dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
2755
share rss forum feed

CaroleCC

join:2013-10-13
Uited States

1 edit

[Virus] I accidentally downloaded conduit App and search

I need help in removing this. I am attaching all the logs requested because the post was too large to put it all in this post.
If you need any further information, let me know please.
Thank you so much,
Carole

I have attached those that I could. The LAST two are below.

Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
SpywareBlaster 5.0
Secunia PSI (3.0.0.2004)
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Flash Player 11.9.900.117
Adobe Reader 10.1.8 [color=red]Adobe Reader out of Date![/color]
Mozilla Firefox (24.0)
Google Chrome 30.0.1599.66
Google Chrome 30.0.1599.69
[u]````````Process Check: objlist.exe by Laurent````````[/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 2%
[u]````````````````````End of Log``````````````````````[/u]



lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast
Hi, please follow all the steps for our forum carefully:

»Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance

Our FAQ will tell you what programs we need and how to attempt to get them to run .
It will also show what logs need to be attached to your post - as well as where to locate them

Security check (you posted above) is but one of our required steps

»Site FAQ »How do I post attachments and screenshots?

Let me know if you need help with the others
Post back when completed, we'll be waiting

»Security Cleanup FAQ »How to post for assistance

»Security Cleanup FAQ »So...What is this Forum all about?


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

1 recommendation

reply to CaroleCC
When all the logs are in I'll handle this one.

CaroleCC

join:2013-10-13
Uited States
downloadMBAM-log-201···0-13.txt 2,150 bytesdownloadAdwCleaner[S0].txt 15,533 bytesdownloadOTL.Txt 131,150 bytes
downloadExtras.Txt 70,992 bytes  
I am trying again to attach the rest of the required logs:


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to CaroleCC
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.10.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
admin :: ADMIN-PC [administrator]

10/13/2013 12:00:22 PM
MBAM-log-2013-10-13 (12-45-10).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 390563
Time elapsed: 43 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\admin\Downloads\tm-Installer_weirdparkscarytales.exe (PUP.Optional.OpenCandy) -> No action taken.

(end)
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2013


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to CaroleCC
# AdwCleaner v3.007 - Report created 13/10/2013 at 12:56:41
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : admin - ADMIN-PC
# Running from : C:\Users\admin\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\iWin
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Alawar Stargaze
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\admin\AppData\Local\Conduit
Folder Deleted : C:\Users\admin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\admin\AppData\Roaming\iWin
Folder Deleted : C:\Users\admin\AppData\Roaming\quickclick
Folder Deleted : C:\Users\admin\AppData\Roaming\Alawar Stargaze
Folder Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\i0nu22ml.default\Smartbar
Folder Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\i0nu22ml.default\CT3289663
Folder Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\i0nu22ml.default\Extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}
Folder Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim
File Deleted : C:\END
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\i0nu22ml.default\searchplugins\Conduit.xml
File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\i0nu22ml.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289663
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_nemfjadlboooiffmcelkafilagddogim]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\i0nu22ml.default\prefs.js ]

Line Deleted : user_pref("CT3289663.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3289663.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3289663.1000234.TWC_TMP_city", "ALSIP");
Line Deleted : user_pref("CT3289663.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3289663.1000234.TWC_country", "UNITED STATES");
Line Deleted : user_pref("CT3289663.1000234.TWC_locId", "USIL0021");
Line Deleted : user_pref("CT3289663.1000234.TWC_location", "Alsip, IL");
Line Deleted : user_pref("CT3289663.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3289663.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3289663.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3289663.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.FF19Solved", "true");
Line Deleted : user_pref("CT3289663.FirstTime", "true");
Line Deleted : user_pref("CT3289663.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3289663.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN38573953761740816&UM=2&q=");
Line Deleted : user_pref("CT3289663.UserID", "UN38573953761740816");
Line Deleted : user_pref("CT3289663.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3289663.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3289663.countryCode", "US");
Line Deleted : user_pref("CT3289663.defaultSearch", "true");
Line Deleted : user_pref("CT3289663.embeddedsData", "[{\"appId\":\"130067724014616498\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3289663.enableAlerts", "true");
Line Deleted : user_pref("CT3289663.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3289663.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3289663.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3289663.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3289663.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3289663.fullUserID", "UN38573953761740816.IN.20131011160948");
Line Deleted : user_pref("CT3289663.installDate", "11/10/2013 16:09:50");
Line Deleted : user_pref("CT3289663.installId", "stub.exe");
Line Deleted : user_pref("CT3289663.installSessionId", "{3DBD31DF-748E-4747-81EC-441781F561D9}");
Line Deleted : user_pref("CT3289663.installSp", "TRUE");
Line Deleted : user_pref("CT3289663.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3289663.installUsage", "2013-10-12T19:13:58.6460316+03:00");
Line Deleted : user_pref("CT3289663.installUsageEarly", "2013-10-12T19:13:58.2866543+03:00");
Line Deleted : user_pref("CT3289663.installerVersion", "1.7.1.4");
Line Deleted : user_pref("CT3289663.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3289663.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3289663.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3289663.keyword", "true");
Line Deleted : user_pref("CT3289663.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3289663&octid=CT3289663&SearchSource=15&CUI=UN38573953761740816&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3289663.lastVersion", "10.20.1.8");
Line Deleted : user_pref("CT3289663.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3289663.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3289663%26CUI%3DUN38573953761740816%26UM%3D2%26SearchSource%3D13\",\"EB_MAIN_FRAME_[...]
Line Deleted : user_pref("CT3289663.openThankYouPage", "false");
Line Deleted : user_pref("CT3289663.openUninstallPage", "true");
Line Deleted : user_pref("CT3289663.originalHomepage", "hxxp://xfinity.comcast.net/home/x/");
Line Deleted : user_pref("CT3289663.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3289663.originalSearchEngine", "");
Line Deleted : user_pref("CT3289663.originalSearchEngineName", "");
Line Deleted : user_pref("CT3289663.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3289663.search.searchAppId", "130067724014616498");
Line Deleted : user_pref("CT3289663.search.searchCount", "0");
Line Deleted : user_pref("CT3289663.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3289663.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3289663.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3289663.searchRevert", "false");
Line Deleted : user_pref("CT3289663.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3289663.searchUserMode", "2");
Line Deleted : user_pref("CT3289663.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3289663\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://InternetHelper31.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"InternetHelper3.1 \"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_services_Configuration_lastUpdate", "1381594470173");
Line Deleted : user_pref("CT3289663.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1381594470284");
Line Deleted : user_pref("CT3289663.serviceLayer_services_appsMetadata_lastUpdate", "1381594833956");
Line Deleted : user_pref("CT3289663.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1381594470059");
Line Deleted : user_pref("CT3289663.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1381594470146");
Line Deleted : user_pref("CT3289663.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1381594470619");
Line Deleted : user_pref("CT3289663.serviceLayer_services_login_10.20.1.8_lastUpdate", "1381594470496");
Line Deleted : user_pref("CT3289663.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1381594470085");
Line Deleted : user_pref("CT3289663.serviceLayer_services_searchAPI_lastUpdate", "1381594470107");
Line Deleted : user_pref("CT3289663.serviceLayer_services_serviceMap_lastUpdate", "1381594469609");
Line Deleted : user_pref("CT3289663.serviceLayer_services_toolbarContextMenu_lastUpdate", "1381594470024");
Line Deleted : user_pref("CT3289663.serviceLayer_services_toolbarSettings_lastUpdate", "1381594833933");
Line Deleted : user_pref("CT3289663.serviceLayer_services_translation_lastUpdate", "1381594470049");
Line Deleted : user_pref("CT3289663.settingsINI", true);
Line Deleted : user_pref("CT3289663.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3289663.showToolbarPermission", "false");
Line Deleted : user_pref("CT3289663.smartbar.CTID", "CT3289663");
Line Deleted : user_pref("CT3289663.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3289663.smartbar.homepage", "true");
Line Deleted : user_pref("CT3289663.smartbar.toolbarName", "InternetHelper3.1 ");
Line Deleted : user_pref("CT3289663.startPage", "true");
Line Deleted : user_pref("CT3289663.toolbarBornServerTime", "12-10-2013");
Line Deleted : user_pref("CT3289663.toolbarCurrentServerTime", "12-10-2013");
Line Deleted : user_pref("CT3289663.toolbarLoginClientTime", "Sat Oct 12 2013 11:14:30 GMT-0500 (Central Standard Time)");
Line Deleted : user_pref("CT3289663.versionFromInstaller", "10.20.1.8");
Line Deleted : user_pref("CT3289663.xpeMode", "0");
Line Deleted : user_pref("CT3289663_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1381601605465,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289663&CUI=UN38573953761740816&UM=2&SearchSource=13");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "InternetHelper3.1 Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN38573953761740816&UM=2&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289663");
Line Deleted : user_pref("browser.search.defaultenginename", "InternetHelper3.1 Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "InternetHelper3.1 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&CUI=UN38573953761740816&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "InternetHelper3.1 Customized Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3289663&CUI=UN38573953761740816&UM=2&SearchSource=13");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN38573953761740816&UM=2&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3289663");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289663&CUI=UN38573953761740816&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3289663&CUI=UN38573953761740816&UM=2[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN38573953761740816&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3289663");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3289663");
Line Deleted : user_pref("smartbar.machineId", "HCRQSCDP2TAH6LCKGGG+USLMI+1RUKBVCDMSM6HCVFOGGAT73HELU+YDYQNP1DMQPSIZKXG1W2QO1L578IKH4Q");

-\\ Google Chrome v30.0.1599.69

[ File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : keyword
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [15462 octets] - [13/10/2013 12:56:10]
AdwCleaner[S0].txt - [15379 octets] - [13/10/2013 12:56:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15440 octets] ##########
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2013


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast
reply to CaroleCC
OTL logfile created on: 10/13/2013 1:09:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.12 Gb Available Physical Memory | 76.63% Memory free
15.96 Gb Paging File | 13.96 Gb Available in Paging File | 87.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.22 Gb Total Space | 842.33 Gb Free Space | 92.14% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/10/13 13:08:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
PRC - [2013/09/16 12:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/08/20 06:54:12 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/08/09 15:37:04 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/21 21:43:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/06/27 02:25:06 | 001,326,176 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2012/06/27 02:25:04 | 000,572,000 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/01 12:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
PRC - [2011/09/06 12:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 12:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/10/26 21:27:00 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010/10/01 16:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 18:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/10 16:26:30 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/11/25 20:42:26 | 000,095,632 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
PRC - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
PRC - [2009/10/23 12:31:44 | 000,326,144 | ---- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
PRC - [2009/09/28 17:56:18 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013/10/10 17:17:18 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll
MOD - [2013/10/10 15:51:20 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll
MOD - [2013/10/10 15:50:52 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 15:50:45 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll
MOD - [2013/10/10 15:50:38 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/10 15:50:34 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/13 20:04:41 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/09/13 20:04:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/16 12:32:34 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ebdb3050959d9be47d33d2c77d6cc291\IAStorUtil.ni.dll
MOD - [2013/08/15 10:16:57 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 10:16:46 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 10:16:43 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/12 11:43:56 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\34002b75cd0faab68bf8079299c1aa46\IAStorCommon.ni.dll
MOD - [2013/07/12 10:58:06 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/12 10:56:50 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/02/01 12:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
MOD - [2012/02/01 12:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
MOD - [2012/02/01 12:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/24 22:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/10/23 12:31:44 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\utility.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:64bit: - [2013/08/12 14:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/08/12 14:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/10/11 16:09:54 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/28 09:05:52 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/16 12:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/08/20 06:54:12 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/08/09 15:37:04 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/07/25 08:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/27 02:25:06 | 001,326,176 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/06/27 02:25:04 | 000,681,056 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/06/14 17:22:58 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/25 05:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/10/26 18:26:58 | 000,236,016 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/08/25 20:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto | Running] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/02/18 10:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/09/28 21:52:10 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/17 16:26:48 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020200}_0)
DRV:64bit: - [2012/08/10 03:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/07/16 17:36:24 | 000,142,944 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt61.sys -- (vidsflt61)
DRV:64bit: - [2012/07/16 17:36:22 | 000,133,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/16 09:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 20:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/14 07:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/06/08 07:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/05/20 18:42:44 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.net/
IE - HKCU\..\SearchScopes,DefaultScope = {DB464FC3-E925-4FF9-9AAB-71CE8786B422}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{DB464FC3-E925-4FF9-9AAB-71CE8786B422}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN19360716611327897&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.5.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/09/28 09:05:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/06/24 15:14:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Extensions
[2013/10/12 13:29:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\i0nu22ml.default\extensions
[2012/12/06 13:19:24 | 000,000,000 | ---D | M] (Redirector) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\i0nu22ml.default\extensions\redirector@einaregilsson.com
[2013/09/03 11:56:01 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\i0nu22ml.default\extensions\support@lastpass.com
[2013/09/03 11:56:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\i0nu22ml.default\extensions\trash
[2013/08/02 16:25:46 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\i0nu22ml.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/09/28 09:05:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/09/28 09:05:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/29 09:43:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/28 09:05:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/29 09:43:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://www.google.com
CHR - default_search_provider: suggest_url = http://www.google.com,
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.12.0.13601_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [20090604] C:\Program Files (x86)\Common Files\Datalode\Encore\Hoyle Slots 2010\encore_reg.exe /r "C:\Program Files (x86)\Common Files\Datalode\Encore\Hoyle Slots 2010\encore_reg.rpd" File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: LastPass - file://C:\Users\admin\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Users\admin\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: LastPass - file://C:\Users\admin\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\admin\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.gamehouse.com/games/gamehouse/ghplayer.cab (GameHouse Games Player)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0699C1BD-6500-4812-A34F-F26831FAD76C}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B4E5DBC-D595-421A-B460-B82CA0BFF7CA}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/10/13 13:08:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2013/10/13 12:54:14 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/13 11:52:42 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\TFC.exe
[2013/10/11 16:10:11 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\CRE
[2013/10/11 10:00:26 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/10/11 10:00:26 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/10/10 15:44:01 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/10 15:44:01 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/10 15:44:00 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/10/10 15:44:00 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/10/10 15:44:00 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/10/10 15:44:00 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/10/10 15:44:00 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/10/10 15:44:00 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/10/10 15:44:00 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/10/10 15:44:00 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/10/10 15:44:00 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/10/10 15:43:58 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/10 15:43:58 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/10 15:43:58 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/10 15:43:57 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/10/10 09:24:22 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/10 09:24:21 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/10 09:24:20 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/10 09:24:20 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/10 09:24:20 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/10 09:24:20 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/10 09:24:20 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/10/10 09:24:20 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/10 09:24:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/10/10 09:24:19 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013/10/10 09:24:19 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/10 09:24:18 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/10 09:24:18 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/10/10 09:24:18 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/10 09:24:17 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/10 09:24:17 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/10 09:24:17 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/10/10 09:24:16 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/10/10 09:24:16 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/10/10 09:24:16 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/10 09:24:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/10 09:24:15 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/10 09:24:15 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/10 09:24:15 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/10 09:24:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/10 09:24:12 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 09:24:12 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/10 09:24:11 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/09/28 09:05:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/09/21 12:20:45 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/09/21 12:20:39 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013/09/21 12:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/09/17 13:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon Games
[2013/09/17 13:35:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\100 Hidden Objects
[2013/09/17 13:33:35 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\Amazon Downloads
[2013/09/17 13:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Amazon
[2013/09/17 13:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2013/09/17 13:33:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Amazon Games & Software
[2013/09/17 13:33:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012/11/01 20:39:17 | 014,823,424 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/10/13 13:08:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2013/10/13 13:08:30 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/13 13:08:30 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/13 12:59:31 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/13 12:58:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/13 12:58:04 | 2133,676,031 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/13 12:52:37 | 001,048,960 | ---- | M] () -- C:\Users\admin\Desktop\adwcleaner.exe
[2013/10/13 12:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/13 12:44:50 | 000,072,455 | ---- | M] () -- C:\Users\admin\Desktop\Malwarebytes screenshot 10-13.JPG
[2013/10/13 11:59:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/13 11:52:42 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\TFC.exe
[2013/10/12 13:41:29 | 000,091,164 | ---- | M] () -- C:\Users\admin\Desktop\Condoit -2.jpg
[2013/10/12 13:40:43 | 000,062,414 | ---- | M] () -- C:\Users\admin\Desktop\condoit -1.jpg
[2013/10/11 16:09:54 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/11 16:09:54 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/11 10:01:55 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/10/10 15:53:48 | 000,783,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/10 15:53:48 | 000,663,222 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/10 15:53:48 | 000,122,090 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/10 15:47:40 | 000,863,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/10 15:42:27 | 000,777,142 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/10 11:10:38 | 000,021,806 | ---- | M] () -- C:\Users\admin\Desktop\Forget.JPG
[2013/10/05 15:00:28 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/03 13:29:28 | 000,002,245 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/29 09:43:47 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/09/22 18:27:49 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/22 18:27:48 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/22 18:27:48 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/22 18:27:48 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/22 18:27:48 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/22 17:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/22 17:54:55 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/22 17:54:51 | 003,959,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/22 17:54:51 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/22 17:54:50 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/22 17:54:50 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/22 17:54:50 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/22 17:54:50 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/21 13:53:57 | 000,014,378 | ---- | M] () -- C:\Users\admin\Desktop\2003.JPG
[2013/09/21 13:51:02 | 000,013,110 | ---- | M] () -- C:\Users\admin\Desktop\2006.JPG
[2013/09/20 21:48:36 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/09/20 21:39:47 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/09/17 13:35:52 | 000,001,063 | ---- | M] () -- C:\Users\admin\Desktop\100 Hidden Objects.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/10/13 12:52:37 | 001,048,960 | ---- | C] () -- C:\Users\admin\Desktop\adwcleaner.exe
[2013/10/13 12:44:49 | 000,072,455 | ---- | C] () -- C:\Users\admin\Desktop\Malwarebytes screenshot 10-13.JPG
[2013/10/12 13:41:29 | 000,091,164 | ---- | C] () -- C:\Users\admin\Desktop\Condoit -2.jpg
[2013/10/12 13:40:43 | 000,062,414 | ---- | C] () -- C:\Users\admin\Desktop\condoit -1.jpg
[2013/10/10 11:10:38 | 000,021,806 | ---- | C] () -- C:\Users\admin\Desktop\Forget.JPG
[2013/09/21 13:53:57 | 000,014,378 | ---- | C] () -- C:\Users\admin\Desktop\2003.JPG
[2013/09/21 13:51:02 | 000,013,110 | ---- | C] () -- C:\Users\admin\Desktop\2006.JPG
[2013/09/21 12:20:37 | 000,001,267 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013/09/17 13:35:52 | 000,001,063 | ---- | C] () -- C:\Users\admin\Desktop\100 Hidden Objects.lnk
[2013/08/25 10:00:38 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\gcapi_dll.dll
[2012/12/11 15:42:36 | 000,514,048 | ---- | C] () -- C:\Users\admin\10385520.dot
[2012/10/06 15:27:49 | 000,000,132 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/06/15 14:00:15 | 000,003,584 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/30 13:18:33 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/02/07 13:07:01 | 000,000,230 | ---- | C] () -- C:\ProgramData\settings.xml
[2011/06/25 14:02:06 | 000,025,591 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/06/23 21:27:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2011/08/24 18:41:56 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\3M
[2012/07/16 17:37:06 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Acronis
[2012/03/21 17:52:07 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Alawar
[2011/10/10 15:25:04 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Alawar Entertainment
[2013/03/06 16:42:17 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\AlawarEntertainment
[2012/12/19 13:21:15 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\AlexanderTheGreat
[2012/07/18 20:08:57 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Amaranth Games
[2012/08/17 12:44:33 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Amulet_of_time
[2012/05/29 15:21:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Anarchy
[2012/11/17 15:56:46 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Arkadium
[2013/02/24 18:18:48 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Artifex Mundi
[2013/02/23 15:49:25 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ArtifexMundi
[2013/02/28 15:46:30 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Awem
[2012/02/29 12:57:10 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Between The Worlds 2
[2012/03/12 16:24:02 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Big Finish
[2012/03/25 13:19:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\bigwig_media
[2012/12/22 18:48:49 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Blue Tea Games
[2013/02/28 16:35:37 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Brabl
[2011/08/09 20:16:38 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\BrablGames
[2013/08/12 10:39:18 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Canon
[2012/10/31 13:21:21 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\casualArts
[2013/09/17 13:35:55 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\cerasus.media
[2012/08/01 11:46:15 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Chronoclasm Chronicles
[2012/10/06 13:59:20 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/05/22 12:42:37 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\com.custardsquare.CircusCircus.RunAwayWithTheCircus
[2012/06/24 17:59:18 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\CoronationStreetPC
[2011/07/16 14:13:50 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Crown
[2012/08/25 15:47:24 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Daedalic Entertainment
[2012/06/30 16:22:18 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Deep Shadows
[2012/01/08 15:25:57 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DieselPuppet
[2012/10/20 15:55:46 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DominiGames
[2013/04/14 13:49:04 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Enlightenus2_BFG_Survey
[2012/05/24 12:06:52 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\EntwinedSoD
[2012/01/08 15:32:52 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\FamilyVacationCalifornia
[2012/12/12 16:23:02 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Finders_Keepers_Christmas
[2012/03/07 09:08:45 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Fingertapps
[2012/06/05 18:49:49 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Floodlight Games
[2012/05/03 14:20:05 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\FlowerOfImmortality
[2012/03/07 17:23:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\FlyWheelGames
[2013/08/25 10:00:54 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Foxit Software
[2012/07/24 11:53:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Freeze Tag
[2012/05/14 19:29:59 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Friday's games
[2012/03/21 17:43:56 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Frogwares
[2011/07/22 16:51:14 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Funlinker
[2011/09/25 19:54:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Funswitch
[2012/08/17 11:39:58 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Fuzzy Bug Interactive
[2012/07/14 11:13:02 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GameHouse
[2012/08/24 11:15:11 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GameMill
[2013/02/23 16:08:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GameMill Entertainment
[2011/07/29 20:34:26 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GestaltGames
[2011/08/24 18:41:07 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GetRightToGo
[2012/04/20 17:17:58 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\GO Games
[2012/10/04 19:35:10 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Gogii
[2013/03/29 11:36:20 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Gogii Games
[2011/07/08 16:25:23 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Green Clover Games
[2012/10/04 19:43:14 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\HeadRightGames
[2012/12/11 18:37:53 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Heaven&Hell
[2013/02/23 16:01:49 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Hidden Objects LesMiserables
[2012/02/15 16:26:16 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Hidden Objects XIII
[2011/09/26 13:48:17 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\HitPoint Studios
[2011/08/03 16:23:10 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\IBU_ST
[2012/11/28 13:17:19 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Inertia Game Studios
[2012/09/09 14:14:40 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\InfernalBros
[2011/07/15 12:14:22 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\IrfanView
[2012/10/20 16:26:33 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Iroz Games
[2012/12/12 16:23:03 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\JenKat
[2012/04/20 13:41:25 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\JoyBits
[2013/02/23 16:12:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Legacy Games
[2012/09/12 13:49:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\LegacyGames
[2012/07/08 18:58:17 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\LegacyInteractive
[2012/03/27 21:33:07 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\MagicIndie
[2012/05/15 11:01:17 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\margrave1
[2011/07/07 20:34:08 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\margrave3_full
[2012/11/15 15:07:04 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\md studio
[2012/05/18 15:31:01 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Meridian93
[2011/08/29 14:05:14 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\MoMB
[2013/04/01 11:20:33 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\MumboJumbo
[2011/06/27 20:10:01 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\My Games
[2012/07/29 15:05:56 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\MysteryStudio
[2012/04/12 17:01:42 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Natural Threat.Ominous Shores
[2012/08/17 18:58:50 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\No Company Name
[2012/11/17 15:56:01 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Oberon Media
[2011/07/14 12:10:07 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PCDr
[2012/11/01 14:59:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PlataGames
[2011/12/23 14:57:02 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PlayPond
[2012/08/11 15:36:41 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PlayWay
[2012/06/01 18:24:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\PopCap Games
[2011/11/30 17:16:56 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Rainbow
[2012/02/07 12:37:29 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Red Dot
[2012/11/28 12:39:46 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\ReelTen
[2012/08/15 19:08:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\rokapublish
[2011/08/31 15:02:00 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Rovio
[2012/04/20 14:43:55 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SecretsOfTheTitanic
[2013/03/29 11:42:10 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Silverback Games
[2012/08/08 16:17:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Silverback Productions
[2012/09/16 18:45:47 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SMIGames
[2012/11/09 15:24:14 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Specialbit
[2012/02/07 13:08:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SpinTop Games
[2012/05/29 17:40:34 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\SprillRichiEng
[2012/11/23 13:05:03 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\The Curse of the Werewolves
[2012/08/07 11:39:10 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\The Drama Queen Murder
[2012/10/25 14:11:31 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TikisLab
[2012/10/26 14:33:47 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TitanicMystery
[2012/11/01 13:10:54 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TOSST
[2012/12/21 15:08:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\unikgame
[2011/08/18 15:10:35 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\VampireSagaHL
[2011/09/19 15:36:51 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Vast Studios
[2012/08/17 13:52:14 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Virtual Prophecy
[2011/06/29 15:52:45 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Windows Live Writer
[2012/06/15 12:07:03 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\YoudaGames

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 849 bytes -> C:\ProgramData\Temp:35E5AF34
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:3B3A302E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2013


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast
reply to CaroleCC
OTL Extras logfile created on: 10/13/2013 1:09:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.12 Gb Available Physical Memory | 76.63% Memory free
15.96 Gb Paging File | 13.96 Gb Available in Paging File | 87.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.22 Gb Total Space | 842.33 Gb Free Space | 92.14% Space Free | Partition Type: NTFS

Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0253E7DD-A344-42E6-90B0-43A17406BFCD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{075EE946-6693-4B93-A027-22FBACD35D2F}" = rport=137 | protocol=17 | dir=out | app=system |
"{0B5078B1-6348-4A2F-9221-5FFBF23D67FD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2682D2B0-D2E9-455B-A313-3F8A9DBB8D6D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{26D47E91-4010-4DF6-A919-40973CC5999E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3AB5ACAA-8FBA-486C-B5C6-307441FD6AD4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{45498002-888F-4972-9F3B-5B3ABA6A941C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{56324E06-67AE-4FA7-8787-3132F35DAC9E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D3FE882-B72B-4BD8-B403-A08EA6FA330C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5E57E452-A9A5-41A0-BB50-19FB59442256}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{630CF138-F032-4534-A8C5-0F600381F1EF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6C2CC718-AD5F-4659-B3F1-78CCE9AC80B6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{7BE5FEA0-30F5-40BF-B089-B94CF0601198}" = lport=138 | protocol=17 | dir=in | app=system |
"{828855E4-8602-46C6-A29F-7E935C8A61FA}" = rport=445 | protocol=6 | dir=out | app=system |
"{8E491F2D-8040-4C93-8E89-5DC00C0F482F}" = rport=139 | protocol=6 | dir=out | app=system |
"{965A1687-7880-4A2D-864B-146123A742B3}" = rport=138 | protocol=17 | dir=out | app=system |
"{AE3A428B-3D77-4F85-B1FB-9DFE0B79F60D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B823CB0E-CECA-4DF6-9504-97E70E90C55E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0660B79-031B-4856-B27A-ED4534310E77}" = lport=137 | protocol=17 | dir=in | app=system |
"{E33A05E1-EC78-4B99-8EBA-2D6F0806B399}" = lport=445 | protocol=6 | dir=in | app=system |
"{E76B56C8-1671-4915-800B-454CA079CA8F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E997352D-465F-46F1-84A2-C80846C47975}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FA835F8B-0241-40DB-9568-14446B5F3484}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{FC5507EA-3147-457D-86CC-0BB707A91ADF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FCC5CD39-1DBB-41DE-ADF0-73CF5DD9C5E8}" = lport=139 | protocol=6 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06DE3658-E90D-48A5-A0FC-A0ACCCD75D6D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0F55CB32-95AA-4D50-B483-068B7728650C}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{153A0BC5-9539-4366-9508-88898C2B0A61}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1745A668-21B4-46AD-B987-439D599CE774}" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\temp\7zsd87.tmp\symnrt.exe |
"{245001CB-8A93-4CE7-B6E6-286B7C088D10}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{25179F94-70FE-4BDE-893D-2254CACEE865}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2C09AF49-9760-446D-8B21-2CE2B3F5133A}" = protocol=6 | dir=out | app=system |
"{34269B49-47C1-41E8-935E-35307B01B28C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3D7FB4C4-5FD3-4305-819E-A43ECAA9B0E4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4662BE76-97E5-48FF-80F1-57185EFF23AA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4A1922DD-01BB-46E5-B0D6-D17526C4E866}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4C08BFC7-9351-4478-A5B1-5C8DA2537E5C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{51DFD391-5E65-4852-97B0-CFB9346FFB5F}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{531A9A70-9FDB-4052-98A6-C19ECB06B8E8}" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\temp\7zsd87.tmp\symnrt.exe |
"{539D46BE-68AB-4DEE-BCF4-6241FA4CC0E1}" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\temp\7zs2d27.tmp\symnrt.exe |
"{53C5F136-0DEE-4082-B63A-A94A2EEE869E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5AA8E59C-69EE-46A0-8A04-59E376490560}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5C97A68D-248B-48BB-A73B-3E2C6EF7F52D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{770FD0C0-DE90-4E9A-BD60-EB94DEDEB32B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7877B397-F264-4CC6-A41B-94FF2C4C9C94}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7AA4B0E8-3B98-4D15-A8B4-04DF5F84E9BA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8C19A9F7-5415-4527-BF67-74AA36C12C4F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8CA5CAB3-8CD4-4E8A-943B-7389356B1CCB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{910F3AE7-F260-4AE6-8C23-33C4FD036991}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A4283832-EB98-432B-A93D-1979110433F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AA194D68-A4E9-4A82-980F-6515BA2DE177}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B5A1A37B-480C-4B6B-8305-57AC815564CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BFCACFCA-6D10-4483-9C69-557490EE11CD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C1B1CD92-D586-4721-B0D1-E3118922B1E8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CD1388A6-5B7F-46EA-93BA-33B28C0CA4D8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CD3D2535-7C95-45F3-8C7B-96D4719A2D57}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D246DF61-A2F3-49A4-B02F-D6932F1331D0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{D27AEA38-C5C2-4DCA-99A4-0C2C50E977AE}" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\temp\7zs2d27.tmp\symnrt.exe |
"{D5C1924A-5F52-4569-80FB-2A4E29DE2431}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DD1A4634-3DE0-4DFE-8AB5-A479EF6F3AF6}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{E1033823-AF50-444D-BC29-7F979C111D8B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{E9A7DD6C-8F28-4319-8E56-3953C03DB985}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F48205EC-E08A-4203-A374-7FDF82713E66}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"TCP Query User{428C144F-1CDB-488E-BA59-DB3D8C40C5FC}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
"UDP Query User{95500B14-19DE-4C0C-AE9E-6319A4E8AD65}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
"{80A620C1-B22C-4781-A351-B14B8A37BFE3}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 320.78
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.78
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.78
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.14.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"DW WLAN Card" = DW WLAN Card
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"PC-Doctor for Windows" = Dell Support Center

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0D98F04D-11A1-4B64-A406-43292B9EEE90}" = Dell PhotoStage
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}" = OLYMPUS Master 2
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C6F0282-3DCD-4A80-95AC-BB298E821C44}" = Windows Live Writer
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{89263C19-557E-4D23-AAD7-113F6175DFC1}" = Dell MusicStage
"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0000C3B-FD74-4E5F-B574-CA4AB150E86F}" = Angry Birds
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{FE182796-F6BA-486A-8590-89B7E8D1D60F}" = Dell Stage
"{FF2A5498-4EFE-430F-A138-7EB365DBEBAD}" = Adobe Shockwave Player 11.6
"0a250aa9f345000a9dbb739900bb8f0d" = Sacra Terra - Angelic Night
"100 Hidden Objects_is1" = 100 Hidden Objects
"1f58ff4af51aff19aa49107f276abcf3" = Mystery Valley Extended Edition
"71fdf6bf2af349324d7052b7b2a2877a" = Dark Parables - The Exiled Prince
"7f821a0dd29f68c3bab7cd16a5d433af" = Escape Whisper Valley(TM)
"92d5c21f4f5e003bc73a158b9ca1d61c" = Cruel Games - Red Riding Hood
"9e829925ea8a6ca8c605a23a1208b7fa" = Enlightenus II - The Timeless Tower
"a791e120f14cb7f4287a364836b8abd5" = The Beast of Lycan Isle Platinum Edition
"ac316e9b64e29da8eca6f3111e748dbc" = Where Angels Cry
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"b15592b8034b5de680966b7328da3c4c" = Deadly Voltage - Rise of the Invincible
"Bejeweled 3" = Bejeweled 3
"Belarc Advisor" = Belarc Advisor 8.2
"Canon MX870 series User Registration" = Canon MX870 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Cubis Gold 2" = Cubis Gold 2
"db05683c98f4531542d10813758722be" = Angelica Weaver - Catch Me When You Can
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ec62e5b9f57cfe99fdbf159c776fb934" = Amulet of Time - Shadow of la Rochelle
"f122ba7e89e083b9318125ea29b968a7" = Campfire Legends - The Babysitter
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"Inca Ball" = Inca Ball (remove only)
"InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"IrfanView" = IrfanView (remove only)
"LastPass" = LastPass(uninstall only)
"Mahjong World" = Mahjong World (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Secunia PSI" = Secunia PSI (3.0.0.2004)
"Speed Dial Utility" = Canon Speed Dial Utility
"SpywareBlaster_is1" = SpywareBlaster 5.0
"Visible" =
"WinLiveSuite" = Windows Live Essentials
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 10/12/2013 2:03:05 PM | Computer Name = admin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: pcdrcui.exe, version: 6.0.6032.47, time
stamp: 0x502eb4af Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229,
time stamp: 0x51fb1677 Exception code: 0xe0434352 Fault offset: 0x000000000000940d
Faulting
process id: 0x1650 Faulting application start time: 0x01cec774f0a8b38f Faulting application
path: C:\Program Files\Dell Support Center\pcdrcui.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 8aa6c2c8-3368-11e3-aea8-782bcba3b2b7

Error - 10/12/2013 2:24:12 PM | Computer Name = admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/12/2013 2:32:58 PM | Computer Name = admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/12/2013 3:32:10 PM | Computer Name = admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/12/2013 6:58:19 PM | Computer Name = admin-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 10/13/2013 11:26:37 AM | Computer Name = admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/13/2013 12:45:59 PM | Computer Name = admin-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 10/13/2013 12:45:59 PM | Computer Name = admin-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 10/13/2013 12:58:50 PM | Computer Name = admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/13/2013 2:00:29 PM | Computer Name = admin-PC | Source = WinMgmt | ID = 10
Description =

[ Dell Events ]
Error - 8/22/2011 11:37:19 AM | Computer Name = admin-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/28/2011 4:04:06 PM | Computer Name = admin-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/28/2011 4:04:06 PM | Computer Name = admin-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/29/2011 12:43:34 PM | Computer Name = admin-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/29/2011 12:43:34 PM | Computer Name = admin-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/5/2011 12:53:10 PM | Computer Name = admin-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/5/2011 12:53:10 PM | Computer Name = admin-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/15/2011 11:57:07 AM | Computer Name = admin-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/15/2011 11:57:07 AM | Computer Name = admin-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/25/2011 5:01:17 PM | Computer Name = admin-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 10/6/2012 4:07:37 PM | Computer Name = admin-PC | Source = MCUpdate | ID = 0
Description = 3:07:37 PM - Error connecting to the internet. 3:07:37 PM - Unable
to contact server..

Error - 10/6/2012 4:08:07 PM | Computer Name = admin-PC | Source = MCUpdate | ID = 0
Description = 3:08:06 PM - Error connecting to the internet. 3:08:06 PM - Unable
to contact server..

[ System Events ]
Error - 10/10/2013 4:49:24 PM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed
to start due to the following error: %%1053

Error - 10/10/2013 6:57:16 PM | Computer Name = admin-PC | Source = DCOM | ID = 10016
Description =

Error - 10/10/2013 6:57:16 PM | Computer Name = admin-PC | Source = DCOM | ID = 10016
Description =

Error - 10/11/2013 11:05:58 AM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 10/11/2013 11:06:28 AM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 10/11/2013 4:46:47 PM | Computer Name = admin-PC | Source = DCOM | ID = 10016
Description =

Error - 10/11/2013 4:46:47 PM | Computer Name = admin-PC | Source = DCOM | ID = 10016
Description =

Error - 10/12/2013 2:22:37 PM | Computer Name = admin-PC | Source = Microsoft Antimalware | ID = 2004
Description = %%860 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error
Code: 0x80070002 Error description: The system cannot find the file specified. Signature
version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0

Error - 10/12/2013 2:31:10 PM | Computer Name = ADMIN-PC | Source = Microsoft Antimalware | ID = 2004
Description = %%860 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error
Code: 0x80070002 Error description: The system cannot find the file specified. Signature
version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0

Error - 10/13/2013 12:53:59 PM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly.
It has done this 1 time(s).

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2013


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 edit

1 recommendation

reply to CaroleCC
Looks good. AdwCleaner removed most of the Conduit junk but there are a few leftovers to cleanup.

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, copy and paste the contents of the following box:


:OTL
IE - HKCU\..\SearchScopes\{DB464FC3-E925-4FF9-9AAB-71CE8786B422}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN19360716611327897&UM=2
CHR - default_search_provider: Conduit (Enabled)

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Once you see a message box "Fix complete! Click OK to open the fix log."
[*]Click the OK button
[*]The log will open in Notepad (your default text editor).
{*]Save the log. Post a copy of that log in your next reply.


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start-All Programs-Accessories-Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2013

CaroleCC

join:2013-10-13
Uited States
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DB464FC3-E925-4FF9-9AAB-71CE8786B422}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB464FC3-E925-4FF9-9AAB-71CE8786B422}\ not found.
Use Chrome's Settings page to remove the default_search_provider items.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: admin
->Temp folder emptied: 1205998 bytes
->Temporary Internet Files folder emptied: 50416775 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 2105999 bytes
->Google Chrome cache emptied: 11034809 bytes
->Flash cache emptied: 506 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10624110 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 5659821 bytes

Total Files Cleaned = 77.00 mb

[EMPTYFLASH]

User: admin
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10152013_131037

Files\Folders moved on Reboot...
File\Folder C:\Users\admin\AppData\Local\Temp\OICE_19E50B53-5D4C-4EA4-9935-AF80F43CC4FD.0\1137D350. not found!
C:\Users\admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26

1 recommendation

reply to CaroleCC
Thanks Carole.

That should be it. Any unresolved problems?


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast
reply to CaroleCC
Cleaning Up:

Delete TFC:
  • Delete the TFC icon on your Desktop

Delete OTL:
  • Double click the OTL icon on your Desktop
  • Press the 'Cleanup' button

Delete Security Check:
  • Delete the SecurityCheck icon on your Desktop

Delete Malware Bytes:
  • We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.

Delete AdwCleaner:
  • Double click the AdwCleaner icon on your Desktop
  • Press the 'Uninstall' button

Other Programs:
  • If we asked you to install any other programs that are not removed by the OTL Cleanup procedure, we will provide separate removal instructions.

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2013

CaroleCC

join:2013-10-13
Uited States
Everything seems to be OK now. I changed the FF Start Page back to xfinity.net as the homepage and it is not redirecting anymore.
I THANK YOU so much for all your help with this!
DSL Reports is the place to go for anything!!!

One Question: Should I change back the settings for Hidden Folders to what they were or leave as is?
Carole

CaroleCC

join:2013-10-13
Uited States
I have used Malwarebytes for years (free version) I run it every couple of days. I also use SpywareBlaster (free version)
Carole


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
reply to CaroleCC
For the Hidden Folder settings, the choice is yours. You can change them back, or leave them as is.