2013-06-06 08:24 . 2013-06-06 08:24 -------- d-----w- c:\users\weoin\AppData\Roaming\ControlCenter4
2013-06-06 06:00 . 2013-06-06 06:01 -------- d-----w- c:\program files (x86)\AoA DVD Ripper
2013-06-06 03:34 . 2013-06-06 03:34 -------- d-----w- C:\AcalaSoft
2013-06-06 03:18 . 2013-06-06 03:18 -------- d-----w- c:\programdata\StarApp
2013-06-06 03:13 . 2013-06-06 03:23 -------- d-----w- c:\program files (x86)\AcalaSoft
2013-06-06 02:50 . 2013-06-06 02:50 -------- d-----w- c:\program files (x86)\Handbrake
2013-06-06 00:53 . 2013-06-06 00:54 -------- d-----w- c:\users\G-Man\AppData\Roaming\ControlCenter4
2013-06-05 23:28 . 2013-06-05 23:28 -------- d-----w- C:\Brother
2013-06-05 23:28 . 2013-06-05 23:28 -------- d-----w- c:\program files (x86)\BrownyScn
2013-06-05 23:28 . 2013-06-05 23:28 -------- d-----w- c:\programdata\ControlCenter4
2013-06-05 23:28 . 2013-06-05 23:28 -------- d-----w- c:\program files (x86)\ControlCenter4
2013-06-05 23:27 . 2009-07-13 22:37 1002728 ----a-w- c:\windows\system32\drivers\WinUSBCoInstaller2.dll
2013-06-05 23:27 . 2009-07-14 05:21 1721576 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01009.dll
2013-06-05 23:27 . 2012-07-31 11:56 95344 ----a-w- c:\windows\system32\drivers\BrSerIb.sys
2013-06-05 23:27 . 2012-06-22 01:59 21872 ----a-w- c:\windows\system32\drivers\BrUsbSib.sys
2013-06-05 23:27 . 2012-06-22 01:59 20592 ----a-w- c:\windows\system32\brciser.dll
2013-06-05 23:27 . 2012-04-16 03:03 1441792 ----a-w- c:\windows\system32\BrWi211d.dll
2013-06-05 23:27 . 2012-04-16 02:04 50688 ----a-w- c:\windows\system32\BrUsi11d.dll
2013-06-05 23:27 . 2012-03-28 05:39 279040 ----a-w- c:\windows\system32\BrJDec.dll
2013-06-05 23:27 . 2012-03-28 05:39 12800 ----a-w- c:\windows\system32\BrCiImg.dll
2013-06-05 23:26 . 2013-06-05 23:27 -------- d-----w- c:\program files (x86)\Brother
2013-06-05 23:25 . 2013-06-05 23:25 -------- d-----w- c:\programdata\Brother
2013-06-05 23:25 . 2013-06-05 23:25 -------- d-----w- c:\users\G-Man\AppData\Roaming\InstallShield
2013-06-05 20:42 . 2013-06-05 22:15 -------- d-----w- c:\users\G-Man\AppData\Roaming\HandBrake
2013-06-03 20:42 . 2013-06-03 20:42 -------- d-----w- c:\program files (x86)\Application Updater
2013-06-03 20:42 . 2013-06-03 20:42 -------- d-----w- c:\program files (x86)\YTD Toolbar
2013-06-03 02:37 . 2013-06-03 02:37 -------- d-----w- c:\users\G-Man\AppData\Local\Opera
2013-06-03 02:37 . 2013-06-03 02:37 -------- d-----w- c:\program files (x86)\Opera
2013-06-01 01:42 . 2013-06-08 03:06 -------- d-----w- c:\users\G-Man\AppData\Local\assembly
2013-05-31 18:26 . 2013-05-31 18:26 -------- d-----w- c:\users\G-Man\AppData\Roaming\Inbit
2013-05-31 18:26 . 2013-05-31 18:26 172032 ----a-w- c:\windows\FS9Unins.exe
2013-05-31 18:26 . 2013-05-31 18:26 -------- d-----w- c:\programdata\Inbit
2013-05-31 18:26 . 2013-05-31 18:26 -------- d-----w- c:\program files\Inbit
2013-05-24 07:19 . 2013-05-24 07:30 -------- d-----w- c:\program files (x86)\MultiPageEditor
2013-05-24 05:39 . 2013-05-24 05:39 -------- d-----w- c:\programdata\A-PDF
2013-05-24 05:39 . 2013-05-24 05:40 -------- d-----w- c:\programdata\flipBook
2013-05-24 05:39 . 2013-05-24 05:39 -------- d-----w- c:\program files (x86)\Flip PDF
2013-05-24 04:35 . 2013-05-24 04:35 -------- d-----w- c:\users\G-Man\AppData\Roaming\Nitro
2013-05-24 04:35 . 2013-05-24 04:35 -------- d-----w- c:\users\G-Man\AppData\Roaming\FileOpen
2013-05-24 04:35 . 2013-05-24 04:35 -------- d-----w- c:\programdata\FileOpen
2013-05-24 04:29 . 2013-05-24 04:29 -------- d-----w- c:\programdata\Nitro
2013-05-24 04:26 . 2013-05-24 04:26 -------- d-----w- c:\users\G-Man\AppData\Roaming\Downloaded Installations
2013-05-24 03:41 . 2013-05-24 03:41 -------- d-----w- c:\program files\ImageMagick-6.8.5-Q16
2013-05-24 02:14 . 2013-05-24 02:14 -------- d-----w- c:\users\G-Man\AppData\Roaming\Foxit Software
2013-05-20 06:01 . 2013-05-20 06:21 -------- d-----w- c:\programdata\AdvancedTiffEditor
2013-05-20 06:00 . 2013-05-20 06:00 -------- d-----w- c:\users\G-Man\AppData\Roaming\AdvancedTiffEditor
2013-05-20 05:53 . 2011-09-08 13:06 155648 ----a-w- c:\windows\agent.exe
2013-05-20 05:52 . 2011-09-08 13:08 46592 ----a-w- c:\windows\SysWow64\grtppm.dll
2013-05-20 05:50 . 2013-05-20 05:53 -------- d-----w- c:\program files (x86)\GraphicRegion TIF Printer
2013-05-20 05:50 . 2013-05-20 05:50 -------- d-----w- c:\program files (x86)\gs
2013-05-20 05:50 . 2013-05-20 05:50 -------- d-----w- c:\program files (x86)\Advanced TIFF Editor
2013-05-17 22:43 . 2013-05-17 22:45 -------- d-----w- C:\Adobe Acrobat XI
2013-05-15 05:39 . 2013-05-15 05:39 -------- d-----w- c:\users\G-Man\AppData\Local\LogMeIn
2013-05-15 05:39 . 2013-03-20 00:32 60776 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
2013-05-15 05:38 . 2013-03-20 00:31 35688 ----a-w- c:\windows\system32\LMIport.dll
2013-05-15 05:38 . 2013-03-20 00:32 88448 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-05-15 05:38 . 2012-11-29 18:56 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2013-05-15 05:38 . 2013-03-20 00:31 84328 ----a-w- c:\windows\system32\LMIinit.dll
2013-05-15 05:38 . 2013-06-06 07:03 -------- d-----w- c:\programdata\LogMeIn
2013-05-15 05:37 . 2013-05-15 05:41 -------- d-----w- c:\program files (x86)\LogMeIn
2013-05-14 20:31 . 2013-05-14 20:31 6128760 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-05-14 20:31 . 2013-05-14 20:31 6128760 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-05-12 16:42 . 2013-06-03 09:34 -------- d-----r- c:\users\G-Man\Dropbox
2013-05-12 16:38 . 2013-06-06 07:51 -------- d-----w- c:\users\G-Man\AppData\Roaming\Dropbox
2013-05-09 03:46 . 2013-05-09 03:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-09 03:46 . 2013-04-04 12:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-29 02:20 . 2013-05-04 01:04 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-05-18 01:26 . 2012-04-06 02:02 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-05-17 23:24 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-17 04:52 . 2012-04-06 02:02 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-05-17 04:52 . 2011-12-05 01:58 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-04-30 10:03 . 2013-04-30 10:03 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-30 10:03 . 2013-04-30 10:03 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-30 10:03 . 2013-04-30 10:03 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 10:03 . 2013-04-30 10:03 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-30 10:03 . 2013-04-30 10:03 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-30 10:03 . 2013-04-30 10:03 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-30 10:03 . 2013-04-30 10:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-30 10:03 . 2013-04-30 10:03 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-30 10:03 . 2013-04-30 10:03 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-30 10:03 . 2013-04-30 10:03 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-30 10:03 . 2013-04-30 10:03 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-30 10:03 . 2013-04-30 10:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-30 10:03 . 2013-04-30 10:03 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-30 10:03 . 2013-04-30 10:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-30 10:03 . 2013-04-30 10:03 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-30 10:03 . 2013-04-30 10:03 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-30 10:03 . 2013-04-30 10:03 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-30 10:03 . 2013-04-30 10:03 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-30 10:03 . 2013-04-30 10:03 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-30 10:03 . 2013-04-30 10:03 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-30 10:03 . 2013-04-30 10:03 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-30 10:03 . 2013-04-30 10:03 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-30 10:03 . 2013-04-30 10:03 441856 ----a-w- c:\windows\system32\html.iec
2013-04-30 10:03 . 2013-04-30 10:03 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-30 10:03 . 2013-04-30 10:03 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-30 10:03 . 2013-04-30 10:03 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-30 10:03 . 2013-04-30 10:03 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-30 10:03 . 2013-04-30 10:03 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-30 10:03 . 2013-04-30 10:03 235008 ----a-w- c:\windows\system32\url.dll
2013-04-30 10:03 . 2013-04-30 10:03 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-30 10:03 . 2013-04-30 10:03 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-30 10:03 . 2013-04-30 10:03 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-30 10:03 . 2013-04-30 10:03 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-30 10:03 . 2013-04-30 10:03 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-30 10:03 . 2013-04-30 10:03 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-30 10:03 . 2013-04-30 10:03 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-30 10:03 . 2013-04-30 10:03 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-30 10:03 . 2013-04-30 10:03 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-30 10:03 . 2013-04-30 10:03 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-30 10:03 . 2013-04-30 10:03 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-30 10:03 . 2013-04-30 10:03 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-30 10:03 . 2013-04-30 10:03 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-30 10:03 . 2013-04-30 10:03 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-30 10:03 . 2013-04-30 10:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-30 10:03 . 2013-04-30 10:03 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-30 10:03 . 2013-04-30 10:03 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-30 10:03 . 2013-04-30 10:03 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 10:03 . 2013-04-30 10:03 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-30 10:03 . 2013-04-30 10:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-20 14:09 . 2013-04-20 14:09 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-12 14:45 . 2013-04-23 19:32 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-01 07:22 . 2012-06-02 19:08 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-01 07:22 . 2011-05-31 04:53 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-19 06:04 . 2013-04-10 07:52 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 07:52 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 07:52 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 07:52 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 07:52 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 07:52 112640 ----a-w- c:\windows\system32\smss.exe
2009-01-13 18:45 . 2011-12-15 21:22 81920 ----a-w- c:\program files (x86)\Common Files\WIZ1x0SR_105SR_CFG.exe
2009-01-13 18:45 . 2011-12-15 21:22 81920 ----a-w- c:\program files\Common Files\WIZ1x0SR_105SR_CFG.exe
2006-12-01 09:54 . 2011-12-15 21:22 626688 ----a-w- c:\program files (x86)\Common Files\MSVCR80.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2FF7C269-7AE2-49C7-86C2-B2F5E26F96C1}]
2013-05-02 08:59 78648 ----a-w- c:\users\G-Man\AppData\Local\getsavin\ie\getsavin_1367485142.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-05-29 02:20 1991344 ----a-w- c:\program files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}]
2013-01-24 18:45 170840 ----a-w- c:\program files\Updater By SweetPacks\Extension32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
2011-01-17 20:54 175912 ----a-w- c:\program files (x86)\Veoh_Web_Player\prxtbVeoh.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2013-04-03 23:06 1310480 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
2013-05-15 19:38 1353536 ----a-w- c:\program files (x86)\YTD Toolbar\IE\7.1\ytdToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2012-08-01 18:13 233288 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-12-09 01:11 194848 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
"{cd90bf73-20f6-44ef-993d-bb920303bd2e}"= "c:\program files (x86)\Veoh_Web_Player\prxtbVeoh.dll" [2011-01-17 175912]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2013-04-03 1310480]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll" [2013-05-29 1991344]
"{F3FEE66E-E034-436a-86E4-9690573BEE8A}"= "c:\program files (x86)\YTD Toolbar\IE\7.1\ytdToolbarIE.dll" [2013-05-15 1353536]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{cd90bf73-20f6-44ef-993d-bb920303bd2e}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{f3fee66e-e034-436a-86e4-9690573bee8a}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-08 23:01 130736 ----a-w- c:\users\G-Man\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-08 23:01 130736 ----a-w- c:\users\G-Man\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-08 23:01 130736 ----a-w- c:\users\G-Man\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-08 23:01 130736 ----a-w- c:\users\G-Man\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 23:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-04-28 94264]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-03-11 1502776]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-03-27 73832]
"ASUS Ai Charger"="c:\program files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe" [2010-05-10 465536]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-05-29 1226928]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2012-09-24 3477640]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-09-11 143360]
"BrScnStsMon00"="c:\program files (x86)\BrownyScn\Brother\BrStMonScn.exe" [2012-09-13 1642496]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
 
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [x]
R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82.sys;c:\windows\SYSNATIVE\Drivers\CSN5PDTS82.sys [x]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20101201.001\IDSVia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20101201.001\IDSVia64.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 CH341SER_A64;CH341SER_A64;c:\windows\system32\Drivers\CH341S64.SYS;c:\windows\SYSNATIVE\Drivers\CH341S64.SYS [x]
R3 hhdspmc64;HHD Software Serial Port Monitoring Control Filter Driver;c:\windows\system32\DRIVERS\hhdspmc64.sys;c:\windows\SYSNATIVE\DRIVERS\hhdspmc64.sys [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 ScannerStatusMonitorService;ScannerStatusMonitorService;c:\program files (x86)\BrownyScn\ScannerStatusMonitorService.exe;c:\program files (x86)\BrownyScn\ScannerStatusMonitorService.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
R4 Agent;Agent;c:\windows\agent.exe;c:\windows\agent.exe [x]
R4 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
R4 CSHelper;CopySafe Helper Service;c:\program files\Common Files\ArtistScope\CSHelper64.exe;c:\program files\Common Files\ArtistScope\CSHelper64.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [x]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
R4 Updater By SweetPacks;Updater By SweetPacks;c:\program files\Updater By SweetPacks\ExtensionUpdaterService.exe;c:\program files\Updater By SweetPacks\ExtensionUpdaterService.exe [x]
R4 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
R4 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
R4 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [x]
R4 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
R4 WysePocketCloud;Wyse PocketCloud;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [x]
R4 WyseRemoteAccess;Wyse Remote Access;c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe;c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [x]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys;c:\windows\SYSNATIVE\Drivers\CSN5PDTS82x64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 EterlogicVirtualSerialDriver;EterlogicVirtualSerialDriver;c:\windows\system32\drivers\VSPE.sys;c:\windows\SYSNATIVE\drivers\VSPE.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys;c:\windows\SYSNATIVE\Drivers\pssdk42.sys [x]
S1 PSSDKLBF;PSSDKLBF;c:\windows\system32\Drivers\pssdklbf.sys;c:\windows\SYSNATIVE\Drivers\pssdklbf.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [x]
S2 AVTHelper;AVTHelper;c:\program files\Avatron\Air Display\AVTHelper.exe;c:\program files\Avatron\Air Display\AVTHelper.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 AirDisplay;Air Display Support;c:\windows\system32\DRIVERS\AVVideoCard.sys;c:\windows\SYSNATIVE\DRIVERS\AVVideoCard.sys [x]
S3 AirDisplayMirror;Air Display Mirror Support;c:\windows\system32\DRIVERS\AVVideoCardMirror.sys;c:\windows\SYSNATIVE\DRIVERS\AVVideoCardMirror.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys;c:\windows\SYSNATIVE\DRIVERS\AVGIDSFilter.Sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\DRIVERS\cbfs3.sys;c:\windows\SYSNATIVE\DRIVERS\cbfs3.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7;c:\windows\system32\DRIVERS\ts_athwx.sys;c:\windows\SYSNATIVE\DRIVERS\ts_athwx.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-02 06:43]
.
2013-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-514776539-1456282578-3287137058-1000Core.job
- c:\users\G-Man\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-02 14:52]
.
2013-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-514776539-1456282578-3287137058-1000UA.job
- c:\users\G-Man\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-02 14:52]
.
2013-05-30 c:\windows\Tasks\HPCeeScheduleForG-Man.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-06-06 c:\windows\Tasks\HPCeeScheduleForweoin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-08 23:01 164016 ----a-w- c:\users\G-Man\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-08 23:01 164016 ----a-w- c:\users\G-Man\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-08 23:01 164016 ----a-w- c:\users\G-Man\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-08 23:01 164016 ----a-w- c:\users\G-Man\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 23:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-05 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-05 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-05 418328]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-01 615584]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-01 379552]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-17 1128448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={E7EE9D66-B307-11E2-96B4-D0DF9A0C39FB}
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={E7EE9D66-B307-11E2-96B4-D0DF9A0C39FB}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118;ftp=127.0.0.1:8118;socks=127.0.0.1:9050
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=CA&userid=ab35b7ff-e51c-41ac-b0cf-88eca99cbbf4&searchtype=ds&q={searchTerms}
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
Trusted Zone: kaptest.com\www
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - error
FF - prefs.js: browser.startup.homepage - error
FF - prefs.js: keyword.URL - error
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 8118
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 8118
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2012-05-03 10:35; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: extentions.y2layers.installId - a2692161-a87d-4093-b3d7-708dd6aa232b
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
------- File Associations -------
.
.txt=bftxtfile
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{C453BC06-C896-B0C0-A6D3-6A9F9056E08D} - c:\programdata\conotinuetossave\51b00ab37e0f7.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-ISW - (no file)
AddRemove-2f1ee195 - c:\windows\system32\2f1ee195.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-StartSearch Toolbar - c:\program files (x86)\StartSearch plugin\uninst.exe
AddRemove-{C1C6816E-CBB3-A748-85F9-A8B47B68985B} - c:\programdata\conotinuetossave\uninstall.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\YourFileDownloader\YourFileUpdater.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-06-07 20:20:50 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-08 03:20
.
Pre-Run: 29,653,053,440 bytes free
Post-Run: 34,805,485,568 bytes free
.
- - End Of File - - 29A46307472732E6EA52462183A79A24
 
Good news :)

redtarget.gif
You have some Norton leftovers.
Please run this tool to remove them: http://www.majorgeeks.com/files/details/norton_removal_tool.html

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Adwcleaner[S1].txt

# AdwCleaner v2.302 - Logfile created 06/07/2013 at 21:31:00
# Updated 06/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : G-Man - G-MAN-HP
# Boot Mode : Normal
# Running from : C:\Users\G-Man\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Application Updater
Stopped & Deleted : WajamUpdater

***** [Files / Folders] *****

Deleted on reboot : C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\extensions\wtxpcom@mybrowserbar.com
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
File Deleted : C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\searchplugins\Startsear.xml
File Deleted : C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\searchplugins\SweetIm.xml
File Deleted : C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\searchplugins\Web Search.xml
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Browsers Protector
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\Coupon Companion Plugin
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Folder Deleted : C:\Program Files (x86)\Software
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files (x86)\uTorrentBar
Folder Deleted : C:\Program Files (x86)\Veoh_Web_Player
Folder Deleted : C:\Program Files (x86)\Wajam
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\Program Files (x86)\yourfiledownloader
Folder Deleted : C:\Program Files\Updater By SweetPacks
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\G-Man\AppData\Local\Conduit
Folder Deleted : C:\Users\G-Man\AppData\Local\getsavin
Folder Deleted : C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Folder Deleted : C:\Users\G-Man\AppData\Local\Wajam
Folder Deleted : C:\Users\G-Man\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\G-Man\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\G-Man\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\G-Man\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\G-Man\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\G-Man\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\G-Man\AppData\LocalLow\Veoh_Web_Player
Folder Deleted : C:\Users\G-Man\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\G-Man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Folder Deleted : C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\extensions\addon@defaulttab.com
Folder Deleted : C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\extensions\staged
Folder Deleted : C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\SweetPacksToolbarData
Folder Deleted : C:\Users\G-Man\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\G-Man\AppData\Roaming\yourfiledownloader
Folder Deleted : C:\Users\weoin\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\weoin\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\weoin\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\weoin\AppData\LocalLow\Veoh_Web_Player
Folder Deleted : C:\Users\weoin\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKCU\Software\AppDataLow\Software\Veoh_Web_Player
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\YourFileDownloader
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000435.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000435.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000435.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0000435.Sandbox.1
Key Deleted : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\Software\Classes\Installer\Products\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2645238
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5FB25830-8CCD-46C5-B066-9FDD966626AC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKLM\Software\Veoh_Web_Player
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5FB25830-8CCD-46C5-B066-9FDD966626AC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A97B89CD-B65C-49DD-AF46-2B772C627456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0FC9433A-5455-4F5C-99B9-CBE3F56CDEE6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70C5FC80-81D7-415E-B27B-229A7801F1B8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85C9A7DB-5664-4CFD-8572-10FF7A037498}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C9853E7D-FA11-4231-847D-51238C63B76A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF4C2485-2959-49C0-8CE4-9EB4066447EC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\startsearch Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Veoh_Web_Player Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={E7EE9D66-B307-11E2-96B4-D0DF9A0C39FB} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=CA&userid=ab35b7ff-e51c-41ac-b0cf-88eca99cbbf4&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=CA&userid=ab35b7ff-e51c-41ac-b0cf-88eca99cbbf4&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=CA&userid=ab35b7ff-e51c-41ac-b0cf-88eca99cbbf4&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=CA&userid=ab35b7ff-e51c-41ac-b0cf-88eca99cbbf4&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={E7EE9D66-B307-11E2-96B4-D0DF9A0C39FB} --> hxxp://www.google.com

-\\ Mozilla Firefox v3.6.15 (en-US)

File : C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\prefs.js

C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://start.sweetpacks.com/?src=97&barid={E7EE9D66-B307-11E2-96B4-[...]
Deleted : user_pref("browser.search.defaultengine", "Web Search");
Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "Buzzdock,Buzzdock,");
Deleted : user_pref("extentions.y2layers.installId", "a2692161-a87d-4093-b3d7-708dd6aa232b");
Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Deleted : user_pref("sweetim.toolbar.SearchBoxLogo", "bing.png");
Deleted : user_pref("sweetim.toolbar.SearchBoxText", "Search with Bing");
Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");
Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Deleted : user_pref("sweetim.toolbar.cargo", "3.5000006.10045");
Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Deleted : user_pref("sweetim.toolbar.defaultProvider", "bng");
Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.newtab.created", "true");
Deleted : user_pref("sweetim.toolbar.newtab.enable", "true");
Deleted : user_pref("sweetim.toolbar.newtab.url", "hxxp://start.sweetpacks.com/?src=97&barid=$toolbar_id;&crg=[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:blank");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "error");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "error");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "error");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "error");
Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]
Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "true");
Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");
Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{E7EE9D66-B307-11E2-96B4-D0DF9A0C39FB}");
Deleted : user_pref("sweetim.toolbar.urls.afteruninstall", "hxxp://toolbar.sweetpacks.com/uninstallbar.asp?bar[...]
Deleted : user_pref("sweetim.toolbar.urls.contactus", "hxxp://www.perion.com/contact-us");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]
Deleted : user_pref("sweetim.toolbar.urls.privacy", "hxxp://www.perion.com/privacy-policy");
Deleted : user_pref("sweetim.toolbar.urls.searchpage", "hxxp://start.sweetpacks.com/?barid=$toolbar_id;");
Deleted : user_pref("sweetim.toolbar.urls.uninstall", "hxxp://toolbar.sweetpacks.com/uninstall");
Deleted : user_pref("sweetim.toolbar.version", "1.13.0.1");
Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks")[...]

File : C:\Users\weoin\AppData\Roaming\Mozilla\Firefox\Profiles\64yjsicz.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.110

File : C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.15.1748.0

File : C:\Users\G-Man\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Users\weoin\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [35329 octets] - [07/06/2013 21:31:00]

########## EOF - C:\AdwCleaner[S1].txt - [35390 octets] ##########

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by G-Man on Fri 06/07/2013 at 21:36:23.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] updater by sweetpacks
Successfully deleted: [Service] updater by sweetpacks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{22222222-2222-2222-2222-220022042235}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{33333333-3333-3333-3333-330033043335}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\wow6432node\clsid\{22222222-2222-2222-2222-220022042235}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\wow6432node\clsid\{33333333-3333-3333-3333-330033043335}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6C3E0D76-5B2A-4B60-97C9-689F07D839CE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E4CA3E78-EF2A-4D75-8457-2B4C4B78A115}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6C3E0D76-5B2A-4B60-97C9-689F07D839CE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E4CA3E78-EF2A-4D75-8457-2B4C4B78A115}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\G-Man\AppData\Roaming\software informer"
Successfully deleted: [Folder] "C:\Users\G-Man\appdata\local\premiumplay codec-c"
Successfully deleted: [Folder] "C:\Program Files (x86)\premiumplay codec-c"
Successfully deleted: [Folder] "C:\Program Files (x86)\ytd toolbar"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Empty Folder] C:\Users\G-Man\appdata\local\{0B809B12-9038-46E3-A08F-5923E09D607B}
Successfully deleted: [Empty Folder] C:\Users\G-Man\appdata\local\{5991F4ED-655B-4E9A-8BAD-14D61294A8B0}
Successfully deleted: [Empty Folder] C:\Users\G-Man\appdata\local\{5D9516D5-8C3A-4762-BA7B-0083A056ED35}
Successfully deleted: [Empty Folder] C:\Users\G-Man\appdata\local\{7FB23736-5CCC-43A7-8BC9-3FADF0090DC9}
Successfully deleted: [Empty Folder] C:\Users\G-Man\appdata\local\{9C7758D0-5ACC-47D6-8EEC-D43692F79C99}
Successfully deleted: [Empty Folder] C:\Users\G-Man\appdata\local\{A67DF0FE-B76D-4789-A52A-E75407365354}
Successfully deleted: [Empty Folder] C:\Users\G-Man\appdata\local\{ED36F0E6-CF0B-45B8-B8F8-887B4715C9BB}



~~~ FireFox

Successfully deleted: [Folder] C:\Users\G-Man\AppData\Roaming\mozilla\firefox\profiles\gjn7ymqu.default\extensions\getsavin@jetpack
Failed to delete: [Folder] C:\Users\G-Man\AppData\Roaming\mozilla\firefox\profiles\gjn7ymqu.default\extensions\wtxpcom@mybrowserbar.com
Failed to delete: [Folder] C:\Users\G-Man\AppData\Roaming\mozilla\firefox\profiles\gjn7ymqu.default\extensions\ytd@mybrowserbar.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Successfully deleted the following from C:\Users\G-Man\AppData\Roaming\mozilla\firefox\profiles\gjn7ymqu.default\prefs.js

user_pref("extensions.crossrider.bic", "137ae571da9798ea6ce85769224f9c07");
user_pref("extensions.defaulttab.active.affiliate", 2401);
user_pref("extensions.defaulttab.active.overridechromesearch", false);
user_pref("extensions.defaulttab.active.overridekeywordsearch", false);
user_pref("extensions.defaulttab.browserID", "ffffa41fcb4d84bf121dcf754ced3484");
user_pref("extensions.defaulttab.firstrun", false);
user_pref("extensions.defaulttab.installedVersion", "1.4.4");



~~~ Chrome

Dumping contents of C:\Users\G-Man\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\G-Man\appdata\local\Google\Chrome\User Data\Default\Default\aandjjnanknkgpdnilkdobijomlmhbbk
C:\Users\G-Man\appdata\local\Google\Chrome\User Data\Default\Default\aandjjnanknkgpdnilkdobijomlmhbbk\background.html
C:\Users\G-Man\appdata\local\Google\Chrome\User Data\Default\Default\aandjjnanknkgpdnilkdobijomlmhbbk\ContentScript.js
C:\Users\G-Man\appdata\local\Google\Chrome\User Data\Default\Default\aandjjnanknkgpdnilkdobijomlmhbbk\manifest.json

Successfully deleted: [Folder] C:\Users\G-Man\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bildoibdboopgomcbiplincneeicgipj



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/07/2013 at 21:44:32.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
OTL.txt



OTL logfile created on: 6/7/2013 9:45:39 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\G-Man\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16540)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



5.95 Gb Total Physical Memory | 3.97 Gb Available Physical Memory | 66.75% Memory free

11.90 Gb Paging File | 9.79 Gb Available in Paging File | 82.33% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 556.30 Gb Total Space | 32.73 Gb Free Space | 5.88% Space Free | Partition Type: NTFS

Drive D: | 22.87 Gb Total Space | 2.42 Gb Free Space | 10.60% Space Free | Partition Type: NTFS

Drive E: | 6.69 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF



Computer Name: G-MAN-HP | User Name: G-Man | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days



========== Processes (SafeList) ==========



PRC - [2013/06/07 21:13:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\G-Man\Downloads\OTL.exe

PRC - [2012/12/06 12:14:42 | 000,056,416 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

PRC - [2012/11/01 00:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe

PRC - [2012/11/01 00:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe

PRC - [2012/09/23 20:43:48 | 003,477,640 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe

PRC - [2012/09/13 16:26:58 | 001,642,496 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\BrownyScn\Brother\BrStMonScn.exe

PRC - [2012/09/11 15:59:20 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\BrownyScn\ScannerStatusMonitorService.exe

PRC - [2012/09/11 12:06:06 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

PRC - [2012/09/11 12:00:50 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

PRC - [2012/08/01 01:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe

PRC - [2011/04/27 17:01:14 | 001,102,904 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011/03/22 11:42:40 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

PRC - [2011/03/11 11:28:38 | 001,502,776 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

PRC - [2011/03/01 15:44:50 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

PRC - [2011/02/10 04:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

PRC - [2011/02/08 02:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

PRC - [2011/01/27 12:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

PRC - [2011/01/12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2011/01/12 19:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/12/22 13:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2010/12/22 13:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

PRC - [2010/05/10 09:04:16 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe

PRC - [2010/04/23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe

PRC - [2010/04/23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe

PRC - [2010/04/23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe





========== Modules (No Company Name) ==========



MOD - [2013/02/13 05:41:01 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll

MOD - [2013/01/10 05:48:27 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll

MOD - [2013/01/10 05:48:27 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll

MOD - [2013/01/10 05:45:33 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll

MOD - [2013/01/10 05:44:49 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll

MOD - [2013/01/10 05:44:32 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll

MOD - [2013/01/10 05:44:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll

MOD - [2013/01/10 05:44:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll

MOD - [2013/01/10 05:44:19 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll

MOD - [2013/01/10 05:44:13 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll

MOD - [2011/11/01 12:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/01 12:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/02/10 04:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll





========== Services (SafeList) ==========



SRV:64bit: - [2013/06/05 23:05:36 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2012/11/22 07:35:22 | 000,828,072 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)

SRV:64bit: - [2012/06/02 12:14:52 | 000,479,736 | ---- | M] (ArtistScope Pty Ltd) [Disabled | Stopped] -- C:\Program Files\Common Files\ArtistScope\CSHelper64.exe -- (CSHelper)

SRV:64bit: - [2012/05/03 09:33:54 | 000,207,872 | ---- | M] (Avatron Software) [Auto | Running] -- C:\Program Files\Avatron\Air Display\AVTHelper.exe -- (AVTHelper)

SRV:64bit: - [2011/03/17 04:14:56 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/08/12 16:24:30 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)

SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)

SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2013/05/13 04:56:02 | 002,245,232 | ---- | M] (Giraffic) [Disabled | Stopped] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)

SRV - [2013/04/23 00:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)

SRV - [2013/03/27 14:02:42 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)

SRV - [2013/03/19 17:31:52 | 000,148,328 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)

SRV - [2013/03/19 17:31:48 | 000,376,168 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)

SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013/01/30 20:25:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2012/12/12 23:43:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/11/29 11:56:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)

SRV - [2012/11/05 15:02:52 | 001,436,160 | ---- | M] (Wyse Technology.) [Disabled | Stopped] -- C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe -- (WyseRemoteAccess)

SRV - [2012/11/05 15:01:14 | 000,191,488 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe -- (WysePocketCloud)

SRV - [2012/11/01 00:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2012/11/01 00:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)

SRV - [2012/10/31 23:57:50 | 013,234,176 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)

SRV - [2012/10/31 22:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)

SRV - [2012/10/11 15:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)

SRV - [2012/09/23 20:43:36 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/09/11 15:59:20 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\BrownyScn\ScannerStatusMonitorService.exe -- (ScannerStatusMonitorService)

SRV - [2012/08/02 18:20:24 | 000,078,072 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)

SRV - [2012/08/02 18:16:04 | 000,408,944 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\HssSrv.exe -- (HssSrv)

SRV - [2012/06/02 12:17:26 | 000,129,976 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/01/31 12:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/09/08 06:06:14 | 000,155,648 | ---- | M] () [Disabled | Stopped] -- C:\Windows\agent.exe -- (Agent)

SRV - [2011/08/29 19:44:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)

SRV - [2011/04/27 17:01:14 | 001,102,904 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)

SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/03/01 15:44:50 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)

SRV - [2011/03/01 15:43:52 | 000,076,448 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)

SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2011/02/08 02:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2011/01/12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010/12/22 13:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/12/22 13:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2010/10/22 10:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/09/30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)

SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)

SRV - [2010/03/18 10:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)





========== Driver Services (SafeList) ==========



DRV:64bit: - [2013/05/28 19:20:53 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)

DRV:64bit: - [2013/03/19 17:32:04 | 000,088,448 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV:64bit: - [2013/01/30 20:27:20 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/12/13 09:49:42 | 000,450,136 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)

DRV:64bit: - [2012/11/29 11:56:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV:64bit: - [2012/11/29 11:56:30 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)

DRV:64bit: - [2012/11/22 07:35:36 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)

DRV:64bit: - [2012/11/14 18:38:20 | 000,040,712 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)

DRV:64bit: - [2012/11/11 17:47:46 | 000,312,160 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2012/11/01 00:34:54 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)

DRV:64bit: - [2012/11/01 00:34:32 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2012/11/01 00:34:10 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)

DRV:64bit: - [2012/11/01 00:34:08 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2012/10/24 12:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)

DRV:64bit: - [2012/10/24 12:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)

DRV:64bit: - [2012/10/11 15:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)

DRV:64bit: - [2012/10/11 15:15:06 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)

DRV:64bit: - [2012/08/21 10:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/08/01 11:13:42 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)

DRV:64bit: - [2012/08/01 11:13:40 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)

DRV:64bit: - [2012/07/31 04:56:58 | 000,095,344 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)

DRV:64bit: - [2012/06/21 18:59:36 | 000,021,872 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)

DRV:64bit: - [2012/06/13 00:50:10 | 000,084,992 | ---- | M] (Vyacheslav Frolov) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\com0com.sys -- (com0com)

DRV:64bit: - [2012/06/02 12:14:52 | 000,048,632 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Common Files\ArtistScope\CSDriver64.sys -- (CSDriver)

DRV:64bit: - [2012/05/03 09:33:28 | 000,015,768 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVVideoCardMirror.sys -- (AirDisplayMirror)

DRV:64bit: - [2012/05/03 09:33:28 | 000,015,768 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVVideoCard.sys -- (AirDisplay)

DRV:64bit: - [2012/04/09 16:27:34 | 000,352,144 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/01/17 22:20:18 | 000,065,600 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pssdklbf.sys -- (PSSDKLBF)

DRV:64bit: - [2012/01/17 22:20:18 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pssdk42.sys -- (PSSDK42)

DRV:64bit: - [2011/12/15 10:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)

DRV:64bit: - [2011/11/12 09:00:25 | 000,040,928 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VSPE.sys -- (EterlogicVirtualSerialDriver)

DRV:64bit: - [2011/11/04 21:00:00 | 000,058,368 | ---- | M] (www.winchiphead.com) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CH341S64.SYS -- (CH341SER_A64)

DRV:64bit: - [2011/09/05 07:56:38 | 002,156,872 | ---- | M] (TamoSoft) [CommView] Atheros AR5008 Wireless Network Adapter Service 7.7 [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ts_athwx.sys -- (TS_AR5416)

DRV:64bit: - [2011/05/27 16:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV:64bit: - [2011/04/21 20:17:10 | 002,727,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2011/04/04 21:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2011/03/23 11:20:58 | 000,077,936 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2011/03/17 04:14:56 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2011/03/16 13:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/01 15:44:08 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)

DRV:64bit: - [2011/03/01 15:44:06 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)

DRV:64bit: - [2011/03/01 15:44:06 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)

DRV:64bit: - [2011/03/01 15:44:06 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)

DRV:64bit: - [2011/03/01 15:44:06 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)

DRV:64bit: - [2011/03/01 15:44:06 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)

DRV:64bit: - [2011/03/01 15:44:06 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)

DRV:64bit: - [2011/03/01 11:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2011/02/22 05:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)

DRV:64bit: - [2011/02/10 04:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV:64bit: - [2011/01/31 17:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)

DRV:64bit: - [2011/01/27 09:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/01/13 20:46:18 | 001,412,144 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011/01/12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/10/15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010/10/13 04:10:22 | 000,039,472 | ---- | M] (HHD Software Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hhdspmc64.sys -- (hhdspmc64)

DRV:64bit: - [2010/08/12 16:24:30 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2010/08/12 16:24:30 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2010/06/25 10:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)

DRV:64bit: - [2010/05/20 12:13:28 | 000,034,840 | ---- | M] (Colasoft Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSN5PDTS82x64.sys -- (CSN5PDTS82x64)

DRV:64bit: - [2010/05/05 13:38:26 | 000,014,592 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)

DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008/05/06 05:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV - [2012/11/29 11:56:52 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)

DRV - [2011/12/09 16:07:15 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\giveio.sys -- (giveio)

DRV - [2010/01/29 08:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2004/03/23 19:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\nsndis5.sys -- (NSNDIS5)

DRV - [2003/04/04 12:07:20 | 000,030,336 | ---- | M] (Politecnico di Torino) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf.sys -- (NPF)





========== Standard Registry (SafeList) ==========





========== Internet Explorer ==========



IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{6C3E0D76-5B2A-4B60-97C9-689F07D839CE}: "URL" = http://www.amazon.ca/s/ref=azs_osd_...ode=qs&index=aps&field-keywords={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox





IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =



IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =



IE - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com

IE - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\..\SearchScopes\{996754E5-D47D-4F52-9D54-84DFFFAE3FE1}: "URL" = http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}

IE - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\..\SearchScopes\{D5F3D94D-79C3-4D64-A5C1-B9BB4ADE90F9}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}

IE - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118;ftp=127.0.0.1:8118;socks=127.0.0.1:9050
 
========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "error"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "error"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "error"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "error"
FF - prefs.js..extensions.enabledAddons: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.8
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.17
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1423
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.9.0.12585
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:6.6
FF - prefs.js..extensions.enabledItems: ytd@mybrowserbar.com:7.0
FF - prefs.js..extensions.enabledItems: {4062fe39-31cf-474a-fe32-012dbaf91dc8}:4.6.8.5
FF - prefs.js..extensions.enabledItems: addon@defaulttab.com:1.4.4
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.13.0.1
FF - prefs.js..extensions.enabledItems: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}:2.0.0.566
FF - prefs.js..extensions.enabledItems: avg@toolbar:15.0.1.2
FF - prefs.js..keyword.URL: "error"
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 8118
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope Plugin: C:\Program Files (x86)\Common Files\ArtistScope\npArtistScope.dll (ArtistScope Pty Ltd)
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope Plugin: C:\Program Files (x86)\Common Files\ArtistScope\npArtistScope.dll (ArtistScope Pty Ltd)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\G-Man\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\G-Man\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\G-Man\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\G-Man\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\G-Man\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2013/05/25 00:13:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013/05/25 00:13:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2013/04/09 09:49:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/14 07:07:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/03 10:35:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013/05/17 16:07:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\uiqw4-2cfk@dxcqiw-ixnbnqyn.net: C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\extensions\uiqw4-2cfk@dxcqiw-ixnbnqyn.net [2013/06/05 20:19:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/14 20:58:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/07 21:31:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/03 10:35:43 | 000,000,000 | ---D | M]

[2012/06/03 08:19:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\G-Man\AppData\Roaming\Mozilla\Extensions
[2013/06/07 21:43:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\extensions
[2012/01/15 22:56:43 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2012/05/27 08:38:14 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\extensions\firefox@tvunetworks.com
[2013/06/05 20:19:49 | 000,000,000 | ---D | M] (conotinuetossave) -- C:\Users\G-Man\AppData\Roaming\Mozilla\Firefox\Profiles\gjn7ymqu.default\extensions\uiqw4-2cfk@dxcqiw-ixnbnqyn.net
[2013/06/07 21:31:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/28 06:11:07 | 000,000,000 | ---D | M] (z) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{4062fe39-31cf-474a-fe32-012dbaf91dc8}
[2013/05/24 22:57:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/05/01 03:21:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/24 22:57:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/09 09:49:30 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
File not found (No name found) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2012/02/14 07:07:58 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/05/03 10:35:43 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\AFURLADVISOR@ANCHORFREE.COM
[2012/09/12 06:05:40 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\PROGRAM FILES (X86)\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER
File not found (No name found) -- C:\PROGRAM FILES (X86)\YTD TOOLBAR\FF
File not found (No name found) -- C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
[2013/05/03 18:04:36 | 000,000,000 | ---D | M] (AVG SafeGuard toolbar) -- C:\PROGRAMDATA\AVG SAFEGUARD TOOLBAR\FIREFOXEXT\15.0.1.2
File not found (No name found) -- C:\USERS\G-MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GJN7YMQU.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}
File not found (No name found) -- C:\USERS\G-MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GJN7YMQU.DEFAULT\EXTENSIONS\ADDON@DEFAULTTAB.COM
[2009/01/15 10:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScope42.dll
[2011/07/27 23:00:19 | 000,532,480 | ---- | M] (ArtistScope Pty Ltd) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScope5.dll
[2009/02/01 22:06:56 | 000,211,456 | ---- | M] (ArtistScope) -- C:\Program Files (x86)\mozilla firefox\plugins\npArtistScopeDRM11.dll
[2013/05/28 19:21:25 | 000,003,723 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = https://www.google.com/#output=search&sclient=psy-ab&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://google.com/
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\G-Man\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\G-Man\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\G-Man\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: HP Product Detection Plugin for Mozilla (Disabled) = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npProductDetectPlugin.dll
CHR - plugin: HP Active Check Plugin (Disabled) = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\plugins/npAclmPlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: ArtistScope plugin 42 (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll
CHR - plugin: ArtistScope Plugin 5 (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope5.dll
CHR - plugin: ArtistScope DRM plugin 1 (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: StartSearch Video plug-in (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Orbit Downloader (Disabled) = C:\Users\G-Man\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: Google Talk Plugin (Disabled) = C:\Users\G-Man\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Disabled) = C:\Users\G-Man\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Disabled) = C:\Users\G-Man\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: ArtistScope Plugin (Disabled) = C:\Program Files (x86)\Common Files\ArtistScope\npArtistScope.dll
CHR - plugin: DivX VOD Helper Plug-in (Disabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: npFFApi (Disabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
CHR - plugin: Google Update (Disabled) = C:\Users\G-Man\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: TVU Web Player for FireFox (Disabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: HP Product Detection Plugin = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.26.1_0\
CHR - Extension: YouTube = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Adobe Acrobat - Create PDF = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0\
CHR - Extension: AdBlock = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: Skype Click to Call = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: HP Product Detection Plugin = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: HP Product Detection Plugin = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.26.1_0\
CHR - Extension: YouTube = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Adobe Acrobat - Create PDF = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.0.379_0\
CHR - Extension: AdBlock = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: Skype Click to Call = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: HP Product Detection Plugin = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.15.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\G-Man\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/06/07 20:10:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (GetSavin 5.0) - {2FF7C269-7AE2-49C7-86C2-B2F5E26F96C1} - C:\Users\G-Man\AppData\Local\getsavin\ie\getsavin_1367485142.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (conotinuetossave) - {C453BC06-C896-B0C0-A6D3-6A9F9056E08D} - C:\ProgramData\conotinuetossave\51b00ab37e0f7.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ISW] File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrScnStsMon00] C:\Program Files (x86)\BrownyScn\Brother\BrStMonScn.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\..Trusted Domains: kaptest.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\..Trusted Domains: kaptest.com ([www] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{885E906B-000A-4675-88FD-B592424B15F1}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA411C95-7845-4644-8623-EEC9B9622A9F}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========

[2013/06/07 21:36:18 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/06/07 21:36:01 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/07 21:13:55 | 000,000,000 | ---D | C] -- C:\HP_TOOLS_mountHPSF
[2013/06/07 20:11:08 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/06/07 19:48:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/06/07 19:48:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/06/07 19:48:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/06/07 19:47:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/07 19:47:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/06/07 19:43:58 | 005,078,746 | R--- | C] (Swearware) -- C:\Users\G-Man\Desktop\ComboFix.exe
[2013/06/07 18:06:59 | 000,000,000 | ---D | C] -- C:\FRST
[2013/06/07 17:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/06/07 17:23:10 | 000,000,000 | ---D | C] -- C:\Users\G-Man\Desktop\RK_Quarantine
[2013/06/07 16:32:31 | 000,000,000 | ---D | C] -- C:\Adolescent Medecine + Allergy &
[2013/06/07 15:50:47 | 000,000,000 | ---D | C] -- C:\General Pediatrics + Infectious
[2013/06/06 21:57:40 | 000,180,736 | ---- | C] (fccHandler) -- C:\Windows\SysNative\AC3ACM.acm
[2013/06/06 21:57:40 | 000,122,880 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\AC3ACM.acm
[2013/06/06 21:24:29 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitrate Viewer
[2013/06/06 21:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitrateViewer
[2013/06/06 19:56:44 | 000,000,000 | ---D | C] -- C:\Infectious Disease 1of2
[2013/06/06 19:55:45 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVD Decrypter
[2013/06/06 19:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Decrypter
[2013/06/06 19:55:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Decrypter
[2013/06/06 12:15:21 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\Malwarebytes
[2013/06/06 12:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/06 12:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/06 12:15:07 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/06/06 12:15:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/06/06 11:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/06/05 23:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AoA DVD Ripper
[2013/06/05 23:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AoA DVD Ripper
[2013/06/05 20:34:02 | 000,000,000 | ---D | C] -- C:\AcalaSoft
[2013/06/05 20:23:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcalaSoft
[2013/06/05 20:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp
[2013/06/05 20:13:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AcalaSoft
[2013/06/05 19:50:43 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013/06/05 19:50:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Handbrake
[2013/06/05 17:53:44 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\ControlCenter4
[2013/06/05 16:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2013/06/05 16:28:28 | 000,000,000 | ---D | C] -- C:\Brother
[2013/06/05 16:28:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrownyScn
[2013/06/05 16:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\ControlCenter4
[2013/06/05 16:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ControlCenter4
[2013/06/05 16:27:00 | 001,441,792 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWi211d.dll
[2013/06/05 16:27:00 | 000,279,040 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrJDec.dll
[2013/06/05 16:27:00 | 000,095,344 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\BrSerIb.sys
[2013/06/05 16:27:00 | 000,050,688 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrUsi11d.dll
[2013/06/05 16:27:00 | 000,021,872 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\BrUsbSib.sys
[2013/06/05 16:27:00 | 000,020,592 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\brciser.dll
[2013/06/05 16:27:00 | 000,012,800 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\BrCiImg.dll
[2013/06/05 16:26:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2013/06/05 16:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2013/06/05 16:25:28 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\InstallShield
[2013/06/05 13:43:59 | 000,000,000 | ---D | C] -- C:\Users\G-Man\Documents\Medstudy Pediatrics
[2013/06/05 13:42:08 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\HandBrake
[2013/06/05 13:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013/06/02 19:37:54 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Local\Opera
[2013/06/02 19:37:53 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\Opera
[2013/06/02 19:37:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2013/05/31 18:43:22 | 000,000,000 | ---D | C] -- C:\Users\G-Man\Documents\Snagit
[2013/05/31 18:42:54 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Local\assembly
[2013/05/31 11:26:56 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\Inbit
[2013/05/31 11:26:47 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FullShot 9
[2013/05/31 11:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FullShot 9
[2013/05/31 11:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Inbit
[2013/05/31 11:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Inbit
[2013/05/24 00:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multi-Page TIFF Editor v.2.7
[2013/05/24 00:19:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\TIFF_stamps
[2013/05/24 00:19:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multi-Page TIFF Editor v.2.4
[2013/05/24 00:19:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\TIFF_files
[2013/05/24 00:19:09 | 000,000,000 | ---D | C] -- C:\Users\G-Man\Documents\TIFF_Editor_Output
[2013/05/24 00:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MultiPageEditor
[2013/05/23 22:40:33 | 000,000,000 | ---D | C] -- C:\Users\G-Man\Documents\Flip PDF
[2013/05/23 22:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\A-PDF
[2013/05/23 22:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flip PDF
[2013/05/23 22:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\flipBook
[2013/05/23 22:39:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flip PDF
[2013/05/23 21:35:31 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\Nitro
[2013/05/23 21:35:31 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\FileOpen
[2013/05/23 21:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
[2013/05/23 21:29:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro
[2013/05/23 21:26:17 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\Downloaded Installations
[2013/05/23 20:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.8.5 Q16 (64-bit)
[2013/05/23 20:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\ImageMagick-6.8.5-Q16
[2013/05/23 19:14:08 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\Foxit Software
[2013/05/19 23:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AdvancedTiffEditor
[2013/05/19 23:00:57 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\AdvancedTiffEditor
[2013/05/19 22:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GraphicRegion TIF Printer
[2013/05/19 22:50:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GraphicRegion TIF Printer
[2013/05/19 22:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript
[2013/05/19 22:50:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gs
[2013/05/19 22:50:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced TIFF Editor
[2013/05/19 22:50:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced TIFF Editor
[2013/05/17 15:43:24 | 000,000,000 | ---D | C] -- C:\Adobe Acrobat XI
[2013/05/14 22:39:21 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Local\LogMeIn
[2013/05/14 22:38:59 | 000,035,688 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2013/05/14 22:38:58 | 000,088,448 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2013/05/14 22:38:57 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys
[2013/05/14 22:38:51 | 000,084,328 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2013/05/14 22:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2013/05/14 22:37:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn
[2013/05/12 09:42:07 | 000,000,000 | R--D | C] -- C:\Users\G-Man\Dropbox
[2013/05/12 09:40:52 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013/05/12 09:38:02 | 000,000,000 | ---D | C] -- C:\Users\G-Man\AppData\Roaming\Dropbox
[2011/12/15 14:22:36 | 000,081,920 | ---- | C] (WIZnet Corp.) -- C:\Program Files (x86)\Common Files\WIZ1x0SR_105SR_CFG.exe
[2011/12/15 14:22:35 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\MSVCR80.dll
[2011/12/15 14:22:35 | 000,081,920 | ---- | C] (WIZnet Corp.) -- C:\Program Files\Common Files\WIZ1x0SR_105SR_CFG.exe
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/07 21:40:59 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/07 21:40:59 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/07 21:33:29 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013/06/07 21:32:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/07 21:32:24 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/07 21:31:31 | 000,000,176 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/06/07 21:16:13 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-514776539-1456282578-3287137058-1000UA.job
[2013/06/07 21:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/07 20:10:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/07 19:44:07 | 005,078,746 | R--- | M] (Swearware) -- C:\Users\G-Man\Desktop\ComboFix.exe
[2013/06/07 19:02:39 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2013/06/07 16:12:35 | 077,474,627 | ---- | M] () -- C:\Users\G-Man\Documents\Medstudy 2013 Video Board Review of Pediatrics.pdf
[2013/06/07 04:16:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-514776539-1456282578-3287137058-1000Core.job
[2013/06/07 00:00:20 | 007,276,239 | ---- | M] () -- C:\Users\G-Man\Documents\7.pdf
[2013/06/06 11:30:36 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForweoin.job
[2013/06/06 11:25:17 | 000,782,956 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/06 11:25:17 | 000,667,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/06 11:25:17 | 000,126,732 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/05 23:01:14 | 000,000,000 | ---- | M] () -- C:\Windows\AoADVDRipper.INI
[2013/06/05 17:40:41 | 122,197,846 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013/06/03 21:35:24 | 001,472,007 | ---- | M] () -- C:\Users\G-Man\Documents\Pediatrics shelf.pdf
[2013/06/02 23:57:24 | 118,147,072 | ---- | M] () -- C:\Users\G-Man\Documents\Pediatrics5.avi
[2013/06/02 23:55:15 | 171,366,400 | ---- | M] () -- C:\Users\G-Man\Documents\Pediatrics4.avi
[2013/06/02 23:48:26 | 159,426,560 | ---- | M] () -- C:\Users\G-Man\Documents\Pediatrics3.avi
[2013/06/02 23:39:41 | 107,358,208 | ---- | M] () -- C:\Users\G-Man\Documents\Pediatrics2.avi
[2013/06/02 23:34:19 | 141,242,368 | ---- | M] () -- C:\Users\G-Man\Documents\Pediatrics1.avi
[2013/06/02 23:32:39 | 123,844,608 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics14.avi
[2013/06/02 23:30:26 | 088,494,080 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics13.avi
[2013/06/02 23:28:19 | 144,107,520 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics1.avi
[2013/06/02 23:26:30 | 178,618,368 | ---- | M] () -- C:\Users\G-Man\Documents\Dermatology2.avi
[2013/06/02 23:20:34 | 025,811,439 | ---- | M] () -- C:\Users\G-Man\Documents\IMQA2.pdf
[2013/06/02 21:44:20 | 025,255,986 | ---- | M] () -- C:\Users\G-Man\Documents\IMQA1.pdf
[2013/06/02 21:26:06 | 015,895,797 | ---- | M] () -- C:\Users\G-Man\Documents\IMA1.pdf
[2013/06/02 21:24:01 | 010,076,091 | ---- | M] () -- C:\Users\G-Man\Documents\IMQ1.pdf
[2013/06/02 17:05:50 | 134,424,576 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics12.avi
[2013/06/02 17:03:44 | 131,995,648 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics11.avi
[2013/06/02 16:59:16 | 197,730,304 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics10.avi
[2013/06/02 16:50:11 | 139,982,848 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics9.avi
[2013/06/02 16:39:34 | 193,695,744 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics8.avi
[2013/06/02 16:37:37 | 167,692,288 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics7.avi
[2013/06/02 16:35:16 | 184,424,448 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics6.avi
[2013/06/02 16:32:04 | 115,236,864 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics5.avi
[2013/06/02 15:36:16 | 000,009,216 | ---- | M] () -- C:\Users\G-Man\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/01 21:22:47 | 110,297,088 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics4.avi
[2013/06/01 21:21:25 | 213,127,168 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics3.avi
[2013/06/01 21:19:34 | 197,054,464 | ---- | M] () -- C:\Users\G-Man\Documents\Obstretics2.avi
[2013/06/01 21:17:53 | 197,595,136 | ---- | M] () -- C:\Users\G-Man\Documents\Gynecology9.avi
[2013/06/01 21:15:43 | 256,935,936 | ---- | M] () -- C:\Users\G-Man\Documents\Gynecology8.avi
[2013/06/01 21:12:56 | 097,089,536 | ---- | M] () -- C:\Users\G-Man\Documents\Gynecology7.avi
[2013/06/01 21:11:44 | 099,547,136 | ---- | M] () -- C:\Users\G-Man\Documents\Gynecology6.avi
[2013/06/01 21:09:53 | 135,491,584 | ---- | M] () -- C:\Users\G-Man\Documents\Dermatology3.avi
[2013/06/01 21:04:41 | 199,809,024 | ---- | M] () -- C:\Users\G-Man\Documents\Gynecology11.avi
[2013/06/01 21:02:47 | 115,986,432 | ---- | M] () -- C:\Users\G-Man\Documents\Gynecology10.avi
[2013/06/01 20:59:27 | 112,611,328 | ---- | M] () -- C:\Users\G-Man\Documents\Gynecology5.avi
[2013/06/01 20:57:37 | 111,798,272 | ---- | M] () -- C:\Users\G-Man\Documents\Gynecology4.avi
[2013/06/01 20:55:43 | 231,178,240 | ---- | M] () -- C:\Users\G-Man\Documents\Gynecology3.avi
[2013/06/01 20:53:37 | 112,418,816 | ---- | M] () -- C:\Users\G-Man\Documents\Gynecology2.avi
[2013/06/01 20:52:00 | 129,560,576 | ---- | M] () -- C:\Users\G-Man\Documents\Gynecology1.avi
[2013/06/01 20:50:33 | 136,605,696 | ---- | M] () -- C:\Users\G-Man\Documents\Dermatology6.avi
[2013/06/01 20:49:04 | 094,531,584 | ---- | M] () -- C:\Users\G-Man\Documents\Dermatology5.avi
[2013/06/01 20:47:52 | 208,646,144 | ---- | M] () -- C:\Users\G-Man\Documents\Dermatology4.avi
[2013/06/01 20:35:26 | 145,287,168 | ---- | M] () -- C:\Users\G-Man\Documents\Dermatology1.avi
[2013/06/01 20:31:50 | 141,981,696 | ---- | M] () -- C:\Users\G-Man\Documents\Musculoskeletal7.avi
[2013/06/01 20:29:50 | 156,817,408 | ---- | M] () -- C:\Users\G-Man\Documents\Musculoskeletal6.avi
[2013/06/01 20:27:46 | 176,216,064 | ---- | M] () -- C:\Users\G-Man\Documents\Musculoskeletal5.avi
[2013/06/01 20:25:48 | 174,204,928 | ---- | M] () -- C:\Users\G-Man\Documents\Musculoskeletal4.avi
[2013/06/01 20:23:28 | 200,384,512 | ---- | M] () -- C:\Users\G-Man\Documents\Musculoskeletal3.avi
[2013/06/01 20:20:35 | 149,174,272 | ---- | M] () -- C:\Users\G-Man\Documents\Musculoskeletal2.avi
[2013/06/01 20:18:01 | 211,662,848 | ---- | M] () -- C:\Users\G-Man\Documents\Musculoskeletal1.avi
[2013/06/01 20:14:11 | 063,778,816 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC13.avi
[2013/06/01 20:11:49 | 152,082,432 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC12.avi
[2013/06/01 20:10:24 | 159,956,992 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC11.avi
[2013/06/01 20:08:11 | 116,518,912 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC10.avi
[2013/06/01 20:06:43 | 163,385,344 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC9.avi
[2013/06/01 20:05:02 | 117,499,904 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC8.avi
[2013/06/01 20:03:04 | 157,421,568 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC7.avi
[2013/06/01 19:59:52 | 229,197,824 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC6.avi
[2013/06/01 19:56:38 | 169,351,168 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC5.avi
[2013/06/01 19:54:49 | 119,226,368 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC4.avi
[2013/05/31 18:41:20 | 000,001,156 | ---- | M] () -- C:\Users\G-Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 11.lnk
[2013/05/31 11:26:46 | 000,172,032 | ---- | M] () -- C:\Windows\FS9Unins.exe
[2013/05/30 16:44:13 | 000,137,933 | ---- | M] () -- C:\Users\G-Man\Documents\Study_Guide_-_The_Step_2_Survival_Guide.pdf
[2013/05/30 13:38:57 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForG-Man.job
[2013/05/28 19:20:53 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/05/28 15:10:12 | 174,886,912 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology1.avi
[2013/05/28 02:03:13 | 092,516,352 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC3.avi
[2013/05/28 02:00:34 | 130,932,736 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC2.avi
[2013/05/28 01:58:47 | 151,492,608 | ---- | M] () -- C:\Users\G-Man\Documents\HEME-ONC1.avi
[2013/05/28 01:55:52 | 064,655,360 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary13.avi
[2013/05/28 01:53:53 | 129,296,384 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary12.avi
[2013/05/28 01:52:15 | 134,426,624 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary11.avi
[2013/05/28 01:45:15 | 148,002,816 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary10.avi
[2013/05/28 01:43:36 | 104,798,208 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary9.avi
[2013/05/28 01:41:49 | 194,592,768 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary8.avi
[2013/05/28 01:36:10 | 180,508,672 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary7.avi
[2013/05/28 01:31:59 | 088,590,336 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary6.avi
[2013/05/27 15:29:38 | 234,104,832 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary5.avi
[2013/05/27 15:27:50 | 074,510,336 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary4.avi
[2013/05/27 15:26:52 | 104,890,368 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary3.avi
[2013/05/27 15:25:38 | 162,848,768 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary2.avi
[2013/05/27 15:23:57 | 126,267,392 | ---- | M] () -- C:\Users\G-Man\Documents\Genitourinary1.avi
[2013/05/27 15:21:09 | 147,456,000 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology15.avi
[2013/05/27 15:18:48 | 160,088,064 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology14.avi
[2013/05/27 15:17:01 | 189,960,192 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology13.avi
[2013/05/27 15:15:01 | 138,936,320 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology12.avi
[2013/05/27 15:11:00 | 122,617,856 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology11.avi
[2013/05/27 15:04:28 | 259,946,496 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology10.avi
[2013/05/27 14:59:36 | 157,450,240 | ---- | M] () -- C:\Users\G-Man\Documents\EPI-ETHICS3.avi
[2013/05/27 14:54:57 | 161,533,952 | ---- | M] () -- C:\Users\G-Man\Documents\EPI-ETHICS2.avi
[2013/05/27 14:28:07 | 230,907,904 | ---- | M] () -- C:\Users\G-Man\Documents\EPI-ETHICS1.avi
[2013/05/27 14:18:31 | 172,566,528 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology9.avi
[2013/05/26 12:40:25 | 167,925,760 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology8.avi
[2013/05/26 12:38:22 | 162,502,656 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology7.avi
[2013/05/26 12:36:44 | 142,813,184 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology6.avi
[2013/05/26 12:35:08 | 101,529,600 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology5.avi
[2013/05/26 12:33:28 | 188,934,144 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology4.avi
[2013/05/26 12:31:10 | 169,019,392 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology3.avi
[2013/05/26 12:29:12 | 143,128,576 | ---- | M] () -- C:\Users\G-Man\Documents\Gastroenterology2.avi
[2013/05/25 01:53:55 | 124,549,120 | ---- | M] () -- C:\Users\G-Man\Documents\Pulmonology12.avi
[2013/05/25 00:17:31 | 000,417,563 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2013/05/25 00:12:41 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013/05/25 00:06:42 | 165,902,336 | ---- | M] () -- C:\Users\G-Man\Documents\Pulmonology11.avi
[2013/05/25 00:05:30 | 149,331,968 | ---- | M] () -- C:\Users\G-Man\Documents\Pulmonology10.avi
[2013/05/25 00:03:42 | 174,401,536 | ---- | M] () -- C:\Users\G-Man\Documents\Pulmonology9.avi
[2013/05/25 00:01:58 | 134,875,136 | ---- | M] () -- C:\Users\G-Man\Documents\Pulmonology8.avi
[2013/05/24 23:59:16 | 152,502,272 | ---- | M] () -- C:\Users\G-Man\Documents\Pulmonology7.avi
[2013/05/24 23:57:46 | 074,620,928 | ---- | M] () -- C:\Users\G-Man\Documents\Pulmonology6.avi
[2013/05/24 23:56:00 | 137,676,800 | ---- | M] () -- C:\Users\G-Man\Documents\Pulmonology5.avi
[2013/05/24 06:38:24 | 345,839,318 | ---- | M] () -- C:\Users\G-Man\Documents\DIT Step2 2013mm.pdf
[2013/05/24 00:14:32 | 133,623,808 | ---- | M] () -- C:\Users\G-Man\Documents\Pulmonology4.avi
[2013/05/24 00:13:05 | 121,100,288 | ---- | M] () -- C:\Users\G-Man\Documents\Pulmonology3.avi
[2013/05/24 00:09:26 | 052,072,448 | ---- | M] () -- C:\Users\G-Man\Documents\Pulmonology2.avi
[2013/05/24 00:06:16 | 119,549,952 | ---- | M] () -- C:\Users\G-Man\Documents\Pulmonology1.avi
[2013/05/24 00:04:06 | 181,006,336 | ---- | M] () -- C:\Users\G-Man\Documents\ER-ICU-SURG12.avi
[2013/05/23 23:46:17 | 170,041,344 | ---- | M] () -- C:\Users\G-Man\Documents\ER-ICU-SURG11.avi
[2013/05/23 23:44:22 | 081,131,520 | ---- | M] () -- C:\Users\G-Man\Documents\ER-ICU-SURG10.avi
[2013/05/23 23:42:39 | 175,093,760 | ---- | M] () -- C:\Users\G-Man\Documents\ER-ICU-SURG9.avi
[2013/05/23 23:38:30 | 126,640,128 | ---- | M] () -- C:\Users\G-Man\Documents\ER-ICU-SURG8.avi
[2013/05/23 23:30:00 | 233,779,200 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular18.avi
[2013/05/23 23:26:33 | 132,210,688 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular17.avi
[2013/05/23 23:22:44 | 200,976,384 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular16.avi
[2013/05/23 23:20:11 | 185,077,760 | ---- | M] () -- C:\Users\G-Man\Documents\ER-ICU-SURG7.avi
[2013/05/23 23:16:28 | 098,770,944 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular15.avi
[2013/05/23 22:33:59 | 056,514,582 | ---- | M] () -- C:\Users\G-Man\Documents\DIT Step2 2013-1.pdf
[2013/05/22 20:14:45 | 088,774,833 | ---- | M] () -- C:\Users\G-Man\Documents\PedsShelfReview_pt4.wmv
[2013/05/22 20:09:14 | 101,489,637 | ---- | M] () -- C:\Users\G-Man\Documents\PedsShelfReview_pt3.wmv
[2013/05/22 20:01:24 | 126,423,937 | ---- | M] () -- C:\Users\G-Man\Documents\PedsShelfReview_pt2.wmv
[2013/05/22 19:48:51 | 119,812,373 | ---- | M] () -- C:\Users\G-Man\Documents\PedsShelfReview_pt1.wmv
[2013/05/21 08:13:04 | 095,255,040 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular2.avi
[2013/05/21 06:16:01 | 120,705,024 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular8.avi
[2013/05/21 00:36:51 | 170,762,240 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular14.avi
[2013/05/21 00:35:12 | 134,875,136 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular13.avi
[2013/05/21 00:32:59 | 157,114,368 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular12.avi
[2013/05/21 00:29:13 | 190,992,384 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular11.avi
[2013/05/21 00:25:27 | 127,539,200 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular10.avi
[2013/05/21 00:18:42 | 176,117,760 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular9.avi
[2013/05/21 00:17:05 | 132,687,872 | ---- | M] () -- C:\Users\G-Man\Documents\ER-ICU-SURG6.avi
[2013/05/21 00:00:23 | 116,420,608 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular7.avi
[2013/05/20 23:50:16 | 115,984,384 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular6.avi
[2013/05/20 23:49:23 | 093,501,440 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular5.avi
[2013/05/20 23:48:15 | 093,480,960 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular4.avi
[2013/05/20 23:46:16 | 194,766,848 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular3.avi
[2013/05/20 23:28:08 | 112,074,752 | ---- | M] () -- C:\Users\G-Man\Documents\Cardiovascular1.avi
[2013/05/20 23:26:49 | 109,074,432 | ---- | M] () -- C:\Users\G-Man\Documents\ER-ICU-SURG5.avi
[2013/05/20 23:25:55 | 084,701,184 | ---- | M] () -- C:\Users\G-Man\Documents\ER-ICU-SURG4.avi
[2013/05/20 23:24:14 | 115,888,128 | ---- | M] () -- C:\Users\G-Man\Documents\ER-ICU-SURG3.avi
[2013/05/20 23:22:36 | 113,246,208 | ---- | M] () -- C:\Users\G-Man\Documents\ER-ICU-SURG2.avi
[2013/05/20 23:19:01 | 150,478,848 | ---- | M] () -- C:\Users\G-Man\Documents\ER-ICU-SURG1.avi
[2013/05/20 12:55:50 | 267,992,976 | ---- | M] () -- C:\Users\G-Man\Documents\DIT Step2 2013.pdf
[2013/05/17 16:21:53 | 004,989,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/17 00:32:56 | 154,730,496 | ---- | M] () -- C:\Users\G-Man\Documents\Endocrine9.avi
[2013/05/17 00:11:18 | 000,007,668 | ---- | M] () -- C:\Windows\hworks64.INI
[2013/05/17 00:00:47 | 161,775,616 | ---- | M] () -- C:\Users\G-Man\Documents\Endocrine2.avi
[2013/05/16 00:12:56 | 172,009,472 | ---- | M] () -- C:\Users\G-Man\Documents\Endocrine10.avi
[2013/05/16 00:09:41 | 137,199,616 | ---- | M] () -- C:\Users\G-Man\Documents\Endocrine8.avi
[2013/05/16 00:08:43 | 141,318,144 | ---- | M] () -- C:\Users\G-Man\Documents\Endocrine7.avi
[2013/05/16 00:07:38 | 095,733,760 | ---- | M] () -- C:\Users\G-Man\Documents\Endocrine6.avi
[2013/05/16 00:05:41 | 146,540,544 | ---- | M] () -- C:\Users\G-Man\Documents\Endocrine5.avi
[2013/05/16 00:01:56 | 233,635,840 | ---- | M] () -- C:\Users\G-Man\Documents\Endocrine4.avi
[2013/05/14 22:38:47 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013/05/14 21:31:59 | 067,129,344 | ---- | M] () -- C:\Users\G-Man\Documents\Endocrine3.avi
[2013/05/14 21:27:17 | 131,670,016 | ---- | M] () -- C:\Users\G-Man\Documents\Endocrine1.avi
[2013/05/14 21:25:26 | 124,712,960 | ---- | M] () -- C:\Users\G-Man\Documents\Psychiatry11.avi
[2013/05/14 21:23:35 | 130,269,184 | ---- | M] () -- C:\Users\G-Man\Documents\Psychiatry10.avi
[2013/05/14 21:21:53 | 150,839,296 | ---- | M] () -- C:\Users\G-Man\Documents\Psychiatry9.avi
[2013/05/14 21:19:41 | 094,154,752 | ---- | M] () -- C:\Users\G-Man\Documents\Psychiatry8.avi
[2013/05/14 21:17:19 | 140,003,328 | ---- | M] () -- C:\Users\G-Man\Documents\Psychiatry7.avi
[2013/05/14 21:15:04 | 084,938,752 | ---- | M] () -- C:\Users\G-Man\Documents\Psychiatry6.avi
[2013/05/10 01:03:46 | 000,000,717 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[FONT=Courier New]========== Files Created - No Company Name ==========[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New][2013/06/07 21:31:12 | 000,000,176 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat[/FONT]
[FONT=Courier New][2013/06/07 19:48:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[/FONT]
[FONT=Courier New][2013/06/07 19:48:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[/FONT]
[FONT=Courier New][2013/06/07 19:48:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[/FONT]
[FONT=Courier New][2013/06/07 19:48:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[/FONT]
[FONT=Courier New][2013/06/07 19:48:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[/FONT]
[FONT=Courier New][2013/06/06 23:59:31 | 007,276,239 | ---- | C] () -- C:\Users\G-Man\Documents\7.pdf[/FONT]
[FONT=Courier New][2013/06/06 01:52:01 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForweoin.job[/FONT]
[FONT=Courier New][2013/06/05 23:23:43 | 077,474,627 | ---- | C] () -- C:\Users\G-Man\Documents\Medstudy 2013 Video Board Review of Pediatrics.pdf[/FONT]
[FONT=Courier New][2013/06/05 23:01:14 | 000,000,000 | ---- | C] () -- C:\Windows\AoADVDRipper.INI[/FONT]
[FONT=Courier New][2013/06/03 21:35:12 | 001,472,007 | ---- | C] () -- C:\Users\G-Man\Documents\Pediatrics shelf.pdf[/FONT]
[FONT=Courier New][2013/06/02 23:57:04 | 118,147,072 | ---- | C] () -- C:\Users\G-Man\Documents\Pediatrics5.avi[/FONT]
[FONT=Courier New][2013/06/02 23:49:42 | 171,366,400 | ---- | C] () -- C:\Users\G-Man\Documents\Pediatrics4.avi[/FONT]
[FONT=Courier New][2013/06/02 23:40:57 | 159,426,560 | ---- | C] () -- C:\Users\G-Man\Documents\Pediatrics3.avi[/FONT]
[FONT=Courier New][2013/06/02 23:35:34 | 107,358,208 | ---- | C] () -- C:\Users\G-Man\Documents\Pediatrics2.avi[/FONT]
[FONT=Courier New][2013/06/02 23:34:01 | 141,242,368 | ---- | C] () -- C:\Users\G-Man\Documents\Pediatrics1.avi[/FONT]
[FONT=Courier New][2013/06/02 23:32:15 | 123,844,608 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics14.avi[/FONT]
[FONT=Courier New][2013/06/02 23:30:05 | 088,494,080 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics13.avi[/FONT]
[FONT=Courier New][2013/06/02 23:28:04 | 144,107,520 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics1.avi[/FONT]
[FONT=Courier New][2013/06/02 23:20:34 | 025,811,439 | ---- | C] () -- C:\Users\G-Man\Documents\IMQA2.pdf[/FONT]
[FONT=Courier New][2013/06/02 21:44:20 | 025,255,986 | ---- | C] () -- C:\Users\G-Man\Documents\IMQA1.pdf[/FONT]
[FONT=Courier New][2013/06/02 21:26:05 | 015,895,797 | ---- | C] () -- C:\Users\G-Man\Documents\IMA1.pdf[/FONT]
[FONT=Courier New][2013/06/02 21:24:01 | 010,076,091 | ---- | C] () -- C:\Users\G-Man\Documents\IMQ1.pdf[/FONT]
[FONT=Courier New][2013/06/02 19:37:37 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk[/FONT]
[FONT=Courier New][2013/06/02 17:05:34 | 134,424,576 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics12.avi[/FONT]
[FONT=Courier New][2013/06/02 17:00:45 | 131,995,648 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics11.avi[/FONT]
[FONT=Courier New][2013/06/02 16:58:58 | 197,730,304 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics10.avi[/FONT]
[FONT=Courier New][2013/06/02 16:49:57 | 139,982,848 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics9.avi[/FONT]
[FONT=Courier New][2013/06/02 16:39:15 | 193,695,744 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics8.avi[/FONT]
[FONT=Courier New][2013/06/02 16:37:16 | 167,692,288 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics7.avi[/FONT]
[FONT=Courier New][2013/06/02 16:34:50 | 184,424,448 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics6.avi[/FONT]
[FONT=Courier New][2013/06/02 16:31:45 | 115,236,864 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics5.avi[/FONT]
[FONT=Courier New][2013/06/01 21:22:28 | 110,297,088 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics4.avi[/FONT]
[FONT=Courier New][2013/06/01 21:21:05 | 213,127,168 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics3.avi[/FONT]
[FONT=Courier New][2013/06/01 21:19:14 | 197,054,464 | ---- | C] () -- C:\Users\G-Man\Documents\Obstretics2.avi[/FONT]
[FONT=Courier New][2013/06/01 21:17:32 | 197,595,136 | ---- | C] () -- C:\Users\G-Man\Documents\Gynecology9.avi[/FONT]
[FONT=Courier New][2013/06/01 21:15:00 | 256,935,936 | ---- | C] () -- C:\Users\G-Man\Documents\Gynecology8.avi[/FONT]
[FONT=Courier New][2013/06/01 21:12:45 | 097,089,536 | ---- | C] () -- C:\Users\G-Man\Documents\Gynecology7.avi[/FONT]
[FONT=Courier New][2013/06/01 21:11:31 | 099,547,136 | ---- | C] () -- C:\Users\G-Man\Documents\Gynecology6.avi[/FONT]
[FONT=Courier New][2013/06/01 21:09:36 | 135,491,584 | ---- | C] () -- C:\Users\G-Man\Documents\Dermatology3.avi[/FONT]
[FONT=Courier New][2013/06/01 21:04:25 | 199,809,024 | ---- | C] () -- C:\Users\G-Man\Documents\Gynecology11.avi[/FONT]
[FONT=Courier New][2013/06/01 21:02:37 | 115,986,432 | ---- | C] () -- C:\Users\G-Man\Documents\Gynecology10.avi[/FONT]
[FONT=Courier New][2013/06/01 20:59:18 | 112,611,328 | ---- | C] () -- C:\Users\G-Man\Documents\Gynecology5.avi[/FONT]
[FONT=Courier New][2013/06/01 20:57:27 | 111,798,272 | ---- | C] () -- C:\Users\G-Man\Documents\Gynecology4.avi[/FONT]
[FONT=Courier New][2013/06/01 20:55:27 | 231,178,240 | ---- | C] () -- C:\Users\G-Man\Documents\Gynecology3.avi[/FONT]
[FONT=Courier New][2013/06/01 20:53:28 | 112,418,816 | ---- | C] () -- C:\Users\G-Man\Documents\Gynecology2.avi[/FONT]
[FONT=Courier New][2013/06/01 20:51:49 | 129,560,576 | ---- | C] () -- C:\Users\G-Man\Documents\Gynecology1.avi[/FONT]
[FONT=Courier New][2013/06/01 20:50:21 | 136,605,696 | ---- | C] () -- C:\Users\G-Man\Documents\Dermatology6.avi[/FONT]
[FONT=Courier New][2013/06/01 20:48:56 | 094,531,584 | ---- | C] () -- C:\Users\G-Man\Documents\Dermatology5.avi[/FONT]
[FONT=Courier New][2013/06/01 20:47:33 | 208,646,144 | ---- | C] () -- C:\Users\G-Man\Documents\Dermatology4.avi[/FONT]
[FONT=Courier New][2013/06/01 20:40:03 | 178,618,368 | ---- | C] () -- C:\Users\G-Man\Documents\Dermatology2.avi[/FONT]
[FONT=Courier New][2013/06/01 20:35:14 | 145,287,168 | ---- | C] () -- C:\Users\G-Man\Documents\Dermatology1.avi[/FONT]
[FONT=Courier New][2013/06/01 20:31:38 | 141,981,696 | ---- | C] () -- C:\Users\G-Man\Documents\Musculoskeletal7.avi[/FONT]
[FONT=Courier New][2013/06/01 20:29:37 | 156,817,408 | ---- | C] () -- C:\Users\G-Man\Documents\Musculoskeletal6.avi[/FONT]
[FONT=Courier New][2013/06/01 20:27:33 | 176,216,064 | ---- | C] () -- C:\Users\G-Man\Documents\Musculoskeletal5.avi[/FONT]
[FONT=Courier New][2013/06/01 20:25:34 | 174,204,928 | ---- | C] () -- C:\Users\G-Man\Documents\Musculoskeletal4.avi[/FONT]
[FONT=Courier New][2013/06/01 20:23:10 | 200,384,512 | ---- | C] () -- C:\Users\G-Man\Documents\Musculoskeletal3.avi[/FONT]
[FONT=Courier New][2013/06/01 20:20:24 | 149,174,272 | ---- | C] () -- C:\Users\G-Man\Documents\Musculoskeletal2.avi[/FONT]
[FONT=Courier New][2013/06/01 20:17:44 | 211,662,848 | ---- | C] () -- C:\Users\G-Man\Documents\Musculoskeletal1.avi[/FONT]
[FONT=Courier New][2013/06/01 20:14:05 | 063,778,816 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC13.avi[/FONT]
[FONT=Courier New][2013/06/01 20:11:36 | 152,082,432 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC12.avi[/FONT]
[FONT=Courier New][2013/06/01 20:10:11 | 159,956,992 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC11.avi[/FONT]
[FONT=Courier New][2013/06/01 20:08:02 | 116,518,912 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC10.avi[/FONT]
[FONT=Courier New][2013/06/01 20:06:30 | 163,385,344 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC9.avi[/FONT]
[FONT=Courier New][2013/06/01 20:04:52 | 117,499,904 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC8.avi[/FONT]
[FONT=Courier New][2013/06/01 20:02:52 | 157,421,568 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC7.avi[/FONT]
[FONT=Courier New][2013/06/01 19:59:35 | 229,197,824 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC6.avi[/FONT]
[FONT=Courier New][2013/06/01 19:56:26 | 169,351,168 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC5.avi[/FONT]
[FONT=Courier New][2013/06/01 19:54:40 | 119,226,368 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC4.avi[/FONT]
[FONT=Courier New][2013/05/31 18:41:20 | 000,001,156 | ---- | C] () -- C:\Users\G-Man\Application Data\Microsoft\Internet Explorer\Quick Launch\Snagit 11.lnk[/FONT]
[FONT=Courier New][2013/05/31 11:26:46 | 000,172,032 | ---- | C] () -- C:\Windows\FS9Unins.exe[/FONT]
[FONT=Courier New][2013/05/30 16:44:04 | 000,137,933 | ---- | C] () -- C:\Users\G-Man\Documents\Study_Guide_-_The_Step_2_Survival_Guide.pdf[/FONT]
[FONT=Courier New][2013/05/29 12:45:51 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForG-Man.job[/FONT]
[FONT=Courier New][2013/05/29 02:46:52 | 174,886,912 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology1.avi[/FONT]
[FONT=Courier New][2013/05/28 02:02:07 | 092,516,352 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC3.avi[/FONT]
[FONT=Courier New][2013/05/28 02:00:20 | 130,932,736 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC2.avi[/FONT]
[FONT=Courier New][2013/05/28 01:58:27 | 151,492,608 | ---- | C] () -- C:\Users\G-Man\Documents\HEME-ONC1.avi[/FONT]
[FONT=Courier New][2013/05/28 01:54:54 | 064,655,360 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary13.avi[/FONT]
[FONT=Courier New][2013/05/28 01:53:41 | 129,296,384 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary12.avi[/FONT]
[FONT=Courier New][2013/05/28 01:49:38 | 134,426,624 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary11.avi[/FONT]
[FONT=Courier New][2013/05/28 01:45:00 | 148,002,816 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary10.avi[/FONT]
[FONT=Courier New][2013/05/28 01:43:23 | 104,798,208 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary9.avi[/FONT]
[FONT=Courier New][2013/05/28 01:37:53 | 194,592,768 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary8.avi[/FONT]
[FONT=Courier New][2013/05/28 01:33:06 | 180,508,672 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary7.avi[/FONT]
[FONT=Courier New][2013/05/28 01:31:47 | 088,590,336 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary6.avi[/FONT]
[FONT=Courier New][2013/05/27 15:29:12 | 234,104,832 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary5.avi[/FONT]
[FONT=Courier New][2013/05/27 15:27:44 | 074,510,336 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary4.avi[/FONT]
[FONT=Courier New][2013/05/27 15:26:41 | 104,890,368 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary3.avi[/FONT]
[FONT=Courier New][2013/05/27 15:25:22 | 162,848,768 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary2.avi[/FONT]
[FONT=Courier New][2013/05/27 15:23:42 | 126,267,392 | ---- | C] () -- C:\Users\G-Man\Documents\Genitourinary1.avi[/FONT]
[FONT=Courier New][2013/05/27 15:20:45 | 147,456,000 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology15.avi[/FONT]
[FONT=Courier New][2013/05/27 15:18:28 | 160,088,064 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology14.avi[/FONT]
[FONT=Courier New][2013/05/27 15:16:35 | 189,960,192 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology13.avi[/FONT]
[FONT=Courier New][2013/05/27 15:13:15 | 138,936,320 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology12.avi[/FONT]
[FONT=Courier New][2013/05/27 15:06:28 | 122,617,856 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology11.avi[/FONT]
[FONT=Courier New][2013/05/27 15:02:33 | 259,946,496 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology10.avi[/FONT]
[FONT=Courier New][2013/05/27 14:57:37 | 157,450,240 | ---- | C] () -- C:\Users\G-Man\Documents\EPI-ETHICS3.avi[/FONT]
[FONT=Courier New][2013/05/27 14:50:13 | 161,533,952 | ---- | C] () -- C:\Users\G-Man\Documents\EPI-ETHICS2.avi[/FONT]
[FONT=Courier New][2013/05/27 14:24:03 | 230,907,904 | ---- | C] () -- C:\Users\G-Man\Documents\EPI-ETHICS1.avi[/FONT]
[FONT=Courier New][2013/05/27 14:10:22 | 172,566,528 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology9.avi[/FONT]
[FONT=Courier New][2013/05/26 12:40:07 | 167,925,760 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology8.avi[/FONT]
[FONT=Courier New][2013/05/26 12:38:07 | 162,502,656 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology7.avi[/FONT]
[FONT=Courier New][2013/05/26 12:36:29 | 142,813,184 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology6.avi[/FONT]
[FONT=Courier New][2013/05/26 12:34:52 | 101,529,600 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology5.avi[/FONT]
[FONT=Courier New][2013/05/26 12:33:03 | 188,934,144 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology4.avi[/FONT]
[FONT=Courier New][2013/05/26 12:30:51 | 169,019,392 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology3.avi[/FONT]
[FONT=Courier New][2013/05/26 12:28:54 | 143,128,576 | ---- | C] () -- C:\Users\G-Man\Documents\Gastroenterology2.avi[/FONT]
[FONT=Courier New][2013/05/25 01:49:54 | 124,549,120 | ---- | C] () -- C:\Users\G-Man\Documents\Pulmonology12.avi[/FONT]
[FONT=Courier New][2013/05/25 00:58:22 | 098,770,944 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular15.avi[/FONT]
[FONT=Courier New][2013/05/25 00:58:12 | 170,762,240 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular14.avi[/FONT]
[FONT=Courier New][2013/05/25 00:58:09 | 134,875,136 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular13.avi[/FONT]
[FONT=Courier New][2013/05/25 00:58:03 | 157,114,368 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular12.avi[/FONT]
[FONT=Courier New][2013/05/25 00:57:51 | 190,992,384 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular11.avi[/FONT]
[FONT=Courier New][2013/05/25 00:57:46 | 127,539,200 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular10.avi[/FONT]
[FONT=Courier New][2013/05/25 00:57:35 | 176,117,760 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular9.avi[/FONT]
[FONT=Courier New][2013/05/25 00:57:25 | 175,093,760 | ---- | C] () -- C:\Users\G-Man\Documents\ER-ICU-SURG9.avi[/FONT]
[FONT=Courier New][2013/05/25 00:57:19 | 126,640,128 | ---- | C] () -- C:\Users\G-Man\Documents\ER-ICU-SURG8.avi[/FONT]
[FONT=Courier New][2013/05/25 00:57:09 | 185,077,760 | ---- | C] () -- C:\Users\G-Man\Documents\ER-ICU-SURG7.avi[/FONT]
[FONT=Courier New][2013/05/25 00:56:59 | 233,779,200 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular18.avi[/FONT]
[FONT=Courier New][2013/05/25 00:56:56 | 132,210,688 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular17.avi[/FONT]
[FONT=Courier New][2013/05/25 00:56:51 | 200,976,384 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular16.avi[/FONT]
[FONT=Courier New][2013/05/25 00:06:33 | 165,902,336 | ---- | C] () -- C:\Users\G-Man\Documents\Pulmonology11.avi[/FONT]
[FONT=Courier New][2013/05/25 00:05:20 | 149,331,968 | ---- | C] () -- C:\Users\G-Man\Documents\Pulmonology10.avi[/FONT]
[FONT=Courier New][2013/05/25 00:03:32 | 174,401,536 | ---- | C] () -- C:\Users\G-Man\Documents\Pulmonology9.avi[/FONT]
[FONT=Courier New][2013/05/25 00:01:49 | 134,875,136 | ---- | C] () -- C:\Users\G-Man\Documents\Pulmonology8.avi[/FONT]
[FONT=Courier New][2013/05/24 23:59:08 | 152,502,272 | ---- | C] () -- C:\Users\G-Man\Documents\Pulmonology7.avi[/FONT]
[FONT=Courier New][2013/05/24 23:53:42 | 074,620,928 | ---- | C] () -- C:\Users\G-Man\Documents\Pulmonology6.avi[/FONT]
[FONT=Courier New][2013/05/24 23:51:36 | 137,676,800 | ---- | C] () -- C:\Users\G-Man\Documents\Pulmonology5.avi[/FONT]
[FONT=Courier New][2013/05/24 06:38:24 | 345,839,318 | ---- | C] () -- C:\Users\G-Man\Documents\DIT Step2 2013mm.pdf[/FONT]
[FONT=Courier New][2013/05/24 00:14:21 | 133,623,808 | ---- | C] () -- C:\Users\G-Man\Documents\Pulmonology4.avi[/FONT]
[FONT=Courier New][2013/05/24 00:11:20 | 121,100,288 | ---- | C] () -- C:\Users\G-Man\Documents\Pulmonology3.avi[/FONT]
[FONT=Courier New][2013/05/24 00:08:11 | 052,072,448 | ---- | C] () -- C:\Users\G-Man\Documents\Pulmonology2.avi[/FONT]
[FONT=Courier New][2013/05/24 00:06:07 | 119,549,952 | ---- | C] () -- C:\Users\G-Man\Documents\Pulmonology1.avi[/FONT]
[FONT=Courier New][2013/05/24 00:03:49 | 181,006,336 | ---- | C] () -- C:\Users\G-Man\Documents\ER-ICU-SURG12.avi[/FONT]
[FONT=Courier New][2013/05/23 23:45:50 | 170,041,344 | ---- | C] () -- C:\Users\G-Man\Documents\ER-ICU-SURG11.avi[/FONT]
[FONT=Courier New][2013/05/23 23:44:15 | 081,131,520 | ---- | C] () -- C:\Users\G-Man\Documents\ER-ICU-SURG10.avi[/FONT]
[FONT=Courier New][2013/05/23 22:33:58 | 056,514,582 | ---- | C] () -- C:\Users\G-Man\Documents\DIT Step2 2013-1.pdf[/FONT]
[FONT=Courier New][2013/05/22 20:09:42 | 088,774,833 | ---- | C] () -- C:\Users\G-Man\Documents\PedsShelfReview_pt4.wmv[/FONT]
[FONT=Courier New][2013/05/22 20:03:02 | 101,489,637 | ---- | C] () -- C:\Users\G-Man\Documents\PedsShelfReview_pt3.wmv[/FONT]
[FONT=Courier New][2013/05/22 19:49:57 | 126,423,937 | ---- | C] () -- C:\Users\G-Man\Documents\PedsShelfReview_pt2.wmv[/FONT]
[FONT=Courier New][2013/05/22 19:39:48 | 119,812,373 | ---- | C] () -- C:\Users\G-Man\Documents\PedsShelfReview_pt1.wmv[/FONT]
[FONT=Courier New][2013/05/21 01:12:46 | 120,705,024 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular8.avi[/FONT]
[FONT=Courier New][2013/05/21 00:11:08 | 132,687,872 | ---- | C] () -- C:\Users\G-Man\Documents\ER-ICU-SURG6.avi[/FONT]
[FONT=Courier New][2013/05/20 23:57:45 | 116,420,608 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular7.avi[/FONT]
[FONT=Courier New][2013/05/20 23:50:08 | 115,984,384 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular6.avi[/FONT]
[FONT=Courier New][2013/05/20 23:49:15 | 093,501,440 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular5.avi[/FONT]
[FONT=Courier New][2013/05/20 23:48:07 | 093,480,960 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular4.avi[/FONT]
[FONT=Courier New][2013/05/20 23:45:42 | 194,766,848 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular3.avi[/FONT]
[FONT=Courier New][2013/05/20 23:43:21 | 095,255,040 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular2.avi[/FONT]
[FONT=Courier New][2013/05/20 23:27:58 | 112,074,752 | ---- | C] () -- C:\Users\G-Man\Documents\Cardiovascular1.avi[/FONT]
[FONT=Courier New][2013/05/20 23:26:41 | 109,074,432 | ---- | C] () -- C:\Users\G-Man\Documents\ER-ICU-SURG5.avi[/FONT]
[FONT=Courier New][2013/05/20 23:25:48 | 084,701,184 | ---- | C] () -- C:\Users\G-Man\Documents\ER-ICU-SURG4.avi[/FONT]
[FONT=Courier New][2013/05/20 23:24:05 | 115,888,128 | ---- | C] () -- C:\Users\G-Man\Documents\ER-ICU-SURG3.avi[/FONT]
[FONT=Courier New][2013/05/20 23:22:16 | 113,246,208 | ---- | C] () -- C:\Users\G-Man\Documents\ER-ICU-SURG2.avi[/FONT]
[FONT=Courier New][2013/05/20 23:18:46 | 150,478,848 | ---- | C] () -- C:\Users\G-Man\Documents\ER-ICU-SURG1.avi[/FONT]
[FONT=Courier New][2013/05/19 22:53:17 | 000,155,648 | ---- | C] () -- C:\Windows\agent.exe[/FONT]
[FONT=Courier New][2013/05/19 22:52:20 | 000,046,592 | ---- | C] () -- C:\Windows\SysWow64\grtppm.dll[/FONT]
[FONT=Courier New][2013/05/17 19:03:29 | 267,992,976 | ---- | C] () -- C:\Users\G-Man\Documents\DIT Step2 2013.pdf[/FONT]
[FONT=Courier New][2013/05/17 16:08:00 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk[/FONT]
[FONT=Courier New][2013/05/17 16:08:00 | 000,002,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk[/FONT]
[FONT=Courier New][2013/05/17 16:08:00 | 000,002,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk[/FONT]
[FONT=Courier New][2013/05/16 00:12:43 | 172,009,472 | ---- | C] () -- C:\Users\G-Man\Documents\Endocrine10.avi[/FONT]
[FONT=Courier New][2013/05/16 00:10:52 | 154,730,496 | ---- | C] () -- C:\Users\G-Man\Documents\Endocrine9.avi[/FONT]
[FONT=Courier New][2013/05/16 00:09:32 | 137,199,616 | ---- | C] () -- C:\Users\G-Man\Documents\Endocrine8.avi[/FONT]
[FONT=Courier New][2013/05/16 00:08:33 | 141,318,144 | ---- | C] () -- C:\Users\G-Man\Documents\Endocrine7.avi[/FONT]
[FONT=Courier New][2013/05/16 00:07:31 | 095,733,760 | ---- | C] () -- C:\Users\G-Man\Documents\Endocrine6.avi[/FONT]
[FONT=Courier New][2013/05/16 00:05:27 | 146,540,544 | ---- | C] () -- C:\Users\G-Man\Documents\Endocrine5.avi[/FONT]
[FONT=Courier New][2013/05/15 01:19:25 | 233,635,840 | ---- | C] () -- C:\Users\G-Man\Documents\Endocrine4.avi[/FONT]
[FONT=Courier New][2013/05/14 22:38:42 | 000,001,024 | ---- | C] () -- C:\.rnd[/FONT]
[FONT=Courier New][2013/05/14 22:38:08 | 000,000,988 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk[/FONT]
[FONT=Courier New][2013/05/14 21:31:51 | 067,129,344 | ---- | C] () -- C:\Users\G-Man\Documents\Endocrine3.avi[/FONT]
[FONT=Courier New][2013/05/14 21:29:43 | 161,775,616 | ---- | C] () -- C:\Users\G-Man\Documents\Endocrine2.avi[/FONT]
[FONT=Courier New][2013/05/14 21:27:06 | 131,670,016 | ---- | C] () -- C:\Users\G-Man\Documents\Endocrine1.avi[/FONT]
[FONT=Courier New][2013/05/14 21:25:15 | 124,712,960 | ---- | C] () -- C:\Users\G-Man\Documents\Psychiatry11.avi[/FONT]
[FONT=Courier New][2013/05/14 21:23:24 | 130,269,184 | ---- | C] () -- C:\Users\G-Man\Documents\Psychiatry10.avi[/FONT]
[FONT=Courier New][2013/05/14 21:21:39 | 150,839,296 | ---- | C] () -- C:\Users\G-Man\Documents\Psychiatry9.avi[/FONT]
[FONT=Courier New][2013/05/14 21:19:30 | 094,154,752 | ---- | C] () -- C:\Users\G-Man\Documents\Psychiatry8.avi[/FONT]
[FONT=Courier New][2013/05/14 21:17:07 | 140,003,328 | ---- | C] () -- C:\Users\G-Man\Documents\Psychiatry7.avi[/FONT]
[FONT=Courier New][2013/05/14 21:14:57 | 084,938,752 | ---- | C] () -- C:\Users\G-Man\Documents\Psychiatry6.avi[/FONT]
[FONT=Courier New][2013/05/02 02:08:36 | 000,000,258 | RHS- | C] () -- C:\Users\G-Man\ntuser.pol[/FONT]
[FONT=Courier New][2013/05/02 00:34:43 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll[/FONT]
[FONT=Courier New][2013/05/02 00:34:43 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll[/FONT]
[FONT=Courier New][2013/01/30 17:40:25 | 155,271,168 | ---- | C] () -- C:\Users\G-Man\Rosetta Stone v3 & Patch.iso[/FONT]
[FONT=Courier New][2013/01/25 15:58:13 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\DreamUPLAN.ini[/FONT]
[FONT=Courier New][2013/01/18 20:54:58 | 000,009,216 | ---- | C] () -- C:\Users\G-Man\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[/FONT]
[FONT=Courier New][2013/01/03 21:31:49 | 000,001,106 | ---- | C] () -- C:\Users\G-Man\advanced_ip_scanner_MAC.bin[/FONT]
[FONT=Courier New][2012/12/13 06:16:46 | 443,927,742 | ---- | C] () -- C:\Users\G-Man\[A-Destiny] Kingdom - 05 (1280x720 Hi10p AAC) [F75430DD].mkv[/FONT]
[FONT=Courier New][2012/12/13 05:50:33 | 336,261,779 | ---- | C] () -- C:\Users\G-Man\[Hadena] Kingdom - 04 [10bit][720p][81589BD5].mkv[/FONT]
[FONT=Courier New][2012/12/13 05:15:44 | 392,282,599 | ---- | C] () -- C:\Users\G-Man\[Hadena] Kingdom - 03 [720p][9CA9CAA5].mkv[/FONT]
[FONT=Courier New][2012/12/13 04:04:28 | 250,325,302 | ---- | C] () -- C:\Users\G-Man\[Hadena] Kingdom - 02 [10bit][720p][44601AC8].mkv[/FONT]
[FONT=Courier New][2012/12/12 23:26:02 | 287,235,716 | ---- | C] () -- C:\Users\G-Man\[URW]_Chuunibyou_demo_Koi_ga_Shitai!_-_11_[720p][C31B6869].mkv[/FONT]
[FONT=Courier New][2012/11/19 20:21:50 | 347,046,753 | ---- | C] () -- C:\Users\G-Man\[rori] Sakurasou no Pet na Kanojo - 07 [DADADAAA].mkv[/FONT]
[FONT=Courier New][2012/05/03 10:28:57 | 000,221,606 | ---- | C] () -- C:\Windows\hpoins19.dat[/FONT]
[FONT=Courier New][2012/05/03 10:28:57 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat[/FONT]
[FONT=Courier New][2012/03/10 07:42:34 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat[/FONT]
[FONT=Courier New][2012/01/03 08:42:43 | 000,769,042 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[/FONT]
[FONT=Courier New][2011/12/19 12:37:59 | 000,000,600 | ---- | C] () -- C:\Users\G-Man\AppData\Local\PUTTY.RND[/FONT]
[FONT=Courier New][2011/12/09 16:07:15 | 000,005,248 | ---- | C] () -- C:\Windows\SysWow64\giveio.sys[/FONT]
[FONT=Courier New][2011/11/24 22:08:24 | 000,196,832 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat[/FONT]
[FONT=Courier New][2011/11/15 07:17:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat[/FONT]
[FONT=Courier New][2011/10/26 19:58:07 | 000,007,668 | ---- | C] () -- C:\Windows\hworks64.INI[/FONT]
[FONT=Courier New][2011/10/16 21:46:36 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll[/FONT]
[FONT=Courier New][2011/09/19 11:50:57 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI[/FONT]
[FONT=Courier New][2011/09/11 11:42:03 | 000,000,032 | ---- | C] () -- C:\Windows\tdlp32.ini[/FONT]
[FONT=Courier New][2011/08/29 19:45:24 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe[/FONT]
[FONT=Courier New][2011/07/17 06:13:14 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll[/FONT]
[FONT=Courier New][2011/07/17 06:09:31 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin[/FONT]
[FONT=Courier New][2011/07/17 06:09:31 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin[/FONT]
[FONT=Courier New][2011/07/17 06:09:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin[/FONT]
[FONT=Courier New][2011/07/17 06:05:59 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]========== ZeroAccess Check ==========[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New][2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New][HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New][HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New][HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64[/FONT]
[FONT=Courier New]"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)[/FONT]
[FONT=Courier New]"ThreadingModel" = Apartment[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][/FONT]
[FONT=Courier New]"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)[/FONT]
[FONT=Courier New]"ThreadingModel" = Apartment[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64[/FONT]
[FONT=Courier New]"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)[/FONT]
[FONT=Courier New]"ThreadingModel" = Free[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32][/FONT]
[FONT=Courier New]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)[/FONT]
[FONT=Courier New]"ThreadingModel" = Free[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64[/FONT]
[FONT=Courier New]"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)[/FONT]
[FONT=Courier New]"ThreadingModel" = Both[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New][HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32][/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]========== LOP Check ==========[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New][2012/12/11 22:58:40 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software[/FONT]
[FONT=Courier New][2012/12/11 22:58:40 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software[/FONT]
[FONT=Courier New][2013/05/19 23:00:57 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\AdvancedTiffEditor[/FONT]
[FONT=Courier New][2011/08/29 18:01:08 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\AVG10[/FONT]
[FONT=Courier New][2013/02/13 09:56:52 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\calibre[/FONT]
[FONT=Courier New][2011/10/22 14:11:49 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1[/FONT]
[FONT=Courier New][2013/06/07 21:33:26 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\CheckPoint[/FONT]
[FONT=Courier New][2012/01/17 21:08:03 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Colasoft Capsa 7.4 - Free Edition[/FONT]
[FONT=Courier New][2012/01/17 21:08:04 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Colasoft MAC Scanner[/FONT]
[FONT=Courier New][2013/06/05 17:54:10 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\ControlCenter4[/FONT]
[FONT=Courier New][2013/01/30 20:28:46 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\DAEMON Tools Lite[/FONT]
[FONT=Courier New][2012/05/05 13:05:03 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Digiarty[/FONT]
[FONT=Courier New][2012/01/10 07:56:27 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\DocumentsToGoDesktop[/FONT]
[FONT=Courier New][2012/03/10 07:42:34 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\DonationCoder[/FONT]
[FONT=Courier New][2013/05/23 21:26:17 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Downloaded Installations[/FONT]
[FONT=Courier New][2013/06/06 00:51:23 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Dropbox[/FONT]
[FONT=Courier New][2012/11/07 13:06:33 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Echo Software[/FONT]
[FONT=Courier New][2011/11/23 18:40:28 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\enchant[/FONT]
[FONT=Courier New][2013/05/23 21:35:31 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\FileOpen[/FONT]
[FONT=Courier New][2013/06/07 22:00:04 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\FileZilla[/FONT]
[FONT=Courier New][2013/04/08 21:00:47 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Foxit Advanced PDF Editor[/FONT]
[FONT=Courier New][2013/05/23 19:14:08 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Foxit Software[/FONT]
[FONT=Courier New][2012/03/10 07:14:28 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\GrabPro[/FONT]
[FONT=Courier New][2011/11/23 18:43:28 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\gtk-2.0[/FONT]
[FONT=Courier New][2013/06/05 15:15:01 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\HandBrake[/FONT]
[FONT=Courier New][2012/09/21 15:04:17 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Hensense.com[/FONT]
[FONT=Courier New][2012/11/07 08:30:21 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Hex-Rays[/FONT]
[FONT=Courier New][2013/05/03 22:08:47 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Hobbyist Software[/FONT]
[FONT=Courier New][2013/05/08 12:46:29 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\iFunbox_UserCache[/FONT]
[FONT=Courier New][2012/01/20 07:33:38 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\illumination[/FONT]
[FONT=Courier New][2013/01/31 18:37:41 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\ImgBurn[/FONT]
[FONT=Courier New][2013/05/31 11:26:56 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Inbit[/FONT]
[FONT=Courier New][2012/12/03 11:14:51 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\InfoServ[/FONT]
[FONT=Courier New][2012/04/18 13:16:04 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\mjusbsp[/FONT]
[FONT=Courier New][2013/05/23 21:35:31 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Nitro[/FONT]
[FONT=Courier New][2013/04/13 17:37:21 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\oCam[/FONT]
[FONT=Courier New][2011/11/04 20:38:28 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\ooVoo Details[/FONT]
[FONT=Courier New][2013/06/02 19:37:53 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Opera[/FONT]
[FONT=Courier New][2012/12/03 10:36:33 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\OptiFlasher[/FONT]
[FONT=Courier New][2013/06/05 11:29:51 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Orbit[/FONT]
[FONT=Courier New][2012/03/10 07:14:31 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\ProgSense[/FONT]
[FONT=Courier New][2013/05/10 20:30:57 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\redsn0w[/FONT]
[FONT=Courier New][2013/02/19 21:26:43 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Softland[/FONT]
[FONT=Courier New][2011/08/29 13:50:22 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Synaptics[/FONT]
[FONT=Courier New][2012/04/27 18:30:00 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\TeamViewer[/FONT]
[FONT=Courier New][2013/04/30 22:20:39 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\TechSmith[/FONT]
[FONT=Courier New][2013/05/26 21:30:31 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\uTorrent[/FONT]
[FONT=Courier New][2011/10/27 11:19:22 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Windows Live Writer[/FONT]
[FONT=Courier New][2012/01/23 17:02:53 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\Wireshark[/FONT]
[FONT=Courier New][2013/04/17 20:57:09 | 000,000,000 | ---D | M] -- C:\Users\G-Man\AppData\Roaming\WysePocketCloud[/FONT]
[FONT=Courier New][2011/12/20 01:16:36 | 000,000,000 | ---D | M] -- C:\Users\weoin\AppData\Roaming\AVG10[/FONT]
[FONT=Courier New][2013/06/07 21:31:11 | 000,000,000 | ---D | M] -- C:\Users\weoin\AppData\Roaming\CheckPoint[/FONT]
[FONT=Courier New][2013/06/06 01:24:40 | 000,000,000 | ---D | M] -- C:\Users\weoin\AppData\Roaming\ControlCenter4[/FONT]
[FONT=Courier New][2013/06/06 01:25:24 | 000,000,000 | ---D | M] -- C:\Users\weoin\AppData\Roaming\Opera[/FONT]
[FONT=Courier New][2012/05/10 00:36:01 | 000,000,000 | ---D | M] -- C:\Users\weoin\AppData\Roaming\Orbit[/FONT]
[FONT=Courier New][2012/05/10 00:33:45 | 000,000,000 | ---D | M] -- C:\Users\weoin\AppData\Roaming\ProgSense[/FONT]
[FONT=Courier New][2011/12/20 01:16:31 | 000,000,000 | ---D | M] -- C:\Users\weoin\AppData\Roaming\Synaptics[/FONT]
[FONT=Courier New][2013/06/06 01:29:06 | 000,000,000 | ---D | M] -- C:\Users\weoin\AppData\Roaming\TuneUp Software[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]========== Purity Check ==========[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]========== Files - Unicode (All) ==========[/FONT]
[FONT=Courier New][2013/03/20 14:23:21 | 000,000,000 | ---D | M](C:\Users\G-Man\Documents\STEP 2? Clinicals) -- C:\Users\G-Man\Documents\STEP 2[/FONT][FONT=Wingdings]"[/FONT][FONT=Courier New] Clinicals[/FONT]
[FONT=Courier New][2013/03/20 14:19:22 | 000,000,000 | ---D | C](C:\Users\G-Man\Documents\STEP 2? Clinicals) -- C:\Users\G-Man\Documents\STEP 2[/FONT][FONT=Wingdings]"[/FONT][FONT=Courier New] Clinicals[/FONT]
[FONT=Courier New][2011/09/20 18:15:27 | 000,013,348 | ---- | M] ()(C:\Users\G-Man\Documents\Final Exam, DO NOT SHARE! ?.docx) -- C:\Users\G-Man\Documents\Final Exam, DO NOT SHARE! [/FONT][FONT=MS Mincho]☠[/FONT][FONT=Courier New].docx[/FONT]
[FONT=Courier New][2011/09/20 18:15:26 | 000,013,348 | ---- | C] ()(C:\Users\G-Man\Documents\Final Exam, DO NOT SHARE! ?.docx) -- C:\Users\G-Man\Documents\Final Exam, DO NOT SHARE! [/FONT][FONT=MS Mincho]☠[/FONT][FONT=Courier New].docx[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]========== Alternate Data Streams ==========[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]@Alternate Data Stream - 60 bytes -> C:\Users\G-Man\Documents\lec 6 dermatomes and peripheral receptors fall 2011.ppt:AFP_AfpInfo[/FONT]
[FONT=Courier New]@Alternate Data Stream - 60 bytes -> C:\Users\G-Man\Documents\lec 4 neurohistology summer 2011 umhs ernst.ppt:AFP_AfpInfo[/FONT]
[FONT=Courier New]@Alternate Data Stream - 60 bytes -> C:\Users\G-Man\Documents\lec 3 neurodevelopment summer 2011 umhs ernst.ppt:AFP_AfpInfo[/FONT]
[FONT=Courier New]@Alternate Data Stream - 163 bytes -> C:\Users\G-Man\Documents\Musculoskeletal2.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Pulmonology10.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Musculoskeletal7.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Musculoskeletal4.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Gynecology2.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Endocrine4.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Cardiovascular3.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Cardiovascular15.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Cardiovascular13.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Cardiovascular10.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology9.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology7.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology6.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology2.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology12.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology11.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology1.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Psychiatry9.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Psychiatry6.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Neurology8.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Musculoskeletal5.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Gynecology1.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG8.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG7.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG5.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG4.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG3.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG12.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG11.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG10.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Endocrine7.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Endocrine5.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Endocrine3.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Endocrine10.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Dermatology6.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Dermatology5.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Dermatology4.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Dermatology1.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Cardiovascular6.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Cardiovascular5.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Cardiovascular4.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Pulmonology5.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Pulmonology4.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Pulmonology3.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Psychiatry8.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Psychiatry7.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Psychiatry11.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Musculoskeletal6.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Musculoskeletal3.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG1.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Endocrine9.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Endocrine8.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Endocrine2.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Endocrine1.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular2.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular18.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular17.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular16.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular14.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular12.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular11.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Pulmonology8.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Psychiatry10.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Musculoskeletal1.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG9.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG6.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG2.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Endocrine6.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Cardiovascular9.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Cardiovascular8.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Cardiovascular7.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Cardiovascular1.avi:com.dropbox.attributes[/FONT]
[FONT=Courier New]@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:30FD0CBD[/FONT]
[FONT=Courier New] [/FONT]
[FONT=Courier New]< End of report >[/FONT]
 
Extras.txt

OTL Extras logfile created on: 6/7/2013 9:45:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\G-Man\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 3.97 Gb Available Physical Memory | 66.75% Memory free
11.90 Gb Paging File | 9.79 Gb Available in Paging File | 82.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 556.30 Gb Total Space | 32.73 Gb Free Space | 5.88% Space Free | Partition Type: NTFS
Drive D: | 22.87 Gb Total Space | 2.42 Gb Free Space | 10.60% Space Free | Partition Type: NTFS
Drive E: | 6.69 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: G-MAN-HP | User Name: G-Man | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = bfjsfile] -- C:\Program Files (x86)\Bluefish\bluefish.exe (The Bluefish Developers)
.txt[@ = bftxtfile] -- C:\Program Files (x86)\Bluefish\bluefish.exe (The Bluefish Developers)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.js [@ = bfjsfile] -- C:\Program Files (x86)\Bluefish\bluefish.exe (The Bluefish Developers)
.txt [@ = bftxtfile] -- C:\Program Files (x86)\Bluefish\bluefish.exe (The Bluefish Developers)

[HKEY_USERS\S-1-5-21-514776539-1456282578-3287137058-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6A64BA78-27A8-4DA8-9467-DF4C9B3A35A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{86B05A6F-BBF5-48C7-A064-B1C7E99BA5E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A0E4FA91-99C5-4122-A86D-0116B8289357}" = protocol=17 | dir=in | app=c:\users\g-man\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{C5048B25-B328-41AA-9BC8-941D74F80558}" = protocol=6 | dir=in | app=c:\users\g-man\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BCC0AD-0699-48B6-9900-3C53BBCD4DAC}" = AVG 2011
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0DF3F266-B52E-4309-B3CC-233607DF4E50}" = HP 3D DriveGuard
"{10940C91-59FD-48D4-BE53-1A30A0C3235B}" = AVG 2011
"{122CFA16-E9CF-488D-9D4E-60D81F619724}" = AVG 2011
"{17118574-A5FD-4323-B005-311326F748B3}" = AVG 2011
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C6C05E6-FF52-4A03-BCA5-1497579B0B89}" = calibre 64bit
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64
"{2E295B5B-1AD4-4d36-97C2-A316084722C0}" = Python 2.7.2 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{34C5BC15-2401-4980-9D95-ABD2CE8DD08A}" = AVG 2011
"{38D1C189-B133-401C-A729-3C47ED984B31}" = AVG 2011
"{46840293-2480-4754-824E-E7374F9C96E9}" = AVG 2011
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61A3F855-4587-4187-9D77-2EF8CD825A47}" = AVG 2011
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{68554FC7-CB3A-4B8B-ABDF-5125794FE98E}" = AVG 2011
"{68F85A21-1EBD-436C-8BB4-778771D00ECA}" = Air Display Support
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8965228E-F4F1-4281-AAD2-31448A6561B7}" = Foxit PDF IFilter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BAF9E4D0-F3D1-4355-B973-1384CDF1941C}" = Hex Workshop v6.6
"{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}_is1" = Updater By SweetPacks 2.0.0.566
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EB505EA6-2D5E-4920-A3BD-89C28EEFA5FA}" = AVG 2011
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"5118100F6945E20FB40C6DEA7D3D348AFD9E43D7" = Windows Driver Package - Silicon Laboratories (silabenm) Ports (10/05/2012 6.6.0.0)
"AC3ACM" = AC-3 ACM Codec x64 2.2
"AVG" = AVG 2011
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.62.0
"D680DEE0F68D64EC53D0C5769879D15D387054CC" = Windows Driver Package - Silicon Laboratories (silabenm) Ports (12/10/2012 6.6.1.0)
"doPDF 7 printer_is1" = doPDF 7.3 printer
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ImageMagick 6.8.5 Q16 (64-bit)_is1" = ImageMagick 6.8.5-7 Q16 (64-bit) (2013-05-15)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Shop for HP Supplies" = Shop for HP Supplies
"Software Informer_is1" = Software Informer 1.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-bit)
"XviD MPEG-4 Video Codec_is1" = XviD v1.3.0 CVS

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{01E40F91-EAA2-44F6-9E43-77EF4FDC95CD}" = Bulk Image Resizer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0330FC8D-EDB2-455E-A3DC-B56DD107E4BC}" = LogMeIn
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15E65828-58FA-426B-899B-7E6D1694FA6A}" = usbjtagnt
"{164965E8-4BB0-4EEB-AFBA-75785A2A2A7F}" = Adobe Fireworks CS5
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4F8934-FD9B-4BF7-9798-3C38A150824C}" = Brother MFL-Pro Suite ADS-2000
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{265C837F-8675-4327-A9B8-DC35789C133E}" = DishWorld
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2C73154B-F7F9-4B53-AF56-D06846C99EC4}_is1" = VAP11G
"{2E87F4AB-99BF-421C-AF7B-365A9C08549A}" = F300
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{303DCBD5-1AC2-45F9-A8AE-194CE2BA871D}_is1" = ArtistScope Plugin IE 64-bit
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{325988C2-8D7B-460E-8F6F-4747129CA495}" = ZoneAlarm Security
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3BA5091B-CD1D-43DA-A0E0-A93A85E3D555}" = YTD Toolbar v7.1
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{42D10994-A566-495D-A5E7-D0C6B5C6B35C}" = HP Product Detection
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44BD21C2-9132-48DB-B65B-23817E4C6F4B}" = Snagit 11
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B0C1F44-2C49-4C6F-A7A6-658444C8D874}" = HP Connection Manager
"{4BFDDD47-EA77-4F1C-A96E-14B4C61EE04A}_is1" = Illumination Software Creator version 4.1.1
"{4DDBDC46-B7F0-4D39-AAF9-53CA5B692499}" = HP Documentation
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{51268A7D-4E1A-371A-9849-496D48930952}" = Google Talk Plugin
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53652DA6-AD2D-4B0F-80BA-6F3CFE2B48D7}" = ZoneAlarm Security
"{54CCA4E2-D15D-4927-A866-2D33BFED4A8E}" = ZoneAlarm Firewall
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{64C96428-3A75-4AAE-A538-C450EF68175F}" = Xara3D6
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ADCBB79-7B9A-449B-AE31-E1C7116042B9}" = ZoneAlarm Firewall
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72144B9D-58C4-4C09-A5CF-C6A914B912E8}" = Camtasia Studio 8
"{7270C835-15DB-4236-B235-DD6B2EBBD4BA}" = HP CoolSense
"{7774E6AB-D658-40A2-B9FA-7136FA917BAE}" = Advanced IP Scanner
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FB64E72-9B0E-4460-A821-040C341E414A}" = ASUS Ai Charger
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 3.2.2.4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8C8C169B-D493-42C7-A975-7C1E0E4C5847}" = PocketCloud Windows Companion
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3F769D-E9C4-42E5-9B35-82DDCE0790C1}" = Virtual Serial Ports Emulator
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9CEF47-6227-4D03-A3E0-55C2B64F61DE}" = Smart Cutter for DV and DVB
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-1033-FFFF-7760-000000000006}" = Adobe Acrobat XI Pro
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B158F76F-76AB-4115-A4F0-4C6EF6956093}_is1" = VirtualDubMOD 1.5.10.3 US
"{B4920103-09F6-4AD2-B150-CFC4474D2DDC}" = Simple Adblock
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7F60A16-7A7B-41FB-9AE3-DE9E324FBA06}" = HP Software Framework
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1C6816E-CBB3-A748-85F9-A8B47B68985B}" = conotinuetossave
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB011820-5484-4BC9-9644-88C17A69E708}" = WIZ1x0_105SR Configtool
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CDED9EF0-D072-11DF-2EA6-0104A00B0BB3}" = CommView for WiFi
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D14AB89E-2775-465E-BDF6-AE7EF3047A0A}" = Onl9-TV
"{D1725D54-279A-41C5-A73D-23C1785DB920}_is1" = AoA DVD Ripper
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3490D20-3AE0-459D-AAD6-59195140EAC2}_is1" = Sothink SWF Quicker
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E92D47A1-D27D-430A-8368-0BAFD956507D}" = HP Support Assistant
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F446A69E-FD7F-40CB-A1BC-848DB6C582D1}" = usbjtagnt
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"2f1ee195" = Contextual Tool Extrafind
"AC3ACM" = AC-3 ACM Codec 2.2
"Acala DVD Ripper Professional_is1" = Acala DVD Ripper Professional 6.3.6.326
"Ace Password Sniffer v1.4" = Ace Password Sniffer v1.4
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe flex sdk redistributed by sothink_is1" = 3.4.0.9271.1
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced TIFF Editor_is1" = Advanced TIFF Editor 3.6.1.9
"Alarm Clock_is1" = Alarm Clock v1.0
"Amazon Kindle" = Amazon Kindle
"AnalogX NetStat Live" = AnalogX NetStat Live
"AnalogX PacketMon" = AnalogX PacketMon
"ArtistScope Plugin FX" = ArtistScope Plugin FX
"ArtistScope Plugin FX4.2.0.3" = ArtistScope Plugin FX
"ArtistScope Plugin IE" = ArtistScope Plugin IE
"ArtistScope Plugin IE4.2.0.3" = ArtistScope Plugin IE
"Audacity_is1" = Audacity 1.2.6
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"AviSplit Classic (Freeware)_is1" = AviSplit Classic Version 1.43
"B521582C-6BE3-491D-BCC8-FFB8301298E9_is1" = Foxit Advanced PDF Editor 3
"Bitrate Viewer" = Bitrate Viewer 2.3
"Bluefish" = Bluefish 2.0.2
"Browsers Protector" = Browsers Protector
"Channel Master" = Channel Master
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Colasoft Capsa 7 Free_is1" = Colasoft Capsa 7 Free
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com0com" = Null-modem emulator (com0com)
"Coupon Companion Plugin" = Coupon Companion Plugin
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAPlayer_is1" = DAPlayer 1.0.1.9
"devkitProUpdater" = devkitProUpdater 1.5.3
"DivX Setup" = DivX Setup
"DTGDesktop" = Documents To Go Desktop for iPhone
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EasyBits Magic Desktop" = Magic Desktop
"EffeTech HTTP Sniffer v4.1" = EffeTech HTTP Sniffer v4.1
"FastStone Photo Resizer" = FastStone Photo Resizer 3.1
"Fausto" = Fausto
"FileZilla Client" = FileZilla Client 3.7.0.2
"Flip PDF_is1" = Flip PDF
"Foxit Reader" = Foxit Reader
"Free HTTP Sniffer" = Free HTTP Sniffer
"FullShot 9" = FullShot 9.5 (Remove Only)
"GetSavin" = GetSavin
"Giraffic" = Veoh Giraffic Video Accelerator
"GPL Ghostscript 9.06" = GPL Ghostscript
"Graboid Video" = Graboid Video 2.1
"GraphicRegion TIF Printer_is1" = GraphicRegion TIF Printer 1.0
"GTK2-Runtime" = GTK2-Runtime
"Handbrake" = Handbrake 0.9.2
"Havij_is1" = Havij 1.15 Free
"HotspotShield" = Hotspot Shield 2.78
"IDA PRO Advanced Editionv6.1.1" = IDA PRO Advanced Edition
"iFunbox_is1" = iFunbox (v2.6.2375.747), iFunbox DevTeam
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.9.0 (Full)
"LEECHBOX" = LEECHBOX
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MediaBox" = Ó°ÒôºÐ×Ó(MediaBox) 1.2.0.353
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Multi-Page TIFF Editor v.2.4_is1" = Multi-Page TIFF Editor v.2.4
"Multi-Page TIFF Editor v.2.7_is1" = Multi-Page TIFF Editor v.2.7
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NirSoft SniffPass" = NirSoft SniffPass
"NokiaFREE Unlock Codes Calculator" = NokiaFREE Unlock Codes Calculator
"oCam_is1" = oCam version 11.5.0.0
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Opera 12.15.1748" = Opera 12.15
"Orbit_is1" = Orbit Downloader
"PremElem90" = Adobe Premiere Elements 9
"Premiumplay Codec-C" = Premiumplay Codec-C
"RS232 Data Logger_is1" = RS232 Data Logger 2.7 (Build 2.7.0.117)
"SerialMon" = SerialMon
"SMPlayer" = SMPlayer 0.8.1
"SoftPerfect Network Protocol Analyzer_is1" = SoftPerfect Network Protocol Analyzer 2.7
"TeamViewer 8" = TeamViewer 8
"TMACv5.0R3" = Technitium MAC Address Changer v5.0 Release 3
"UltraISO_is1" = UltraISO Premium V9.36
"URLSnooper 2_is1" = URL Snooper v2.32.01
"uTorrent" = µTorrent
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 2.0.6
"VLC Streamer_is1" = VLC Streamer 3.28
"VMware_Workstation" = VMware Workstation
"VSHD Edit_is1" = VSHD Edit 1.7
"Web_4.0.1460.0" = Microsoft Expression Web 4
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.6.5
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089457" = Slingo Supreme
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089470" = FATE - The Traitor Soul
"WT089484" = Namco All-Stars PAC-MAN
"WT089496" = Mystery P.I. - Stolen in San Francisco
"WT089498" = Bejeweled 3
"WT089504" = Final Drive Nitro
"Wubi" = Ubuntu
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-514776539-1456282578-3287137058-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Connect Add-in" = Adobe Connect Add-in
"AlwaysOnPC" = AlwaysOnPC
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.4.0.1082
"magicJack" = magicJack

========== Last 20 Event Log Errors ==========

[ Hewlett-Packard Events ]
Error - 12/28/2012 4:40:41 AM | Computer Name = G-Man-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121228021009.xml
File not created by asset agent

Error - 1/1/2013 1:23:05 PM | Computer Name = G-Man-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011301105232.xml
File not created by asset agent

Error - 1/1/2013 1:23:37 PM | Computer Name = G-Man-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011301105305.xml
File not created by asset agent

Error - 1/2/2013 1:52:52 PM | Computer Name = G-Man-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011302112220.xml
File not created by asset agent

Error - 1/2/2013 1:53:24 PM | Computer Name = G-Man-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011302112252.xml
File not created by asset agent

Error - 1/3/2013 2:22:46 PM | Computer Name = G-Man-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011303115214.xml
File not created by asset agent

Error - 1/3/2013 2:23:18 PM | Computer Name = G-Man-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011303115246.xml
File not created by asset agent

Error - 1/29/2013 1:23:32 PM | Computer Name = G-Man-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011329122326.xml
File not created by asset agent

Error - 3/19/2013 3:12:26 PM | Computer Name = G-Man-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031319121218.xml
File not created by asset agent

Error - 5/24/2013 4:38:27 PM | Computer Name = G-Man-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051324013821.xml
File not created by asset agent

[ HP Connection Manager Events ]
Error - 6/8/2013 12:14:02 AM | Computer Name = G-Man-HP | Source = hpCMSrv | ID = 5
Description = 2013/06/07 21:14:02.229|00000F14|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 6/8/2013 12:17:50 AM | Computer Name = G-Man-HP | Source = hpMobile | ID = 5
Description = 2013/06/07 21:17:50.189|00001B20|Error |[HP.Mobile]Wlan::RefreshPolicies{bool()}|Error
HRESULT E_FAIL has been returned from a call to a COM component.

Error - 6/8/2013 12:17:50 AM | Computer Name = G-Man-HP | Source = hpMobile | ID = 5
Description = 2013/06/07 21:17:50.298|00001B20|Error |[HP.Mobile]Bluetooth::RefreshPolicies{bool()}|Error
HRESULT E_FAIL has been returned from a call to a COM component.

Error - 6/8/2013 12:31:10 AM | Computer Name = G-Man-HP | Source = hpCMSrv | ID = 5
Description = 2013/06/07 21:31:10.456|00001434|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 6/8/2013 12:31:14 AM | Computer Name = G-Man-HP | Source = hpCMSrv | ID = 5
Description = 2013/06/07 21:31:14.840|00001434|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 6/8/2013 12:31:40 AM | Computer Name = G-Man-HP | Source = hpCMSrv | ID = 5
Description = 2013/06/07 21:31:40.471|00001434|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 6/8/2013 12:31:45 AM | Computer Name = G-Man-HP | Source = hpCMSrv | ID = 5
Description = 2013/06/07 21:31:45.448|00001434|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 6/8/2013 12:31:45 AM | Computer Name = G-Man-HP | Source = hpCMSrv | ID = 5
Description = 2013/06/07 21:31:45.448|00001434|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 6/8/2013 12:35:55 AM | Computer Name = G-Man-HP | Source = hpMobile | ID = 5
Description = 2013/06/07 21:35:55.060|00001AD0|Error |[HP.Mobile]Wlan::RefreshPolicies{bool()}|Error
HRESULT E_FAIL has been returned from a call to a COM component.

Error - 6/8/2013 12:35:55 AM | Computer Name = G-Man-HP | Source = hpMobile | ID = 5
Description = 2013/06/07 21:35:55.506|00001AD0|Error |[HP.Mobile]Bluetooth::RefreshPolicies{bool()}|Error
HRESULT E_FAIL has been returned from a call to a COM component.


< End of report >
 
redtarget.gif
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
Code: 
:OTL
IE - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118;ftp=127.0.0.1:8118;socks=127.0.0.1:9050 
FF - prefs.js..browser.search.defaultenginename: "error"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "error"
FF - prefs.js..browser.search.selectedEngine: "error"
FF - prefs.js..browser.startup.homepage: "error"
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:6.6
FF - prefs.js..extensions.enabledItems: ytd@mybrowserbar.com:7.0
FF - prefs.js..keyword.URL: "error"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
File not found (No name found) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\AFURLADVISOR@ANCHORFREE.COM
File not found (No name found) -- C:\PROGRAM FILES (X86)\YTD TOOLBAR\FF
File not found (No name found) -- C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
File not found (No name found) -- C:\USERS\G-MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GJN7YMQU.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}
File not found (No name found) -- C:\USERS\G-MAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GJN7YMQU.DEFAULT\EXTENSIONS\ADDON@DEFAULTTAB.COM
CHR - plugin: StartSearch Video plug-in (Disabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
O2 - BHO: (GetSavin 5.0) - {2FF7C269-7AE2-49C7-86C2-B2F5E26F96C1} - C:\Users\G-Man\AppData\Local\getsavin\ie\getsavin_1367485142.dll File not found
O2 - BHO: (conotinuetossave) - {C453BC06-C896-B0C0-A6D3-6A9F9056E08D} - C:\ProgramData\conotinuetossave\51b00ab37e0f7.dll File not found
O4:64bit: - HKLM..\Run: [ISW] File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O15 - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\..Trusted Domains: kaptest.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-514776539-1456282578-3287137058-1000\..Trusted Domains: kaptest.com ([www] https in Trusted sites)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 60 bytes -> C:\Users\G-Man\Documents\lec 6 dermatomes and peripheral receptors fall 2011.ppt:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\G-Man\Documents\lec 4 neurohistology summer 2011 umhs ernst.ppt:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\G-Man\Documents\lec 3 neurodevelopment summer 2011 umhs ernst.ppt:AFP_AfpInfo
@Alternate Data Stream - 163 bytes -> C:\Users\G-Man\Documents\Musculoskeletal2.avi:com.dropbox.attributes
@Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Pulmonology10.avi:com.dropbox.attributes
@Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Musculoskeletal7.avi:com.dropbox.attributes
@Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Musculoskeletal4.avi:com.dropbox.attributes
@Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Gynecology2.avi:com.dropbox.attributes
@Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Endocrine4.avi:com.dropbox.attributes
@Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Cardiovascular3.avi:com.dropbox.attributes
@Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Cardiovascular15.avi:com.dropbox.attributes
@Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Cardiovascular13.avi:com.dropbox.attributes
@Alternate Data Stream - 162 bytes -> C:\Users\G-Man\Documents\Cardiovascular10.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology9.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology7.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology6.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology2.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology12.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology11.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Pulmonology1.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Psychiatry9.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Psychiatry6.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Neurology8.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Musculoskeletal5.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Gynecology1.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG8.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG7.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG5.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG4.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG3.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG12.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG11.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG10.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Endocrine7.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Endocrine5.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Endocrine3.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Endocrine10.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Dermatology6.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Dermatology5.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Dermatology4.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Dermatology1.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Cardiovascular6.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Cardiovascular5.avi:com.dropbox.attributes
@Alternate Data Stream - 161 bytes -> C:\Users\G-Man\Documents\Cardiovascular4.avi:com.dropbox.attributes
@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Pulmonology5.avi:com.dropbox.attributes
@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Pulmonology4.avi:com.dropbox.attributes
@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Pulmonology3.avi:com.dropbox.attributes
@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Psychiatry8.avi:com.dropbox.attributes
@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Psychiatry7.avi:com.dropbox.attributes
@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Psychiatry11.avi:com.dropbox.attributes
@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Musculoskeletal6.avi:com.dropbox.attributes
@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Musculoskeletal3.avi:com.dropbox.attributes
@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG1.avi:com.dropbox.attributes
@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Endocrine9.avi:com.dropbox.attributes
@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Endocrine8.avi:com.dropbox.attributes
@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Endocrine2.avi:com.dropbox.attributes
@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Endocrine1.avi:com.dropbox.attributes
@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular2.avi:com.dropbox.attributes
@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular18.avi:com.dropbox.attributes
@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular17.avi:com.dropbox.attributes
@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular16.avi:com.dropbox.attributes
@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular14.avi:com.dropbox.attributes
@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular12.avi:com.dropbox.attributes
@Alternate Data Stream - 160 bytes -> C:\Users\G-Man\Documents\Cardiovascular11.avi:com.dropbox.attributes
@Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Pulmonology8.avi:com.dropbox.attributes
@Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Psychiatry10.avi:com.dropbox.attributes
@Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Musculoskeletal1.avi:com.dropbox.attributes
@Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG9.avi:com.dropbox.attributes
@Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG6.avi:com.dropbox.attributes
@Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\ER-ICU-SURG2.avi:com.dropbox.attributes
@Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Endocrine6.avi:com.dropbox.attributes
@Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Cardiovascular9.avi:com.dropbox.attributes
@Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Cardiovascular8.avi:com.dropbox.attributes
@Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Cardiovascular7.avi:com.dropbox.attributes
@Alternate Data Stream - 159 bytes -> C:\Users\G-Man\Documents\Cardiovascular1.avi:com.dropbox.attributes
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:30FD0CBD

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

redtarget.gif
Update Malwarebytes, run quick scan and post fresh log.

Last scans....

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Sorry for the delay in response. I had a bit of a rough few days with work. I will perform those and get back to you.
 
Yes sir. I have done everything except for the online scanning (it stopped midway). My Internet stopped working day before (some line problem with Comcast). They will be here to fix it in 2 days. I will be able to scan then. Sorry about that.
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.13.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
G-Man :: G-MAN-HP [administrator]

6/13/2013 9:32:07 PM
mbam-log-2013-06-13 (21-32-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246835
Time elapsed: 9 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
OTL fix
All processes killed
========== OTL ==========
HKU\S-1-5-21-514776539-1456282578-3287137058-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-514776539-1456282578-3287137058-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "error" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.defaulturl
Prefs.js: "error" removed from browser.search.order.1
Prefs.js: "error" removed from browser.search.selectedEngine
Prefs.js: "error" removed from browser.startup.homepage
Prefs.js: wtxpcom@mybrowserbar.com:6.6 removed from extensions.enabledItems
Prefs.js: ytd@mybrowserbar.com:7.0 removed from extensions.enabledItems
Prefs.js: "error" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
File C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2FF7C269-7AE2-49C7-86C2-B2F5E26F96C1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2FF7C269-7AE2-49C7-86C2-B2F5E26F96C1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C453BC06-C896-B0C0-A6D3-6A9F9056E08D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C453BC06-C896-B0C0-A6D3-6A9F9056E08D}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ISW deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ not found.
Registry key HKEY_USERS\S-1-5-21-514776539-1456282578-3287137058-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kaptest.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-514776539-1456282578-3287137058-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kaptest.com\www\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
ADS C:\Users\G-Man\Documents\lec 6 dermatomes and peripheral receptors fall 2011.ppt:AFP_AfpInfo deleted successfully.
ADS C:\Users\G-Man\Documents\lec 4 neurohistology summer 2011 umhs ernst.ppt:AFP_AfpInfo deleted successfully.
ADS C:\Users\G-Man\Documents\lec 3 neurodevelopment summer 2011 umhs ernst.ppt:AFP_AfpInfo deleted successfully.
ADS C:\Users\G-Man\Documents\Musculoskeletal2.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Pulmonology10.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Musculoskeletal7.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Musculoskeletal4.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Gynecology2.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Endocrine4.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Cardiovascular3.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Cardiovascular15.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Cardiovascular13.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Cardiovascular10.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Pulmonology9.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Pulmonology7.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Pulmonology6.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Pulmonology2.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Pulmonology12.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Pulmonology11.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Pulmonology1.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Psychiatry9.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Psychiatry6.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Neurology8.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Musculoskeletal5.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Gynecology1.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\ER-ICU-SURG8.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\ER-ICU-SURG7.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\ER-ICU-SURG5.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\ER-ICU-SURG4.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\ER-ICU-SURG3.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\ER-ICU-SURG12.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\ER-ICU-SURG11.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\ER-ICU-SURG10.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Endocrine7.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Endocrine5.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Endocrine3.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Endocrine10.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Dermatology6.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Dermatology5.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Dermatology4.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Dermatology1.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Cardiovascular6.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Cardiovascular5.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Cardiovascular4.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Pulmonology5.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Pulmonology4.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Pulmonology3.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Psychiatry8.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Psychiatry7.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Psychiatry11.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Musculoskeletal6.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Musculoskeletal3.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\ER-ICU-SURG1.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Endocrine9.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Endocrine8.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Endocrine2.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Endocrine1.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Cardiovascular2.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Cardiovascular18.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Cardiovascular17.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Cardiovascular16.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Cardiovascular14.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Cardiovascular12.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Cardiovascular11.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Pulmonology8.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Psychiatry10.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Musculoskeletal1.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\ER-ICU-SURG9.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\ER-ICU-SURG6.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\ER-ICU-SURG2.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Endocrine6.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Cardiovascular9.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Cardiovascular8.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Cardiovascular7.avi:com.dropbox.attributes deleted successfully.
ADS C:\Users\G-Man\Documents\Cardiovascular1.avi:com.dropbox.attributes deleted successfully.
ADS C:\ProgramData\Temp:30FD0CBD deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: G-Man
->Temp folder emptied: 1140158522 bytes
->Temporary Internet Files folder emptied: 187662914 bytes
->Java cache emptied: 37889606 bytes
->FireFox cache emptied: 76703800 bytes
->Google Chrome cache emptied: 256111828 bytes
->Opera cache emptied: 11287951 bytes
->Flash cache emptied: 5368030 bytes

User: Public
->Temp folder emptied: 0 bytes

User: weoin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 463755 bytes
->FireFox cache emptied: 31012026 bytes
->Opera cache emptied: 240 bytes
->Flash cache emptied: 42231 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2623166 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 112579 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,668.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: G-Man
->Java cache emptied: 0 bytes

User: Public

User: weoin

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: G-Man
->Flash cache emptied: 0 bytes

User: Public

User: weoin
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06132013_211037

Files\Folders moved on Reboot...
C:\Users\G-Man\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\G-Man\AppData\Local\Temp\~DF5102AE56534D7DCD.TMP not found!
C:\Users\G-Man\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
You must log in or register to reply here.

Similar threads

A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
C
Facebook stubbornly refuses to load pictures
Replies
0
Views
1K
catc01
C
ingeborgdot
Need help with no internet problem
Replies
4
Views
1K
ingeborgdot
ingeborgdot

Latest posts

Back