1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Sluggish, outlook 2003 keeps crashing, program disassociating

Discussion in 'Virus & Other Malware Removal' started by spqr05, Jan 4, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. spqr05

    spqr05 Thread Starter

    Joined:
    Dec 25, 2011
    Messages:
    130
    Hi there, Happy New year. I'm running Win 7, Eset smart security 5.0 and I'm seeing my computer really struggle with Outlook 2003 and other programs more and more. Now it's really sluggish, switching between programs, lots of "not respondings". Plus more often I'm seeing my outlook 2003 crash and I continue to have issue opening my outlook, safe mode then detect and repair. As of yesterday, windows won't load as the editor of outlook 2003 for no reason. Today itunes when clicked on said Windows need to reconfigure it. Something is going on.

    Loading programs and everything seems to be taking much longer. Even DDS took about 8-10 minutes versus the normal less than 3.

    I'm not sure if I have a virus as last night I ran Malawarebytes antimalaware and a superantispyware and nothing was detected.

    If someone could please review my logs I would appreciate it. I have a few new email accounts and I was the catch all so I definitely was noticing more virus attacks daily that my antivirus would catch a few months ago. Perhaps something got thru. Plus I had the motherboard changed, keyboard, wireless card, nothing shows that it's not installed properly or working but after a hibernate my wireless card driver says disabled but it still works. Not sure what that is. Here are the logs

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:08:08 AM, on 1/4/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Users\Jimmy\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe
    C:\Users\Jimmy\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Maxtor\ManagerApp\msssort.exe
    C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
    C:\Users\Jimmy\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    C:\Program Files (x86)\Brother\Brmfl08l\FAXRX.exe
    C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
    C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Jimmy\Downloads\HijackThis(1).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://total.amplifyportal.com/login.aspx?ReturnUrl=/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [mssSort] "C:\Program Files (x86)\Maxtor\ManagerApp\msssort.exe"
    O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
    O4 - HKLM\..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
    O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
    O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
    O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Jimmy\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKCU\..\Run: [Copernic Desktop Search - Home] "C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
    O4 - Startup: Dropbox.lnk = Jimmy\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: FAXRX.lnk = C:\Program Files (x86)\Brother\Brmfl08l\FAXRX.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
    O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {1663ed6a-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Client 32bit Edition) - https://vt.globalpay.com/admin/objects/smsx.cab
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1267144283927
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab?rnd=3686559592
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: ACT! Scheduler - Sage Software, Inc. - C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: WebEx Service Host for Support Center (atashost) - Cisco WebEx LLC - C:\Windows\SysWOW64\atashost.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
    O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: FAService - Sensible Vision - c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    O23 - Service: Maxtor Service (Maxtor Sync Services) - Seagate Technology LLC - C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
    O23 - Service: Port Emulator (Star) (PortEmulator) - Star Micronics Co., Ltd. - C:\Program Files\StarMicronics\TSP100\Software\20110922\portemu_umdf_tsp100.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: Sound Blaster X-Fi MB Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
    O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: TCP Port Emulator (TSP100) (TcpEmulatorTSP100LAN) - STAR MICRONICS CO,.LTD - C:\Program Files\StarMicronics\TSP100\Software\20110922\tcpemu_tsp100lan.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 18640 bytes



    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by Jimmy at 10:21:53.52 on Fri 01/04/2013
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4021.2051 [GMT -8:00]

    AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
    C:\Windows\SysWOW64\atashost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
    C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
    C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
    C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Users\Jimmy\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe
    C:\Users\Jimmy\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files (x86)\Maxtor\ManagerApp\msssort.exe
    C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
    C:\Users\Jimmy\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    C:\Program Files (x86)\Brother\Brmfl08l\FAXRX.exe
    C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
    C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\syswow64\MsiExec.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Windows\system32\taskmgr.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Jimmy\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = https://total.amplifyportal.com/login.aspx?ReturnUrl=/
    uInternet Settings,ProxyOverride = *.local;<local>
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - No File
    TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
    uRun: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0
    uRun: [Akamai NetSession Interface] "C:\Users\Jimmy\AppData\Local\Akamai\netsession_win.exe"
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [Copernic Desktop Search - Home] "C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    mRun: [FAStartup]
    mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun: [mssSort] "C:\Program Files (x86)\Maxtor\ManagerApp\msssort.exe"
    mRun: [mxomssmenu] "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
    mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
    mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
    mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
    mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
    mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
    mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    StartupFolder: C:\Users\Jimmy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
    StartupFolder: C:\Users\Jimmy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jimmy\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Jimmy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FAXRX.lnk - C:\Program Files (x86)\Brother\Brmfl08l\FAXRX.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
    Trusted Zone: 420soft.com\www
    DPF: {1663ed6a-23eb-11d2-b92f-008048fdd814} - hxxps://vt.globalpay.com/admin/objects/smsx.cab
    DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1267144283927
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab?rnd=3686559592
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
    LSA: Notification Packages = scecli FAPassSync
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    TB-X64: {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - No File
    TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
    mRun-x64: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
    mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun-x64: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    mRun-x64: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    mRun-x64: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\v3g4w6xg.default\
    FF - component: C:\Program Files (x86)\Copernic Desktop Search - Home\Firefox36Connector\components\CSPXPCOMBridge.dll
    FF - component: C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\v3g4w6xg.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko10.dll
    FF - component: C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\v3g4w6xg.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
    FF - component: C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\v3g4w6xg.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko5.dll
    FF - component: C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\v3g4w6xg.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
    FF - component: C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\v3g4w6xg.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko7.dll
    FF - component: C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\v3g4w6xg.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko8.dll
    FF - component: C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\v3g4w6xg.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko9.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
    FF - plugin: C:\Program Files (x86)\Stamps.com Web Postage Plug-in\npsdcwc.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Jimmy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\v3g4w6xg.default\extensions\[email protected]\plugins\npLMI64.dll
    FF - plugin: C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\v3g4w6xg.default\extensions\[email protected]\plugins\npRACtrl.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============

    R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2012-3-14 62496]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-18 55280]
    R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-3-14 209768]
    R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2012-3-14 38288]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-2-1 202752]
    R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-2-3 133944]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]
    R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-6-24 2368776]
    R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-12-7 375728]
    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 15928]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-12-28 72216]
    R2 Maxtor Sync Services;Maxtor Service;C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe [2008-8-5 181600]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-1 398184]
    R2 MSSQL$ACT7;SQL Server (ACT7);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
    R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]
    R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2010-2-1 60416]
    R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2010-2-1 80896]
    R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2010-2-1 55808]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-2-18 172704]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-1 151040]
    R3 itecir;ITECIR Infrared Receiver;C:\Windows\System32\drivers\itecir.sys [2010-7-13 69736]
    R3 ITECIRfilter;ITECIR Filter Driver;C:\Windows\System32\drivers\ITECIRfilter.sys [2011-3-22 28264]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-2-1 317480]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-7-14 24176]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    S2 ACT! Scheduler;ACT! Scheduler;C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2010-1-20 81920]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-1 682344]
    S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-12-21 245760]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-2-18 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-2-18 79360]
    S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 115168]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]
    S3 PortEmulator;Port Emulator (Star);C:\Program Files\StarMicronics\TSP100\Software\20110922\portemu_umdf_tsp100.exe [2011-10-20 203776]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-26 19456]
    S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-26 57856]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

    =============== Created Last 30 ================

    2013-01-04 04:49:30 -------- d-----w- C:\Users\Jimmy\AppData\Local\Adobe
    2013-01-04 04:44:43 -------- d-----w- C:\Users\Jimmy\AppData\Local\Programs
    2012-12-21 22:36:10 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-21 22:36:10 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-21 22:36:09 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-21 22:36:08 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-12 09:55:25 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-12-12 09:55:25 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-12-12 09:55:06 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-12-12 09:53:32 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-12-12 09:53:30 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-12-06 22:28:09 8 --sh--r- C:\PROGRA~3\211A1FD356.sys
    2012-12-06 22:24:28 8 --sh--r- C:\PROGRA~3\F9F94DF81D.sys

    ==================== Find3M ====================

    2013-01-04 04:25:01 1786 --sha-w- C:\PROGRA~3\KGyGaAvL.sys
    2012-12-25 00:54:32 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-25 00:54:32 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-15 00:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-06 14:50:41 88008 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
    2012-11-06 14:50:35 35240 ----a-w- C:\Windows\System32\LMIport.dll
    2012-11-06 14:50:34 83880 ----a-w- C:\Windows\System32\LMIinit.dll
    2012-10-25 11:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 11:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
    2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

    ============= FINISH: 10:27:31.57 ===============




    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/25/2010 6:13:09 AM
    System Uptime: 1/4/2013 9:00:35 AM (1 hours ago)

    Motherboard: Dell Inc. | | 0W61J1
    Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz | U2E1 | 2267/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 451 GiB total, 35.59 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: facap, FastAccess Video Capture
    Device ID: ROOT\IMAGE\0000
    Manufacturer: Sensible Vision
    Name: facap, FastAccess Video Capture
    PNP Device ID: ROOT\IMAGE\0000
    Service: FACAP

    ==== System Restore Points ===================

    RP455: 12/21/2012 2:35:33 PM - Windows Update
    RP456: 12/25/2012 9:18:25 AM - Windows Update
    RP457: 1/1/2013 5:09:05 AM - Windows Update

    ==== Installed Programs ======================

    µTorrent
    ACT! by Sage 2010
    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe Acrobat 9.5.2 - CPSID_83708
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Dreamweaver CS3
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Setup
    Adobe Shockwave Player 11.6
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Advanced Audio FX Engine
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Apple Application Support
    Apple Software Update
    ATI Catalyst Control Center
    Avidemux 2.5
    Banctec Service Agreement
    Brother MFL-Pro Suite MFC-495CW
    Brother MFL-Pro Suite MFC-J430W
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    Cisco Connect
    Compatibility Pack for the 2007 Office system
    Complete Care Consumer Service Agreement
    Copernic Desktop Search - Home
    D-Link Powerline AV Utility
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Getting Started Guide
    Dell Support Center (Support Software)
    Dell Webcam Central
    DHTML Editing Component
    DirectXInstallService
    Dropbox
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    EMC 10 Content
    FileOpen Client
    FileZilla Client 3.5.3
    Google Chrome
    GoToMeeting 5.1.0.880
    HL-2270DW
    Java 7 Update 7
    JavaFX 2.1.1
    join.me
    Junk Mail filter update
    jZip
    Live! Cam Avatar Creator
    Logitech SetPoint
    LogMeIn
    MagTek USBMSR Demo
    Malwarebytes Anti-Malware version 1.70.0.1100
    Maxtor Central Axis Manager
    MeadCo ScriptX (v7.0.0.8 (x86))
    Microsoft Choice Guard
    Microsoft Office File Validation Add-In
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Edition 2003
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (ACT7)
    Microsoft SQL Server Setup Support Files (English)
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB973685)
    Nero 7 Ultra Edition
    Notepad++
    Nuance PaperPort 12
    Nuance PDF Viewer Plus
    Olympus Digital Wave Player
    PDF Settings
    PowerDVD DX
    Prototyper Free 2.0.0
    QuickTime
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Easy CD and DVD Burning
    Roxio Express Labeler 3
    Roxio Update Manager
    Safari
    Scansoft PDF Professional
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Skins
    Skype Click to Call
    Skype™ 6.0
    SolidWorks viewer
    Sonic CinePlayer Decoder Pack
    Sound Blaster X-Fi MB
    Stamps.com
    Stamps.com Application Support for Microsoft Outlook 2000-2010
    Stamps.com Application Support for Microsoft Word 2000-2010
    Stamps.com support for Microsoft Outlook 2000-2010
    Stamps.com support for Microsoft Word 2000-2010
    Stamps.com Web Postage Plug-in
    swMSM
    System Requirements Lab
    Turbo Lister 2
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    WebEx
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Player Firefox Plugin
    Xvid 1.2.2 final uninstall

    ==== Event Viewer Messages From Past Week ========

    12/29/2012 10:00:42 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
    1/4/2013 9:02:04 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter

    ==== End Of File ===========================


    GMER 2.0.18327 - http://www.gmer.net
    Rootkit scan 2013-01-04 10:34:01
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500420ASG rev.0004SDM1 465.76GB
    Running: feyn3q65.exe; Driver: C:\Users\Jimmy\AppData\Local\Temp\kgdiqpoc.sys


    ---- Threads - GMER 2.0 ----

    Thread C:\Program Files\Dell\DellDock\DockLogin.exe [1376:1392] 0000000075d27587
    Thread C:\Program Files\Dell\DellDock\DockLogin.exe [1376:1636] 00000000774c2e25
    Thread C:\Program Files\Dell\DellDock\DockLogin.exe [1376:8852] 00000000774c3e45
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:3104] 00000000774c3e45
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:3128] 00000000774c2e25
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:3228] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:3232] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:3236] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:3240] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:3244] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:3248] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:3252] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:3256] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:3260] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:3264] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:3292] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:3296] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:3300] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:3452] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:3456] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:3464] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:3468] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:3476] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:3676] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:4032] 00000000774c3e45
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:4052] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:1644] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:2504] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:3124] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:5456] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:5308] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:5036] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:6600] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:3388] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:3392] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:3360] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:11536] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:7660] 00000000724229e1
    Thread C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2192:7244] 00000000724229e1
    Thread C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe [4924:2524] 00000000100fa9d9
    Thread C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe [4924:6092] 00000000100fa9d9
    Thread C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe [4924:6096] 00000000100fa9d9
    Thread C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe [4924:6100] 00000000100fa9d9
    Thread C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe [4924:6104] 00000000100fa9d9
    Thread C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe [4924:688] 00000000664635ac
    Thread C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe [4924:4840] 00000000664635ac
    Thread C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe [4924:568] 00000000664635ac
    Thread C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe [4924:3204] 00000000685c689f
    Thread C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe [4924:4372] 00000000685c689f
    Thread C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe [4924:4308] 00000000685c689f
    Thread C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe [4924:11984] 0000000002d3609d
    Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2740:3112] 000007fef2f6cc10
    Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2740:3768] 000007fef2e2b564
    Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2740:4604] 000007fef2e2b564
    Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2740:4884] 000007fef2e2b564
    Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2740:5780] 000007fef2e2b564
    Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2740:3396] 000007fef2e2b564
    Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2740:3764] 000007fef2f3f718
    Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2740:4620] 000007fef2e2b564
    Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2740:4956] 000007fef2e2b564
    Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2740:4804] 000007fef2e2143c
    Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2740:4776] 000007fef3466050
    Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2740:8092] 000007fef2e2b564
    Thread c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2740:10396] 000007fef2e2b564
    Thread C:\Program Files\Dell\DellDock\DellDock.exe [4148:5256] 000007fefbb72a7c
    Thread C:\Program Files\Dell\DellDock\DellDock.exe [4148:6132] 0000000180002800
    Thread C:\Program Files\Dell\DellDock\DellDock.exe [4148:6024] 000000018000d620
    Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4752:6060] 000007fefbb72a7c
    Thread C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe [4740:1496] 000000006ecb32fb
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:4060] 000000005f3efee5
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:7488] 000000005f3e8f6c
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:10504] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:4536] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:3720] 000000006ecd62ee
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:10988] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:7648] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:3724] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:1848] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:3640] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:12280] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:3636] 00000000774c2e25
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:5392] 00000000698227e1
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:4092] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:8124] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:6228] 0000000073c717a4
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:8868] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:9160] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:1056] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:4388] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:8940] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:5620] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:10880] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:11144] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:10832] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:9616] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:8696] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:8320] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:7712] 00000000774c3e45
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:12180] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:10512] 00000000774c3e45
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:2080] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:7424] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:8628] 000000006a12c724
    Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4056:11648] 00000000774c3e45
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1368:10836] 000000005f3e8f6c
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1368:8960] 000000005d67e9d0
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1368:7904] 000000005d67e9d0
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1368:6052] 00000000774c2e25
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1368:6296] 00000000774c3e45
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1368:7520] 000000005d67e9d0
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1368:4780] 000000005d67e9d0
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1368:5460] 00000000698227e1
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1368:5352] 00000000774c7111
    Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1368:7076] 00000000774c3e45
    ---- Processes - GMER 2.0 ----

    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe [4924] 000000006fc30000
    Library ? (*** suspicious ***) @ c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2740] 000007fefed20000
    Library ? (*** suspicious ***) @ C:\Program Files\Dell\DellDock\DellDock.exe [4148] 000007fefc900000
    Library ? (*** suspicious ***) @ C:\Users\Jimmy\AppData\Roaming\Dropbox\bin\Dropbox.exe [1316] 000000006d340000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [4752] 000007fef0680000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe [4740] 0000000076900000

    ---- EOF - GMER 2.0 ----
     
  2. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,665
    Hiya and Happy New Year :)

    P2P Warning!

    • IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

      µTorrent

      Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
      Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

      I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

      Please read these short reports on the dangers of peer-2-peer programs and file sharing.

      I would recommend that you uninstall the above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

      If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.

    ----------------------------
    Now that's out of the way, lets get started :)


    Download Security Check from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    Download and scan with SUPERAntiSpyware Free Edition for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Home" button to leave the control center screen.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click Scan your computer.
    • On the left, select all fixed drives.
    • Click "Start Complete Scan" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "Continue".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "Remove Threats" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click View Scan Logs.
        [*]Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
        [*]If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
        [*]Please copy and paste the Scan Log results in your next reply.
      [*]Click Close to exit the program.





    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    Please download AdwCleaner by Xplode onto your desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[R1].txt as well.





    Please include the SUPERAntiSpyware Scan Log, JRT.txt, C:\AdwCleaner[R1].txt and checkup.txt in your next reply.

    Regards

    eddie
     
  3. spqr05

    spqr05 Thread Starter

    Joined:
    Dec 25, 2011
    Messages:
    130
    Results of screen317's Security Check version 0.99.56
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    ESET Smart Security 5.2
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.70.0.1100
    JavaFX 2.1.1
    Java 7 Update 7
    Java version out of Date!
    Adobe Flash Player 11.5.502.146
    Mozilla Firefox (18.0)
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    Google Chrome 23.0.1271.64
    Google Chrome 23.0.1271.91
    Google Chrome 23.0.1271.95
    Google Chrome 23.0.1271.97
    ````````Process Check: objlist.exe by Laurent````````
    ESET NOD32 Antivirus egui.exe
    ESET NOD32 Antivirus ekrn.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````



    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 01/12/2013 at 04:18 PM

    Application Version : 5.6.1014

    Core Rules Database Version : 9864
    Trace Rules Database Version: 7676

    Scan type : Complete Scan
    Total Scan Time : 06:21:44

    Operating System Information
    Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned : 836
    Memory threats detected : 0
    Registry items scanned : 76043
    Registry threats detected : 0
    File items scanned : 446300
    File threats detected : 325

    Adware.Tracking Cookie
    C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /2o7 ]
    C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /ad.yieldmanager ]
    C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /ads.pointroll ]
    C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /atdmt ]
    C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /bs.serving-sys ]
    C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /imrworldwide ]
    C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /invitemedia ]
    C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /pointroll ]
    C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt [ /serving-sys ]
    C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt [ /www.windowsmedia ]
    C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\V0ESJLZN.txt [ /stampscom.112.2o7.net ]
    C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Cookies\H8IS1Y22.txt [ /zedo.com ]
    C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\5JSUG1DZ.txt [ Cookie:[email protected]/ ]
    C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\D3VFHJS5.txt [ Cookie:[email protected]/ ]
    C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\5ZAKWEOX.txt [ Cookie:[email protected]/ ]
    C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\V8H6DL0W.txt [ Cookie:[email protected]/ ]
    C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\9MDMOUV7.txt [ Cookie:[email protected]/ ]
    C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\KGT3D6J1.txt [ Cookie:[email protected]/ ]
    C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\DA48APB9.txt [ Cookie:[email protected]/ ]
    C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\HIENOZ78.txt [ Cookie:[email protected]/ ]
    C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\4XJ0R307.txt [ Cookie:[email protected]/ ]
    C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\0VATMLB5.txt [ Cookie:[email protected]/ ]
    C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\02LNT9DP.txt [ Cookie:[email protected]/ ]
    C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\3EEKTXXR.txt [ Cookie:[email protected]/ ]
    C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\0Q7CM2I6.txt [ Cookie:[email protected]/ ]
    C:\USERS\GUEST\AppData\Roaming\Microsoft\Windows\Cookies\Low\LB5M22E4.txt [ Cookie:[email protected]/ ]
    C:\USERS\JIMMY\Cookies\H8IS1Y22.txt [ Cookie:[email protected]/ ]
    .ru4.com [ C:\USERS\JIMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\JIMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liveperson.net [ C:\USERS\JIMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    sales.liveperson.net [ C:\USERS\JIMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liveperson.net [ C:\USERS\JIMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    statse.webtrendslive.com [ C:\USERS\JIMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\JIMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.youtube.com [ C:\USERS\JIMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .accounts.google.com [ C:\USERS\JIMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .accounts.google.com [ C:\USERS\JIMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\JIMMY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    core.insightexpressai.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3CMDEE4M ]
    msnbcmedia.msn.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3CMDEE4M ]
    xxxymovies.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3CMDEE4M ]
    .doubleclick.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .mm.chitika.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .adtechus.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .ad.mlnadvertising.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    track.adform.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .fastclick.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .technoratimedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .technoratimedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .www.burstnet.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    track.linkoffers.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    merchantaccountquestions.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .atwola.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .dmtracker.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .eset.122.2o7.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .nextag.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .pointroll.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .nextag.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    dc.tremormedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .warnerbros.112.2o7.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .firstdata.122.2o7.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    cdn.uc.atwola.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .citi.bridgetrack.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .adxpose.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    in.getclicky.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .sex.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .sex.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .sex.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .sex.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .syndication.traffichaus.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .syndication.traffichaus.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .syndication.traffichaus.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    www.sex.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .traveladvertising.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .traveladvertising.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .amazon-adsystem.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .amazon-adsystem.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .choicemediainc.112.2o7.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .yieldmanager.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .network.realmedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .intermundomedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .intermundomedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    traffiqexchange.rotator.hadj7.adjuggler.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    traffiqexchange.rotator.hadj7.adjuggler.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    traffiqexchange.rotator.hadj7.adjuggler.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .lucidmedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    ads.localyokelmedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    ads.localyokelmedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    stat.dealtime.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .amazonservices.122.2o7.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .pointroll.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .citi.bridgetrack.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .citi.bridgetrack.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .citi.bridgetrack.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .citi.bridgetrack.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .mmstat.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    media.charter.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .atwola.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    a.intentmedia.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .everyscreenmedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .specificclick.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .lucidmedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .media.adfrontiers.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .media.adfrontiers.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .fastclick.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .technoratimedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    www.burstnet.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .questionmarket.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .questionmarket.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .xxxymovies.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .xxxymovies.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .xxxymovies.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .rotator.adxite.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .xxxymovies.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .banners.sexfinder.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    xxxymovies.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .adultfriendfinder.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .banners.bookofsex.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .banners.blacksexmatch.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .banners.blacksexmatch.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .banners.blacksexmatch.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .banners.blacksexmatch.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .banners.blacksexmatch.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .banners.blacksexmatch.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .banners.sexfinder.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .banners.sexfinder.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .banners.sexfinder.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .banners.sexfinder.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .banners.sexfinder.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .banners.bookofsex.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .banners.bookofsex.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .banners.bookofsex.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .banners.bookofsex.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .banners.bookofsex.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .adultfriendfinder.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .adultfriendfinder.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .adultfriendfinder.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .adultfriendfinder.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .adultfriendfinder.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .adultfriendfinder.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .adultfriendfinder.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .adultfriendfinder.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .pro-market.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .pro-market.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .hearstmagazines.112.2o7.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .network.realmedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .network.realmedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    network.realmedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .clickbooth.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .adtechus.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .tribalfusion.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .adserver.adtechus.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .atwola.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .ar.atwola.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .ar.atwola.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .ar.atwola.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .atwola.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    www.mediabistro.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .bs.serving-sys.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .msnbc.112.2o7.net [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .pointroll.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\JIMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V3G4W6XG.DEFAULT\COOKIES.SQLITE ]



    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.4.2 (01.08.2013:1)
    OS: Windows 7 Professional x64
    Ran by Jimmy on Sat 01/12/2013 at 18:41:50.15
    Blog: http://thisisudax.blogspot.com
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine
    Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2786678



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\Jimmy\appdata\locallow\conduit"
    Successfully deleted: [Folder] "C:\Users\Jimmy\appdata\locallow\pricegong"



    ~~~ FireFox

    Successfully deleted: [File] C:\Users\Jimmy\AppData\Roaming\mozilla\firefox\profiles\v3g4w6xg.default\user.js
    Successfully deleted: [Folder] C:\Users\Jimmy\AppData\Roaming\mozilla\firefox\profiles\v3g4w6xg.default\extensions\[email protected]
    Successfully deleted: [Folder] C:\Users\Jimmy\AppData\Roaming\mozilla\firefox\profiles\v3g4w6xg.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    Emptied folder: C:\Users\Jimmy\AppData\Roaming\mozilla\firefox\profiles\v3g4w6xg.default\minidumps [199 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 01/12/2013 at 18:50:11.64
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    # AdwCleaner v2.105 - Logfile created 01/12/2013 at 19:19:04
    # Updated 08/01/2013 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)
    # User : Jimmy - JIMMY_XPS
    # Boot Mode : Normal
    # Running from : C:\Users\Jimmy\Desktop\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\v3g4w6xg.default\Conduit
    Folder Found : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\v3g4w6xg.default\ConduitEngine
    Folder Found : C:\Users\Jimmy\Documents\Software

    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0 (en-US)

    File : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\v3g4w6xg.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v23.0.1271.97

    File : C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1059 octets] - [12/01/2013 19:19:04]

    ########## EOF - C:\AdwCleaner[R1].txt - [1119 octets] ##########
     
  4. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,665
    Okay, can you do the following:

    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • You will be prompted to restart your computer. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.


    ----

    Then, afterwards, can you run the following:



    Please download aswMBR ( 4.5MB ) to your desktop.
    • Double click the aswMBR.exe icon, and click Run.
    • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
    • Click the Scan button to start the scan.
    • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

    ---------

    And then:


    Delete any copies of Combofix that you have.

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Remember to re-enable the protection again afterwards before connecting to the Internet.
    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    eddie
     
  5. spqr05

    spqr05 Thread Starter

    Joined:
    Dec 25, 2011
    Messages:
    130
    # AdwCleaner v2.105 - Logfile created 01/14/2013 at 20:31:20
    # Updated 08/01/2013 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)
    # User : Jimmy - JIMMY_XPS
    # Boot Mode : Normal
    # Running from : C:\Users\Jimmy\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\v3g4w6xg.default\Conduit
    Folder Deleted : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\v3g4w6xg.default\ConduitEngine
    Folder Deleted : C:\Users\Jimmy\Documents\Software

    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0 (en-US)

    File : C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\v3g4w6xg.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v23.0.1271.97

    File : C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [1188 octets] - [12/01/2013 19:19:04]
    AdwCleaner[S1].txt - [1125 octets] - [14/01/2013 20:31:20]

    ########## EOF - C:\AdwCleaner[S1].txt - [1185 octets] ##########


    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-01-14 23:10:52
    -----------------------------
    23:10:52.023 OS Version: Windows x64 6.1.7601 Service Pack 1
    23:10:52.023 Number of processors: 4 586 0x2502
    23:10:52.023 ComputerName: JIMMY_XPS UserName: Jimmy
    23:10:55.159 Initialize success
    23:11:07.530 AVAST engine defs: 13011402
    23:12:41.933 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    23:12:41.933 Disk 0 Vendor: ST9500420ASG 0004SDM1 Size: 476940MB BusType: 11
    23:12:41.980 Disk 0 MBR read successfully
    23:12:41.980 Disk 0 MBR scan
    23:12:41.980 Disk 0 Windows VISTA default MBR code
    23:12:41.995 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    23:12:42.042 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
    23:12:42.104 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30800325
    23:12:42.198 Disk 0 scanning C:\Windows\system32\drivers
    23:13:38.436 Service scanning
    23:15:35.499 Modules scanning
    23:15:35.545 Disk 0 trace - called modules:
    23:15:35.592 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    23:15:35.608 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cbd060]
    23:15:35.623 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004a0e060]
    23:16:40.520 Disk 0 MBR has been saved successfully to "C:\Users\Jimmy\Desktop\MBR.dat"
    23:16:40.535 The log file has been saved successfully to "C:\Users\Jimmy\Desktop\aswMBR.txt"

    ComboFix 13-01-14.01 - Jimmy 01/14/2013 23:36:20.1.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4021.2221 [GMT -8:00]
    Running from: c:\users\Jimmy\Desktop\username123.exe
    AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\211A1FD356.sys
    c:\programdata\4C4603A560.sys
    c:\programdata\8716D1C5D6.sys
    c:\programdata\F9F94DF81D.sys
    c:\users\Jimmy\g2mdlhlpx.exe
    c:\users\Jimmy\GoToAssistDownloadHelper.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-15 to 2013-01-15 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-15 09:14 . 2013-01-15 09:14 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2013-01-15 09:14 . 2013-01-15 09:14 -------- d-----w- c:\users\Mary\AppData\Local\temp
    2013-01-15 09:14 . 2013-01-15 09:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-01-13 19:20 . 2013-01-13 19:22 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-01-13 19:20 . 2013-01-13 19:22 -------- d-----w- c:\program files\iTunes
    2013-01-13 19:20 . 2013-01-13 19:22 -------- d-----w- c:\program files (x86)\iTunes
    2013-01-13 19:20 . 2013-01-13 19:20 -------- d-----w- c:\program files\iPod
    2013-01-13 02:41 . 2013-01-13 02:41 -------- d-----w- c:\windows\ERUNT
    2013-01-13 02:41 . 2013-01-13 02:41 -------- d-----w- C:\JRT
    2013-01-11 12:12 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-11 12:12 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
    2013-01-11 12:12 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
    2013-01-11 12:12 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2013-01-11 11:59 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
    2013-01-11 11:59 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
    2013-01-11 11:56 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2013-01-11 11:56 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2013-01-11 11:56 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
    2013-01-11 11:55 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
    2013-01-04 04:49 . 2013-01-06 23:44 -------- d-----w- c:\users\Jimmy\AppData\Local\Adobe
    2013-01-04 04:44 . 2013-01-04 04:44 -------- d-----w- c:\users\Jimmy\AppData\Local\Programs
    2012-12-21 22:36 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-21 22:36 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-21 22:36 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-21 22:36 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-12 11:03 . 2010-02-25 14:38 67599240 ----a-w- c:\windows\system32\MRT.exe
    2013-01-11 19:03 . 2012-11-19 18:42 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-11 19:03 . 2012-11-19 18:42 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-04 04:25 . 2010-03-02 22:59 1786 --sha-w- c:\programdata\KGyGaAvL.sys
    2012-12-15 00:49 . 2010-07-14 16:55 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-14 07:06 . 2012-12-12 11:02 17811968 ----a-w- c:\windows\system32\mshtml.dll
    2012-11-14 06:32 . 2012-12-12 11:02 10925568 ----a-w- c:\windows\system32\ieframe.dll
    2012-11-14 06:11 . 2012-12-12 11:02 2312704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 06:04 . 2012-12-12 11:02 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-11-14 06:04 . 2012-12-12 11:02 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 06:02 . 2012-12-12 11:02 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 06:02 . 2012-12-12 11:02 237056 ----a-w- c:\windows\system32\url.dll
    2012-11-14 05:59 . 2012-12-12 11:02 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-11-14 05:58 . 2012-12-12 11:02 816640 ----a-w- c:\windows\system32\jscript.dll
    2012-11-14 05:57 . 2012-12-12 11:02 599040 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 05:57 . 2012-12-12 11:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 05:55 . 2012-12-12 11:02 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-11-14 05:55 . 2012-12-12 11:02 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2012-11-14 05:53 . 2012-12-12 11:02 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-11-14 05:52 . 2012-12-12 11:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-14 05:46 . 2012-12-12 11:02 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-11-14 02:09 . 2012-12-12 11:02 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-11-14 01:58 . 2012-12-12 11:02 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57 . 2012-12-12 11:02 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-11-14 01:49 . 2012-12-12 11:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48 . 2012-12-12 11:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-11-14 01:44 . 2012-12-12 11:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-11-09 05:45 . 2012-12-12 09:55 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-09 04:42 . 2012-12-12 09:55 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-11-08 19:29 . 2012-11-08 19:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll
    2012-11-08 17:24 . 2013-01-04 08:47 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B1409717-7AD9-48F1-9F74-B24595F0E4DC}\mpengine.dll
    2012-11-06 14:50 . 2011-12-28 18:21 88008 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2012-11-06 14:50 . 2011-12-28 18:21 35240 ----a-w- c:\windows\system32\LMIport.dll
    2012-11-06 14:50 . 2011-12-28 18:21 83880 ----a-w- c:\windows\system32\LMIinit.dll
    2012-11-02 05:59 . 2012-12-12 09:53 478208 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-02 05:11 . 2012-12-12 09:53 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
    2012-10-25 11:12 . 2012-10-25 11:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 11:12 . 2012-10-25 11:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Jimmy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Jimmy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\users\Jimmy\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Akamai NetSession Interface"="c:\users\Jimmy\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
    "Copernic Desktop Search - Home"="c:\program files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe" [2012-09-28 1691240]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-02-27 396152]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
    "FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2009-06-24 95496]
    "VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480]
    "mssSort"="c:\program files (x86)\Maxtor\ManagerApp\msssort.exe" [2008-08-05 1647960]
    "mxomssmenu"="c:\program files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-08-05 169312]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
    "BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-08-03 1167360]
    "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
    "PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
    "PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
    "PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
    "PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
    "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-21 139264]
    "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-12-23 2629632]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-11-06 559616]
    .
    c:\users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
    .
    c:\users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
    Dropbox.lnk - c:\users\Jimmy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-28 28539392]
    FAXRX.lnk - c:\program files (x86)\Brother\Brmfl08l\FAXRX.exe [2010-5-10 524288]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-3-4 1207312]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
    2009-06-24 22:31 140552 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli FAPassSync
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 ACT! Scheduler;ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2010-01-21 81920]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
    R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-02-19 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-19 79360]
    R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-22 315664]
    R3 PortEmulator;Port Emulator (Star);c:\program files\StarMicronics\TSP100\Software\20110922\portemu_umdf_tsp100.exe [2011-10-20 203776]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
    R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-02-19 79360]
    R3 TcpEmulatorTSP100LAN;TCP Port Emulator (TSP100);c:\program files\StarMicronics\TSP100\Software\20110922\tcpemu_tsp100lan.exe [2011-10-20 351744]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1255736]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-10-02 140672]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-18 202752]
    S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2012-02-03 133944]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
    S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2009-06-24 2368776]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-11-06 375728]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
    S2 Maxtor Sync Services;Maxtor Service;c:\program files (x86)\Maxtor\Sync\SyncServices.exe [2008-08-05 181600]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
    S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
    S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]
    S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
    S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-01 80896]
    S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-04 55808]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040]
    S3 ITECIRfilter;ITECIR Filter Driver;c:\windows\system32\DRIVERS\ITECIRfilter.sys [2011-03-22 28264]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-23 317480]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-383448877-2826582110-2547957227-1001Core.job
    - c:\users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-02 04:06]
    .
    2013-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-383448877-2826582110-2547957227-1001UA.job
    - c:\users\Jimmy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-02 04:06]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Jimmy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Jimmy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Jimmy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 ----a-w- c:\users\Jimmy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
    "RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
    "LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-22 1926928]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://total.amplifyportal.com/login.aspx?ReturnUrl=/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;<local>
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: 420soft.com\www
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
    DPF: {1663ed6a-23eb-11d2-b92f-008048fdd814} - hxxps://vt.globalpay.com/admin/objects/smsx.cab
    FF - ProfilePath - c:\users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\v3g4w6xg.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    ShellIconOverlayIdentifiers-{b75ab0c8-03d5-4592-9821-a48d54d66b14} - MssShellExt.dll
    Wow6432Node-HKCU-Run-updateMgr - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
    Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
    Wow6432Node-HKLM-Run-FAStartup - (no file)
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{6EF568F4-D437-4466-AA63-A3645136D93E}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
    @="{6EF568F4-D437-4466-AA63-A3645136D93E}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
    @="{6EF568F4-D437-4466-AA63-A3645136D93E}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-01-15 01:25:10
    ComboFix-quarantined-files.txt 2013-01-15 09:25
    .
    Pre-Run: 43,920,183,296 bytes free
    Post-Run: 43,306,475,520 bytes free
    .
    - - End Of File - - 89F829083F534FEBEE2C928CE8E129BF
     
  6. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,665
    Thanks :)

    Your Java is out of date, so lets do that next:

    Upgrade Java : (32 bits)
    • Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 9 .
    • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
    • Accept License Agreement.[/b]".
    • Click on the link to download Windows Offline Installation 32 bit ( jre-7u9-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u9-windows-i586.exe and select "Run as an Administrator.")
    • Don't install any of the toolbars that are offered.


    After doing the above, for the remains of the Java, can you do this:

    Open Java in the Control Panel and under the General tab, under Temporary Internet Files, click the Settings button. Then click on Delete Files.

    Make sure both of these options are checked:

    • Applications and Applets
    • Trace and Log Files
    OK out of all the screens. :)


    --------------

    Download OTL to your Desktop

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Select
      All Users
      LOP Check
      Purity Check
    • Under the Standard Registry box change it to All
    • Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:

      Code:
      netsvcs
      activex
      msconfig
      %programdata%\*.sys
      %SYSTEMDRIVE%\*.
      %$Recycle.Bin\
      %PROGRAMFILES%\*.exe
      %LOCALAPPDATA%\*.exe
      %windir%\Installer\*.*
      %windir%\system32\tasks\*.*
      %windir%\system32\tasks\*.* /64
      %systemroot%\Fonts\*.exe
      %systemroot%\*. /mp /s
      /md5start
      consrv.dll
      explorer.exe
      winlogon.exe
      regedit.exe
      Userinit.exe
      svchost.exe
      services.exe
      user32.dll
      ATAPI.SYS
      /md5stop
      C:\Windows\assembly\tmp\U\*.* /s
      %Temp%\smtmp\1\*.*
      %Temp%\smtmp\2\*.*
      %Temp%\smtmp\3\*.*
      %Temp%\smtmp\4\*.*
      >C:\commands.txt echo list vol /raw /hide /c
      /wait
      >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
      /wait
      type c:\diskreport.txt /c
      /wait
      erase c:\commands.txt /hide /c
      /wait
      erase c:\diskreport.txt /hide /c
      CREATERESTOREPOINT
      
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
     
  7. spqr05

    spqr05 Thread Starter

    Joined:
    Dec 25, 2011
    Messages:
    130
    I've uninstalled and reinstalled Java. Now I'm running OTL like you said, but it keeps freezing. I run as administrator, nothing. Please review this and let me know if you think theirs another option (Safe Mode, etc.). It's the same spot every time Manual Scan.. C:windows. When that starts it freezes every time.
     

    Attached Files:

    • otl.jpg
      otl.jpg
      File size:
      176.8 KB
      Views:
      15
  8. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,665
    Hi

    For the OTL, just press Quick Scan instead, and leave the box empty at the bottom. It should work this time, it seems to be freezing for some people at the moment :(
     
  9. spqr05

    spqr05 Thread Starter

    Joined:
    Dec 25, 2011
    Messages:
    130
    OTL logfile created on: 1/22/2013 7:56:51 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jimmy\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.93 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 64.30% Memory free
    7.85 Gb Paging File | 5.29 Gb Available in Paging File | 67.34% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.07 Gb Total Space | 41.93 Gb Free Space | 9.30% Space Free | Partition Type: NTFS

    Computer Name: JIMMY_XPS | User Name: Jimmy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Jimmy\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Users\Jimmy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    PRC - C:\Users\Jimmy\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    PRC - C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe (Copernic Inc.)
    PRC - C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe (TechSmith Corporation)
    PRC - C:\Program Files (x86)\TechSmith\Snagit 11\SnagitEditor.exe (TechSmith Corporation)
    PRC - C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)
    PRC - C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe (TechSmith Corporation)
    PRC - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
    PRC - C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
    PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
    PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
    PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
    PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
    PRC - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
    PRC - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
    PRC - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
    PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
    PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
    PRC - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe (Sensible Vision )
    PRC - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
    PRC - c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (Sensible Vision )
    PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
    PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    PRC - C:\Program Files (x86)\Brother\Brmfl08l\FAXRX.exe (Brother Industries Ltd.)
    PRC - C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
    PRC - C:\Program Files (x86)\Maxtor\ManagerApp\msssort.exe (Seagate)
    PRC - C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation)
    PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e43f80b6a3a40323520dd89cb77500a8\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
    MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
    MOD - C:\Windows\SysWOW64\FAIEExtension.dll ()
    MOD - C:\Windows\SysWOW64\FAib.dll ()
    MOD - C:\Windows\SysWOW64\FACrashRpt.dll ()
    MOD - C:\Program Files (x86)\Brother\Brmfl08l\brrunpp.dll ()
    MOD - C:\Windows\SysWOW64\BrMuSNMP.dll ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
    SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
    SRV:64bit: - (TcpEmulatorTSP100LAN) -- C:\Program Files\StarMicronics\TSP100\Software\20110922\tcpemu_tsp100lan.exe (STAR MICRONICS CO,.LTD)
    SRV:64bit: - (PortEmulator) -- C:\Program Files\StarMicronics\TSP100\Software\20110922\portemu_umdf_tsp100.exe (Star Micronics Co., Ltd.)
    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
    SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
    SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
    SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
    SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe (IDT, Inc.)
    SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
    SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll ()
    SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (LogMeIn, Inc.)
    SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
    SRV - (atashost) -- C:\Windows\SysWOW64\atashost.exe (Cisco WebEx LLC)
    SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
    SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (PDFProFiltSrvPP) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
    SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
    SRV - (Sound Blaster X-Fi MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs)
    SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
    SRV - (ACT! Scheduler) -- C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe (Sage Software, Inc.)
    SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
    SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe (IDT, Inc.)
    SRV - (RoxMediaDB10) -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe (Sonic Solutions)
    SRV - (FAService) -- c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe (Sensible Vision )
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    SRV - (Maxtor Sync Services) -- C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
    SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
    DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET)
    DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET)
    DRV:64bit: - (EpfwLWF) -- C:\Windows\SysNative\drivers\EpfwLWF.sys (ESET)
    DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
    DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
    DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
    DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (ITECIRfilter) -- C:\Windows\SysNative\drivers\ITECIRfilter.sys (ITE Tech. Inc. )
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
    DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
    DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
    DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. )
    DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
    DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
    DRV:64bit: - (VNUSB) -- C:\Windows\SysNative\drivers\VNUSB.sys (OLYMPUS IMAGING CORP.)
    DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
    DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
    DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
    DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
    DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
    DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC)
    DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
    DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
    DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
    DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (FACAP) -- C:\Windows\SysNative\drivers\facap.sys (Sensible Vision )
    DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
    DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
    DRV - (RxFilter) -- C:\Windows\SysWOW64\drivers\RxFilter.sys (Sonic Solutions)
    DRV - (VNUSB) -- C:\Windows\SysWOW64\drivers\VNUSB.sys (OLYMPUS IMAGING CORP.)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{1DA89C11-8A88-4283-B24A-DD95C4069856}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{4042AFCA-38B6-48A1-8A05-9DEDCDA463A9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-383448877-2826582110-2547957227-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Jimmy\Desktop
    IE - HKU\S-1-5-21-383448877-2826582110-2547957227-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    IE - HKU\S-1-5-21-383448877-2826582110-2547957227-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
    IE - HKU\S-1-5-21-383448877-2826582110-2547957227-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKU\S-1-5-21-383448877-2826582110-2547957227-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://total.amplifyportal.com/login.aspx?ReturnUrl=/
    IE - HKU\S-1-5-21-383448877-2826582110-2547957227-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
    IE - HKU\S-1-5-21-383448877-2826582110-2547957227-1001\..\SearchScopes,DefaultScope = {A393AB38-49B1-43FD-8511-F1C0DA360775}
    IE - HKU\S-1-5-21-383448877-2826582110-2547957227-1001\..\SearchScopes\{A393AB38-49B1-43FD-8511-F1C0DA360775}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-383448877-2826582110-2547957227-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-i3752
    IE - HKU\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.2
    FF - prefs.js..extensions.enabledAddons: %7BAE93811A-5C9A-4d34-8462-F7B864FC4696%7D:4.16
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@stamps.com/Web client plug-in,version=1.0: C:\Program Files (x86)\Stamps.com Web Postage Plug-in\npsdcwc.dll (Stamps.com, Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jimmy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jimmy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/05/31 07:55:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/18 18:46:34 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/18 18:46:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/05/31 07:55:33 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7d666f76-9295-4370-b662-37e2dc87b5d7}: C:\Program Files (x86)\Copernic Desktop Search - Home\Firefox110Connector [2012/10/03 20:15:25 | 000,000,000 | ---D | M]

    [2010/02/25 07:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Extensions
    [2010/02/25 07:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2013/01/12 18:49:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\v3g4w6xg.default\extensions
    [2012/08/09 05:31:09 | 000,200,692 | ---- | M] () (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\v3g4w6xg.default\extensions\[email protected]
    [2012/08/22 06:24:07 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\v3g4w6xg.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
    [2012/12/29 17:08:04 | 000,377,738 | ---- | M] () (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\v3g4w6xg.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
    [2012/09/05 20:59:28 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\Jimmy\AppData\Roaming\Mozilla\Firefox\Profiles\v3g4w6xg.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
    [2013/01/18 18:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/01/18 18:46:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/01/18 18:46:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2013/01/18 18:46:34 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
    [2011/08/29 08:11:33 | 000,175,416 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
    [2007/03/22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL
    [2012/12/18 12:07:11 | 000,106,240 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
    [2012/11/17 06:36:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
    [2012/11/17 06:36:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
    [2012/11/17 06:36:54 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
    [2012/11/17 06:36:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
    [2012/11/17 06:36:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
    [2012/11/17 06:36:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
    [2012/11/17 06:36:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
    [2012/08/29 06:08:18 | 000,001,607 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
    [2011/09/08 07:29:51 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
    [2012/08/29 06:08:18 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/09/08 07:29:51 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
    [2013/01/11 11:52:05 | 000,001,453 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
    [2013/01/11 11:52:05 | 000,002,669 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
    [2012/10/18 20:54:37 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
    [2012/08/29 06:08:17 | 000,001,391 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
    [2012/08/29 06:08:17 | 000,001,309 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jimmy\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Stamps.com Web Client NPAPI Plug-in (Enabled) = C:\Program Files (x86)\Stamps.com Web Postage Plug-in\npsdcwc.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Jimmy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: Google Search = C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: Skype Click to Call = C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
    CHR - Extension: Gmail = C:\Users\Jimmy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2013/01/15 01:15:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile) - {D5233FCD-D258-4903-89B8-FB1568E7413D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-383448877-2826582110-2547957227-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-383448877-2826582110-2547957227-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
    O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
    O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [FAStartup] File not found
    O4 - HKLM..\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
    O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [mssSort] C:\Program Files (x86)\Maxtor\ManagerApp\msssort.exe (Seagate)
    O4 - HKLM..\Run: [mxomssmenu] C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
    O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-21-383448877-2826582110-2547957227-1001..\Run: [Akamai NetSession Interface] C:\Users\Jimmy\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKU\S-1-5-21-383448877-2826582110-2547957227-1001..\Run: [Copernic Desktop Search - Home] C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe (Copernic Inc.)
    O4 - HKU\S-1-5-21-383448877-2826582110-2547957227-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jimmy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FAXRX.lnk = C:\Program Files (x86)\Brother\Brmfl08l\FAXRX.exe (Brother Industries Ltd.)
    O4 - Startup: C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-383448877-2826582110-2547957227-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
    O9 - Extra Button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-383448877-2826582110-2547957227-1001\..Trusted Domains: 420soft.com ([www] https in Trusted sites)
    O16 - DPF: {1663ed6a-23eb-11d2-b92f-008048fdd814} https://vt.globalpay.com/admin/objects/smsx.cab (MeadCo Extended HTML Printing)
    O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1267144283927 (MUCatalogWebControl Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab?rnd=3686559592 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78EE4B38-57E0-480B-BBE5-5F1924BB3158}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E075AA2A-6281-443E-A045-BACCD7621C0A}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4F7F0E1-260C-4E69-822A-BADAD0CA0869}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
    O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O20 - Winlogon\Notify\FastAccess: DllName - (c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
    O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
    O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/20 15:17:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe
    [2013/01/20 15:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2013/01/20 15:13:58 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013/01/20 15:13:50 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/01/20 15:13:50 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/01/20 15:13:50 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/01/20 09:48:14 | 031,473,568 | ---- | C] (Oracle Corporation) -- C:\Users\Jimmy\Desktop\jre-7u11-windows-i586.exe
    [2013/01/18 18:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/01/18 11:01:48 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Desktop\PPS_I-10_website
    [2013/01/18 10:49:32 | 004,702,459 | ---- | C] (FileZilla Project) -- C:\Users\Jimmy\Desktop\FileZilla_3.6.0.2_win32-setup.exe
    [2013/01/17 12:49:12 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\CrashDumps
    [2013/01/16 09:37:29 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
    [2013/01/16 09:21:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/01/15 21:38:50 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\Documents\Snagit
    [2013/01/15 21:38:43 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\assembly
    [2013/01/15 21:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
    [2013/01/15 21:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
    [2013/01/15 21:37:45 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\TechSmith
    [2013/01/15 21:37:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
    [2013/01/14 23:28:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/01/14 23:28:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/01/14 23:28:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/01/14 23:28:10 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/01/14 23:27:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/01/14 23:24:34 | 005,022,074 | R--- | C] (Swearware) -- C:\Users\Jimmy\Desktop\username123.exe
    [2013/01/14 20:52:51 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Jimmy\Desktop\aswMBR.exe
    [2013/01/13 11:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2013/01/13 11:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2013/01/13 11:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2013/01/13 11:20:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2013/01/13 11:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    [2013/01/12 18:41:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/01/12 18:41:30 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/01/12 09:43:34 | 000,499,023 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Jimmy\Desktop\JRT.exe
    [2013/01/11 03:59:11 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
    [2013/01/11 03:59:11 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
    [2013/01/11 03:56:32 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2013/01/11 03:56:24 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
    [2013/01/04 10:02:12 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Jimmy\Desktop\dds (1).scr
    [2013/01/03 20:49:30 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\Adobe
    [2013/01/03 20:44:43 | 000,000,000 | ---D | C] -- C:\Users\Jimmy\AppData\Local\Programs
    [2010/03/02 14:51:26 | 021,046,160 | ---- | C] (Sage Software ) -- C:\Users\Jimmy\AppData\Roaming\ACT1200HotFix_SS.exe

    ========== Files - Modified Within 30 Days ==========

    [2013/01/22 07:26:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-383448877-2826582110-2547957227-1001UA.job
    [2013/01/22 06:56:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/21 18:54:12 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-383448877-2826582110-2547957227-1001Core.job
    [2013/01/21 12:11:10 | 000,795,968 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/01/21 12:11:10 | 000,675,674 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/01/21 12:11:10 | 000,125,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/01/20 19:56:37 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/20 19:56:37 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/20 19:50:35 | 000,001,194 | ---- | M] () -- C:\Users\Jimmy\Desktop\Jimmy_XPS on (MadMax).lnk
    [2013/01/20 19:46:48 | 3161,878,528 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/20 19:37:54 | 000,181,044 | ---- | M] () -- C:\Users\Jimmy\Desktop\otl.jpg
    [2013/01/20 15:17:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jimmy\Desktop\OTL.exe
    [2013/01/20 15:13:41 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/01/20 15:13:32 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013/01/20 15:13:32 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/01/20 15:13:31 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/01/20 15:13:29 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
    [2013/01/20 15:13:29 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
    [2013/01/20 09:48:28 | 031,473,568 | ---- | M] (Oracle Corporation) -- C:\Users\Jimmy\Desktop\jre-7u11-windows-i586.exe
    [2013/01/20 08:15:04 | 000,002,046 | ---- | M] () -- C:\Users\Jimmy\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/01/18 10:49:58 | 004,702,459 | ---- | M] (FileZilla Project) -- C:\Users\Jimmy\Desktop\FileZilla_3.6.0.2_win32-setup.exe
    [2013/01/16 09:24:01 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/01/16 09:24:01 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/01/15 21:38:09 | 000,001,152 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk
    [2013/01/15 01:15:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/01/14 23:24:45 | 005,022,074 | R--- | M] (Swearware) -- C:\Users\Jimmy\Desktop\username123.exe
    [2013/01/14 23:16:40 | 000,000,512 | ---- | M] () -- C:\Users\Jimmy\Desktop\MBR.dat
    [2013/01/14 23:03:30 | 611,787,078 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/01/14 20:53:46 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Jimmy\Desktop\aswMBR.exe
    [2013/01/13 19:09:04 | 000,116,091 | ---- | M] () -- C:\Users\Jimmy\Desktop\rib design - changes for ribs.jpg
    [2013/01/13 11:22:16 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2013/01/12 09:43:42 | 000,554,087 | ---- | M] () -- C:\Users\Jimmy\Desktop\adwcleaner.exe
    [2013/01/12 09:43:35 | 000,499,023 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Jimmy\Desktop\JRT.exe
    [2013/01/12 09:13:53 | 000,856,731 | ---- | M] () -- C:\Users\Jimmy\Desktop\SecurityCheck.exe
    [2013/01/12 08:31:19 | 000,001,135 | ---- | M] () -- C:\Users\Jimmy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2013/01/11 04:23:01 | 002,393,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/01/10 09:25:34 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
    [2013/01/04 10:02:13 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Jimmy\Desktop\dds (1).scr
    [2013/01/03 20:25:01 | 000,001,786 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
    [2012/12/29 23:45:12 | 000,001,054 | ---- | M] () -- C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2012/12/29 23:44:26 | 000,001,022 | ---- | M] () -- C:\Users\Jimmy\Desktop\Dropbox.lnk
    [2012/12/26 11:17:00 | 000,640,681 | ---- | M] () -- C:\Users\Jimmy\Desktop\mini-power-screwdriver1.jpg
    [2012/12/26 11:12:00 | 001,214,862 | R--- | M] () -- C:\Users\Jimmy\Desktop\mini power screwdriver.jpg

    ========== Files Created - No Company Name ==========

    [2013/01/20 19:29:56 | 000,181,044 | ---- | C] () -- C:\Users\Jimmy\Desktop\otl.jpg
    [2013/01/15 21:38:09 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk
    [2013/01/14 23:28:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/01/14 23:28:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/01/14 23:28:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/01/14 23:28:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/01/14 23:28:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/01/14 23:16:40 | 000,000,512 | ---- | C] () -- C:\Users\Jimmy\Desktop\MBR.dat
    [2013/01/13 19:09:04 | 000,116,091 | ---- | C] () -- C:\Users\Jimmy\Desktop\rib design - changes for ribs.jpg
    [2013/01/13 11:22:16 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2013/01/12 09:43:42 | 000,554,087 | ---- | C] () -- C:\Users\Jimmy\Desktop\adwcleaner.exe
    [2013/01/12 09:13:52 | 000,856,731 | ---- | C] () -- C:\Users\Jimmy\Desktop\SecurityCheck.exe
    [2012/12/26 11:17:00 | 000,640,681 | ---- | C] () -- C:\Users\Jimmy\Desktop\mini-power-screwdriver1.jpg
    [2012/12/26 11:12:00 | 001,214,862 | R--- | C] () -- C:\Users\Jimmy\Desktop\mini power screwdriver.jpg
    [2012/11/25 18:37:48 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
    [2012/06/04 10:13:28 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\f9t.dat
    [2012/04/11 15:59:30 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
    [2011/12/21 17:09:19 | 000,000,000 | ---- | C] () -- C:\Windows\BRPARAM.INI
    [2011/12/21 14:27:54 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
    [2011/12/21 14:27:48 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
    [2011/06/06 15:03:32 | 000,007,685 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\Resmon.ResmonCfg
    [2010/05/04 07:06:25 | 008,658,813 | ---- | C] () -- C:\Users\Jimmy\AppData\Roaming\DataSafeDotNet.exe
    [2010/04/06 10:27:52 | 000,010,240 | ---- | C] () -- C:\Users\Jimmy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/03/07 20:12:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/03/04 09:46:23 | 000,000,760 | ---- | C] () -- C:\Users\Jimmy\AppData\Roaming\setup_ldm.iss
    [2010/03/02 14:59:12 | 000,001,786 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

    ========== ZeroAccess Check ==========

    [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
    [2010/03/29 14:38:52 | 000,000,000 | ---D | M] -- C:\Windows\assembly\GAC_MSIL\Act.Outlook.Service.Desktop

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011/12/31 17:06:52 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ACT
    [2011/12/31 17:07:22 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ControlCenter4
    [2011/12/31 17:06:44 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ESET
    [2011/12/31 21:11:11 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\FileOpen
    [2011/12/31 17:08:15 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\IsolatedStorage
    [2010/03/29 14:38:58 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\ACT
    [2011/07/03 19:01:22 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\avidemux
    [2011/12/21 17:15:20 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\ControlCenter4
    [2010/03/04 09:51:38 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Copernic
    [2012/11/25 18:38:27 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\DassaultSystemes
    [2013/01/20 19:51:48 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Dropbox
    [2012/12/02 12:43:44 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\EDrawings
    [2010/02/25 07:05:44 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\ESET
    [2011/10/30 20:00:32 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Feedreader
    [2010/08/12 09:57:52 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\FileOpen
    [2013/01/18 11:14:38 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\FileZilla
    [2010/03/02 14:59:12 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\IsolatedStorage
    [2010/03/07 11:37:09 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Maxtor Quick Start
    [2011/08/09 18:12:04 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Notepad++
    [2011/12/25 10:46:10 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Nuance
    [2010/09/01 10:44:56 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\PC-FAX TX
    [2012/08/10 13:18:01 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Stamps.com Internet Postage
    [2012/09/18 15:00:46 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Star
    [2010/02/27 08:44:49 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\SystemRequirementsLab
    [2013/01/20 19:48:38 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\uTorrent
    [2011/08/29 09:34:49 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\webex
    [2010/05/11 10:12:20 | 000,000,000 | ---D | M] -- C:\Users\Jimmy\AppData\Roaming\Zeon
    [2010/10/21 19:43:04 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\ACT
    [2010/10/21 19:42:52 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\ESET
    [2010/10/21 19:43:14 | 000,000,000 | ---D | M] -- C:\Users\Mary\AppData\Roaming\IsolatedStorage

    ========== Purity Check ==========



    < End of report >

    OTL Extras logfile created on: 1/22/2013 7:56:51 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jimmy\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.93 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 64.30% Memory free
    7.85 Gb Paging File | 5.29 Gb Available in Paging File | 67.34% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.07 Gb Total Space | 41.93 Gb Free Space | 9.30% Space Free | Partition Type: NTFS

    Computer Name: JIMMY_XPS | User Name: Jimmy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1D054C8D-8981-44D8-8DD5-E5241C8C1499}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{1D5F8627-1AFC-4DE2-BBB1-E99854323202}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
    "{23C401E0-4B70-4D53-A6ED-9D3358C2D709}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{303F41AB-AD85-4DBB-8D62-877970AF38C5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{451A36FD-6558-4BA4-A12D-E1939F823BBF}" = rport=137 | protocol=17 | dir=out | app=system |
    "{4A6C6310-FFEA-4146-B8C7-6AFE36449739}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4C466E5A-E43F-4BB1-BF37-F82A0BB57B6B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4CE5611E-EEB1-4FD3-A9D9-D1040329BA97}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4E1CBD7C-61A6-412F-9DBE-EF333FF04D37}" = lport=137 | protocol=17 | dir=in | app=system |
    "{5FFFEB90-DE4A-4ADC-81E4-1EE559D3317A}" = lport=139 | protocol=6 | dir=in | app=system |
    "{608614E6-E47F-4415-8D93-5007A172A2DB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{6E1C79B0-45D1-4760-BC4E-F2A51C0D00D1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6EDF3BC3-4D8D-4262-87AD-BB9C4EB4DAD8}" = lport=138 | protocol=17 | dir=in | app=system |
    "{86C7F59D-4682-4848-844A-DF630A68F689}" = rport=138 | protocol=17 | dir=out | app=system |
    "{96B90AB1-6739-49DB-95C5-DB6A5F17F830}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
    "{9E679440-D642-4229-B2FD-38301FFD7282}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{9F125126-84CD-4C32-BDC2-9DC8DDC3CA20}" = rport=445 | protocol=6 | dir=out | app=system |
    "{A47090C9-409C-4608-B3A5-816822B46675}" = rport=139 | protocol=6 | dir=out | app=system |
    "{B3593DE7-3474-44FC-8551-0F0397D2302A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{CE4B714B-EE0D-4F27-8136-BA88D2211733}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{D341104D-EAD5-44D7-9E94-0229A86EE4E6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{DD2ED12A-93E1-4993-838C-28B88544ABB2}" = lport=50944 | protocol=6 | dir=in | name=akamai netsession interface |
    "{DEFA059A-528A-4184-ACDC-86DCF25A06E5}" = lport=445 | protocol=6 | dir=in | app=system |
    "{E4E267DC-EFBC-4385-BA7B-087191DF4236}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{EA70BFCE-B8A7-44EF-928A-2321097BA1A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F54AC1D4-210E-4D9B-BE36-1A6F9F1454FD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{FF733AE2-4F25-465A-807E-9CE73558A6CE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0031E94F-045A-45F7-AF27-6614FACFAD2A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{00B777B8-8A62-4950-9B36-7EC146C5E4CB}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{0DB04AA5-76E7-4496-9AE2-1B14CD312E33}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{0F4E8ADA-FC62-496C-BAEC-C365E7B55395}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{19E9091F-D6F6-4875-967A-1327E300CB20}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{2243AFD5-6E0A-41EE-A8DC-A6B5CBDC1BE7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{23769AEB-9705-455D-AD0A-07F35BC0B54A}" = protocol=6 | dir=in | app=c:\users\jimmy\appdata\roaming\dropbox\bin\dropbox.exe |
    "{273D6D24-1416-4249-854C-7A76C4037D76}" = protocol=17 | dir=in | app=c:\users\jimmy\appdata\roaming\dropbox\bin\dropbox.exe |
    "{2D8BF2AF-0CB8-4694-98ED-CFBD2AA9BE6A}" = protocol=17 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{2EF1C65F-7CA7-415F-9121-7B6532C2343D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{3C107F1F-A6A8-4448-86B8-F9E17FB42347}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{3FB6C70A-1492-405A-A0EC-2DBB766303C0}" = protocol=1 | dir=in | [email protected],-28543 |
    "{43EC3C0D-E9CA-4DE2-8C9A-6765ABA02F61}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    "{46E65A70-2A45-4D13-9E2D-D564DDF1EBDB}" = protocol=6 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{49BFC8BA-4C5D-4A09-8004-220932372365}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{6BBFFAAB-D76C-4F5C-90CD-41E2C1F3CB31}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{6BC72A9C-02FB-4E8E-A473-74D878D4424E}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{6D40878B-B295-4F4C-9EDD-CDE30E814E32}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl08l\faxrx.exe |
    "{71B3A4D1-4690-4C82-B225-9CD0FA201DC5}" = protocol=6 | dir=in | app=c:\users\jimmy\appdata\local\akamai\netsession_win.exe |
    "{7A3981F3-116B-4CF8-B43C-34032221A1B1}" = protocol=6 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{7C0E9327-6E75-442D-A6E7-4D222707E0C0}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl08l\faxrx.exe |
    "{7C5EA2B6-CD0B-47FE-8C45-636E07101874}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{7EE0579F-E731-4E82-82A4-618D89DF00C0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
    "{892C2DB5-A4B9-4D14-962C-616DC6A63F06}" = protocol=58 | dir=in | [email protected],-28545 |
    "{8E0A2C78-6091-48BD-8200-393954A287B5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{A761212D-1D87-423F-9A38-1B6FF59C9F30}" = protocol=17 | dir=in | app=c:\users\jimmy\appdata\local\akamai\netsession_win.exe |
    "{A766DF17-A6A3-4F39-BA55-3EF42B6E4070}" = protocol=1 | dir=out | [email protected],-28544 |
    "{AD2F0F93-A4C5-4CD5-8D4E-810D978051A7}" = protocol=17 | dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{AE5C90FB-C0B3-499F-B8ED-D635AAAA1AC3}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{B39037CF-62B4-4A9C-83F5-37D0F9C67B23}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BEFF274B-694E-430C-9DD8-805FFA1F2D79}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C1C0A349-3B1E-4296-AA19-908788DE4053}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{D45D1988-FDAB-43B2-91B8-C57D6E806D9D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E7A7E0C1-A351-4F7D-8DC5-E185E37DD63C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
    "{E889B25B-B376-46F2-B8B7-B30D6FB18635}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
    "{EB2BAC7C-47DA-43B3-A6D6-A9CE1B8C1DC3}" = protocol=58 | dir=out | [email protected],-28546 |
    "{F17FBC4F-3D25-4216-8267-8F374C4B05F9}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
    "TCP Query User{3523B348-F696-41EA-AD1D-20FB63CD3E23}C:\program files (x86)\brother\brmfl08l\faxrx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl08l\faxrx.exe |
    "TCP Query User{3B3FBC84-6D94-4E79-8B62-DC61080B790D}C:\program files (x86)\maxtor\managerapp\maxutilities.exe" = protocol=6 | dir=in | app=c:\program files (x86)\maxtor\managerapp\maxutilities.exe |
    "TCP Query User{64F0F725-A466-4A23-8357-925C5A824C9C}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "TCP Query User{699C2E01-1503-4919-A6F0-238D9B976383}C:\program files (x86)\act\act for windows\actsage.exe" = protocol=6 | dir=in | app=c:\program files (x86)\act\act for windows\actsage.exe |
    "TCP Query User{B6072729-18F2-4AAF-82F3-56BDD74BA406}C:\program files (x86)\act\act for windows\actsage.exe" = protocol=6 | dir=in | app=c:\program files (x86)\act\act for windows\actsage.exe |
    "TCP Query User{D8E0B029-0CAE-4015-A07D-F6000CA9CCD5}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
    "UDP Query User{06824C8D-D06F-444A-9F99-BEF9B0389D59}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{104DB696-307A-4BAE-A536-2CF2B991A8D4}C:\program files (x86)\maxtor\managerapp\maxutilities.exe" = protocol=17 | dir=in | app=c:\program files (x86)\maxtor\managerapp\maxutilities.exe |
    "UDP Query User{69882D43-9689-43F3-9B0C-D6C14407E3D0}C:\program files (x86)\act\act for windows\actsage.exe" = protocol=17 | dir=in | app=c:\program files (x86)\act\act for windows\actsage.exe |
    "UDP Query User{B31C4DEB-E31F-4831-8D7C-CEF1463E2BAC}C:\program files (x86)\brother\brmfl08l\faxrx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl08l\faxrx.exe |
    "UDP Query User{D1BAF2A6-36C8-435E-B01F-57F28CFA5AA8}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
    "UDP Query User{FFF01A0E-E26A-4467-B9AD-F20644471194}C:\program files (x86)\act\act for windows\actsage.exe" = protocol=17 | dir=in | app=c:\program files (x86)\act\act for windows\actsage.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
    "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
    "{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}" = MobileMe Control Panel
    "{50F8DCCB-8011-47E4-8D91-8321794BF014}" = TSP100 Setup Version 5.2.0
    "{52A09891-6744-42A9-8C32-F5371652CB86}" = SolidWorks eDrawings 2013 x64
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{AE124EE9-EF32-69C5-60F9-FFA0FFF7F9B1}" = ccc-utility64
    "{B4735ADA-2C32-4DB1-809C-D3D424343ED9}" = FastAccess
    "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi Software
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
    "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
    "{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
    "{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
    "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F7274D82-C857-4C20-AB1A-D701D64BFD90}" = ESET Smart Security
    "75BD84FDFF77342C2A347F729669CBD84CE11B04" = Windows Driver Package - OLYMPUS IMAGING CORP. (VNUSB) VNUSB (09/29/2009 2.0.0.0)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = Dell Touchpad

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{0650BB10-BCF4-400A-85EE-04097E3046C6}" = Adobe Setup
    "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
    "{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
    "{0A02D347-5E53-48A5-BC49-1469393103FA}" = Brother MFL-Pro Suite MFC-495CW
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{19B54068-29AC-4C63-B23E-437329EE8258}" = Stamps.com Web Postage Plug-in
    "{1DC7DFF9-2180-0E7E-DB49-817280EE4E93}" = Catalyst Control Center Graphics Light
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
    "{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
    "{27B94460-B1A6-BE42-D92A-4FCDCF4A719F}" = CCC Help German
    "{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
    "{28AEC0F5-E361-4F9C-A966-D3C3FE897D41}" = SolidWorks viewer
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ACT7)
    "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
    "{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{47BC5D36-B837-B2A8-FB46-F6EC602A7F9C}" = Catalyst Control Center Graphics Previews Common
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B8C6616-F310-60D3-71FD-057C16DB3E8A}" = CCC Help Finnish
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{560EFF7F-252D-4841-89CD-4EEB76D5FC1F}" = Maxtor Central Axis Manager
    "{58795EE4-FCF7-43A4-A5F6-269E69D0CD0B}" = ACT! by Sage 2010
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{5FEF1894-CF67-B16C-11B6-5818358B3FC9}" = CCC Help Russian
    "{60E9E76A-FB31-67CB-8071-A1D38A499A86}" = CCC Help French
    "{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{6869DEA9-8FA6-E3E0-05B6-8187FEB71D52}" = Skins
    "{68723B04-57EC-11E1-A6A8-9E2D4824019B}" = Snagit 11
    "{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
    "{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
    "{6ED86F6F-7130-48F5-2AF7-5D693098057F}" = CCC Help Norwegian
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
    "{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}" = Sound Blaster X-Fi MB
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}" = FileOpen Client
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{976475B8-63E9-4559-BE2C-D26086BE4C40}" = LogMeIn
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B9F49A2-6791-761F-6077-22977B0FD03D}" = CCC Help Dutch
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}" = Brother MFL-Pro Suite MFC-J430W
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A697D62C-643B-5315-204B-D43055A86649}" = CCC Help Swedish
    "{A6B483B0-E8E8-0EE1-D678-FEEBDF27FE15}" = Catalyst Control Center Localization All
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A9316AC7-CAB2-C29B-F8B6-6239817B1B45}" = CCC Help Chinese Standard
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
    "{AC76BA86-1033-F400-7760-000000000004}_953" = Adobe Acrobat 9.5.3 - CPSID_83708
    "{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{AFF254B3-ABBC-15E7-200E-FABF74314C13}" = ccc-core-static
    "{B27E389B-AE9B-BEB6-8FCF-BA293F884C70}" = CCC Help Japanese
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
    "{B5AB153E-59F3-AB56-F8A7-43E531368327}" = Catalyst Control Center Graphics Full New
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BA214394-CDD8-BB3C-3FCC-8294C9A02ACA}" = CCC Help Chinese Traditional
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
    "{BF8DC895-9CC3-E284-6ADF-67077E3FBCA2}" = CCC Help Danish
    "{BFB8C7BE-3BFA-446C-9F3E-3AFBA5BC1033}" = Nero 7 Ultra Edition
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
    "{CE4C9170-F517-42EB-A5CB-F16DE610315A}" = Stamps.com Application Support for Microsoft Outlook 2000-2010
    "{CFE58B1C-5923-4658-8073-D46850B674DA}" = MagTek USBMSR Demo
    "{D0016802-8E49-0DED-0B9C-F8946945998F}" = Catalyst Control Center Graphics Full Existing
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{DAD4DE93-9438-4823-AE5E-93A1BE846FE0}" = Stamps.com Application Support for Microsoft Word 2000-2010
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DC068C99-4AF6-C4B4-178F-790CC62B93ED}" = Catalyst Control Center Graphics Previews Vista
    "{DD786529-8C5E-4C64-9FA6-D47FBF17C392}" = Catalyst Control Center InstallProxy
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{DDBBE693-E9E5-A743-4C11-D693F94A80D7}" = Catalyst Control Center Core Implementation
    "{DF6BCD20-50DC-4DE6-4798-948DF8CAC38A}" = CCC Help Korean
    "{DF8F8A4A-C9EB-79EC-7597-166D3042EAA8}" = CCC Help Spanish
    "{E19F161D-7FD0-FECB-41B1-A036862C3E47}" = CCC Help English
    "{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2270DW
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E393AA7A-33AE-1F62-0C33-D107BB03E74E}" = CCC Help Portuguese
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype&#8482; 6.0
    "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
    "{EE7BEE99-4C13-DF3E-142B-5E4BA8D10CEC}" = CCC Help Italian
    "{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Complete Care Consumer Service Agreement
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F2682E66-3DEF-4066-AD9F-70DDB96CDDCC}" = MeadCo ScriptX (v7.0.0.8 (x86))
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
    "{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
    "{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "ActiveTouchMeetingClient" = WebEx
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
    "Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
    "Adobe_7328fdfcb73660ec8b11d5a3d5c6232" = Adobe Dreamweaver CS3
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Akamai" = Akamai NetSession Interface Service
    "Avidemux 2.5" = Avidemux 2.5
    "Cisco Connect" = Cisco Connect
    "CopernicDesktopSearch2" = Copernic Desktop Search - Home
    "Dell Webcam Central" = Dell Webcam Central
    "D-Link Powerline AV Utility" = D-Link Powerline AV Utility
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD Shrink_is1" = DVD Shrink 3.2
    "InstallShield_{560EFF7F-252D-4841-89CD-4EEB76D5FC1F}" = Maxtor Central Axis Manager
    "InstallShield_{58795EE4-FCF7-43A4-A5F6-269E69D0CD0B}" = ACT! by Sage 2010
    "InstallShield_{CFE58B1C-5923-4658-8073-D46850B674DA}" = MagTek USBMSR Demo
    "jZip" = jZip
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Notepad++" = Notepad++
    "Prototyper Free 2.0.0" = Prototyper Free 2.0.0
    "Stamps.com" = Stamps.com
    "Stamps.com support for Microsoft Outlook 2000-2010" = Stamps.com support for Microsoft Outlook 2000-2010
    "Stamps.com support for Microsoft Word 2000-2010" = Stamps.com support for Microsoft Word 2000-2010
    "Stamps.com Web Postage Plug-in" = Stamps.com Web Postage Plug-in
    "SystemRequirementsLab" = System Requirements Lab
    "uTorrent" = µTorrent
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "Xvid_is1" = Xvid 1.2.2 final uninstall

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "Dropbox" = Dropbox
    "FileZilla Client" = FileZilla Client 3.6.0.2
    "Google Chrome" = Google Chrome
    "GoToMeeting" = GoToMeeting 5.1.0.880
    "JoinMe" = join.me

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 1/22/2013 4:09:22 AM | Computer Name = Jimmy_XPS | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 17191

    Error - 1/22/2013 4:09:23 AM | Computer Name = Jimmy_XPS | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/22/2013 4:09:23 AM | Computer Name = Jimmy_XPS | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 18252

    Error - 1/22/2013 4:09:23 AM | Computer Name = Jimmy_XPS | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 18252

    Error - 1/22/2013 4:09:24 AM | Computer Name = Jimmy_XPS | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/22/2013 4:09:24 AM | Computer Name = Jimmy_XPS | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 19251

    Error - 1/22/2013 4:09:24 AM | Computer Name = Jimmy_XPS | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 19251

    Error - 1/22/2013 10:56:41 AM | Computer Name = Jimmy_XPS | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/22/2013 10:56:41 AM | Computer Name = Jimmy_XPS | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 24456948

    Error - 1/22/2013 10:56:41 AM | Computer Name = Jimmy_XPS | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 24456948

    [ Dell Events ]
    Error - 2/1/2012 2:46:53 AM | Computer Name = Jimmy_XPS | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 7/9/2012 11:22:52 PM | Computer Name = Jimmy_XPS | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 7/9/2012 11:22:52 PM | Computer Name = Jimmy_XPS | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 7/9/2012 11:26:39 PM | Computer Name = Jimmy_XPS | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 7/9/2012 11:26:39 PM | Computer Name = Jimmy_XPS | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 7/10/2012 2:48:28 PM | Computer Name = Jimmy_XPS | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 7/10/2012 2:48:28 PM | Computer Name = Jimmy_XPS | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 7/28/2012 11:48:19 PM | Computer Name = Jimmy_XPS | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 7/28/2012 11:48:20 PM | Computer Name = Jimmy_XPS | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 7/29/2012 12:29:35 AM | Computer Name = Jimmy_XPS | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    [ System Events ]
    Error - 1/16/2013 1:43:34 PM | Computer Name = Jimmy_XPS | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    RxFilter

    Error - 1/16/2013 1:48:55 PM | Computer Name = Jimmy_XPS | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the SftService service.

    Error - 1/18/2013 1:20:45 PM | Computer Name = Jimmy_XPS | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    RxFilter

    Error - 1/18/2013 1:21:45 PM | Computer Name = Jimmy_XPS | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the SftService service.

    Error - 1/20/2013 1:05:38 PM | Computer Name = Jimmy_XPS | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    RxFilter

    Error - 1/20/2013 1:19:58 PM | Computer Name = Jimmy_XPS | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the SftService service.

    Error - 1/20/2013 7:07:21 PM | Computer Name = Jimmy_XPS | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    RxFilter

    Error - 1/20/2013 7:09:54 PM | Computer Name = Jimmy_XPS | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the SftService service.

    Error - 1/20/2013 7:12:04 PM | Computer Name = Jimmy_XPS | Source = Service Control Manager | ID = 7022
    Description = The Windows Search service hung on starting.

    Error - 1/20/2013 11:47:25 PM | Computer Name = Jimmy_XPS | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    RxFilter


    < End of report >
     
  10. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,665
    Now, what I have seen is you have a lot of programs running at startup. Once we're sure the malware has gone, we'll trim those, as that may help :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      Code:
      :OTL
      IE - HKU\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-383448877-2826582110-2547957227-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O4 - HKLM..\Run: [FAStartup] File not found
      O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
      O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
      O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
      O4 - Startup: C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
      O4 - Startup: C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
      O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
      O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
      O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
      O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
      O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
      O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
      O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
      O18 - Protocol\Handler\msdaipp - No CLSID value found
      O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      :Files
      ipconfig /flushdns /c
      :Commands 
      [purity] 
      [CREATERESTOREPOINT] 
      [Reboot]
    • Then click the Run Fix button at the top
    • Click OK.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.



    ------------------------

    Then, after doing that, can you do this:



    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :folderfind
      *utorrent*
      *conduit*
      *pricegong*
      :filefind
      *utorrent*.*
      *conduit*.*
      *pricegong*.*
      :regfind
      utorrent
      conduit
      pricegong
      :dir
      c:\programdata
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found at on your Desktop entitled SystemLook.txt
     
  11. spqr05

    spqr05 Thread Starter

    Joined:
    Dec 25, 2011
    Messages:
    130
    i had to hold down the power after the first restart with OTL. Then it worked. I'm missing the bar across the top of my screen that came with this dell .ike shortcuts, I'd like to have that back if I could.


    ========== OTL ==========
    HKU\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FAStartup deleted successfully.
    C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.
    File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
    C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
    C:\Users\Jimmy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
    C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
    Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
    Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
    Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
    Registry key HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\0x00000001\ deleted successfully.
    File Protocol\Handler\http\0x00000001 - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\oledb\ deleted successfully.
    File Protocol\Handler\http\oledb - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\0x00000001\ deleted successfully.
    File Protocol\Handler\https\0x00000001 - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\oledb\ deleted successfully.
    File Protocol\Handler\https\oledb - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
    File Protocol\Handler\livecall - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
    File Protocol\Handler\msdaipp - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
    File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
    File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
    File Protocol\Handler\ms-itss - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
    File Protocol\Handler\msnim - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap\ deleted successfully.
    File Protocol\Handler\mso-offdap - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap11\ deleted successfully.
    File Protocol\Handler\mso-offdap11 - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
    File Protocol\Handler\skype4com - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
    File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
    File Protocol\Handler\wlmailhtml - No CLSID value found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ not found.
    File Protocol\Handler\msdaipp - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Jimmy\Desktop\cmd.bat deleted successfully.
    C:\Users\Jimmy\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 01242013_001202

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


    SystemLook 30.07.11 by jpshortstuff
    Log created at 00:24 on 24/01/2013 by Jimmy
    Administrator - Elevation successful

    ========== folderfind ==========

    Searching for "*utorrent*"
    C:\Program Files (x86)\uTorrent d------ [16:50 27/02/2011]
    C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppHang_utorrent.exe_c03b988d69463c5a883fa54ff2cac9c841a1f0_131fc94a d----c- [16:51 27/02/2011]
    C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppHang_utorrent.exe_c03b988d69463c5a883fa54ff2cac9c841a1f0_131fc94a d----c- [16:51 27/02/2011]
    C:\Users\Guest\AppData\LocalLow\uTorrentBar d------ [01:07 01/01/2012]
    C:\Users\Jimmy\AppData\Roaming\uTorrent d------ [16:49 27/02/2011]

    Searching for "*conduit*"
    C:\Users\Guest\AppData\LocalLow\Conduit d------ [01:08 01/01/2012]
    C:\Users\Guest\AppData\LocalLow\ConduitEngine d------ [01:07 01/01/2012]
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_CT2786678 d------ [01:08 01/01/2012]
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_en d------ [01:09 01/01/2012]
    C:\Windows\assembly\GAC_MSIL\Act.Devices.Conduit.Config d------ [22:56 02/03/2010]
    C:\Windows\assembly\GAC_MSIL\Act.Devices.Conduit.Records d------ [22:56 02/03/2010]
    C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Devices.Conduit# d------ [11:45 12/01/2013]

    Searching for "*pricegong*"
    No folders found.

    ========== filefind ==========

    Searching for "*utorrent*.*"
    C:\Program Files (x86)\uTorrent\uTorrent.exe --a---- 396152 bytes [16:50 27/02/2011] [16:50 27/02/2011] 761926D007A7E79ADEFB6752B119FDE8
    C:\Users\Jimmy\AppData\Roaming\uTorrent\utorrent.lng --a---- 1132544 bytes [15:35 31/05/2012] [06:45 02/10/2012] FF47BE91984FF32CE63E54BDE334EFF9
    C:\Users\Jimmy\Downloads\utorrent.exe --a---- 396152 bytes [16:49 27/02/2011] [16:49 27/02/2011] 761926D007A7E79ADEFB6752B119FDE8

    Searching for "*conduit*.*"
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206160 bytes [06:32 10/08/2012] [06:32 10/08/2012] 309B2B1B22EE841E49F62C7A6FB55E46
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\78UP1P1L\conduit[1].htm --a---- 203 bytes [05:49 01/01/2012] [05:49 01/01/2012] 5CA5FCF8A181E67C59A5A6D753BC7CEB
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\78UP1P1L\conduit[2].htm --a---- 203 bytes [00:31 02/01/2012] [00:31 02/01/2012] 5CA5FCF8A181E67C59A5A6D753BC7CEB
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\78UP1P1L\conlogotr_search_conduit_com[1].gif --a---- 43 bytes [02:31 02/01/2012] [02:31 02/01/2012] DB04C7B378CB2DB912C3BA8A5A774EE3
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\78UP1P1L\contextmenu_toolbar_conduit-services_com[1].xml --a---- 6586 bytes [01:08 01/01/2012] [01:08 01/01/2012] 0DC95CF28A384D3BFBFA60244A55125A
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\78UP1P1L\settings_engine_conduit-services_com[1].txt --a---- 3792 bytes [04:11 01/01/2012] [04:11 01/01/2012] DCDE161D428E08C799B9C7F20B17EB95
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DG9Q5FKE\appsmetadata_toolbar_conduit-services_com[1].txt --a---- 1271 bytes [04:29 02/01/2012] [04:29 02/01/2012] 1B0B0C7E530A19EDFA4FA025C8AA73BD
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DG9Q5FKE\conlogotr_search_conduit_com[1].gif --a---- 43 bytes [00:31 02/01/2012] [00:31 02/01/2012] DB04C7B378CB2DB912C3BA8A5A774EE3
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JRU7QA34\bing_conduit-services_com[1].htm --a---- 1949 bytes [02:31 02/01/2012] [02:31 02/01/2012] 6643274D981B6C8116CCCB18349D1D25
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JRU7QA34\conduit[1].htm --a---- 203 bytes [04:17 01/01/2012] [04:17 01/01/2012] 5CA5FCF8A181E67C59A5A6D753BC7CEB
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JRU7QA34\conlogotr_search_conduit_com[1].gif --a---- 43 bytes [04:17 01/01/2012] [04:17 01/01/2012] DB04C7B378CB2DB912C3BA8A5A774EE3
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JRU7QA34\conlogotr_search_conduit_com[2].gif --a---- 43 bytes [05:49 01/01/2012] [05:49 01/01/2012] DB04C7B378CB2DB912C3BA8A5A774EE3
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JRU7QA34\conlogotr_search_conduit_com[3].gif --a---- 43 bytes [01:35 02/01/2012] [01:35 02/01/2012] DB04C7B378CB2DB912C3BA8A5A774EE3
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JRU7QA34\contextmenu_toolbar_conduit-services_com[1].xml --a---- 7042 bytes [01:09 01/01/2012] [01:09 01/01/2012] C159A6BEAA8E32AAEFE7172DD5C2481E
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JRU7QA34\contextmenu_toolbar_conduit-services_com[2].xml --a---- 5520 bytes [01:09 01/01/2012] [01:09 01/01/2012] D2E48F631F8A9768E9BBCB0964C7878F
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JRU7QA34\contextmenu_toolbar_conduit-services_com[3].xml --a---- 5519 bytes [01:33 02/01/2012] [01:33 02/01/2012] 2B856ABBDD6E033594465C4945D5C93A
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JRU7QA34\translation_toolbar_conduit-services_com[1].txt --a---- 93936 bytes [01:09 01/01/2012] [01:09 01/01/2012] 6FAB2521997A5B54C88F169B77795EE3
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K49FI39N\conduit[1].htm --a---- 203 bytes [02:47 01/01/2012] [02:47 01/01/2012] 5CA5FCF8A181E67C59A5A6D753BC7CEB
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K49FI39N\conduit[2].htm --a---- 203 bytes [01:35 02/01/2012] [01:35 02/01/2012] 5CA5FCF8A181E67C59A5A6D753BC7CEB
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K49FI39N\conduit[3].htm --a---- 203 bytes [02:31 02/01/2012] [02:31 02/01/2012] 5CA5FCF8A181E67C59A5A6D753BC7CEB
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K49FI39N\settings_engine_conduit-services_com[1].txt --a---- 3792 bytes [01:09 01/01/2012] [01:09 01/01/2012] DCDE161D428E08C799B9C7F20B17EB95
    C:\Users\Guest\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1178763_1174448_US.xml --a---- 179 bytes [04:11 01/01/2012] [06:04 02/01/2012] F7598DCC137C5BC7A12A1A69CF63D58D
    C:\Users\Guest\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_US.xml --a---- 191 bytes [04:11 01/01/2012] [06:04 02/01/2012] 43C93B80235159F037CEA9A173922F92
    C:\Users\Guest\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_2_7_3.xml --a---- 10909 bytes [01:09 01/01/2012] [01:14 02/01/2012] 1B3B574AA349758343D3C80787B9739E
    C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png --a---- 821 bytes [01:09 01/01/2012] [01:09 01/01/2012] 99D5F75C338F2A877CBF891E0F18746E
    C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png --a---- 729 bytes [01:09 01/01/2012] [01:09 01/01/2012] F2291FAB46ED9291A1A2FFE9F88E9D84
    C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png --a---- 531 bytes [01:09 01/01/2012] [01:09 01/01/2012] A847C5F6CE2C700048749892DD2E0619
    C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png --a---- 669 bytes [01:10 01/01/2012] [01:10 01/01/2012] FED9E00C76F647EE6A0B7CC684C89F0C
    C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png --a---- 263 bytes [02:45 01/01/2012] [02:45 01/01/2012] 36BD416D16391EFAAAFB2C3C54EAE986
    C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png --a---- 734 bytes [01:09 01/01/2012] [01:09 01/01/2012] 943ADFD9E0DF1507F7BC419802BF4303
    C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png --a---- 562 bytes [01:09 01/01/2012] [01:09 01/01/2012] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
    C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveLeft_png.png --a---- 610 bytes [01:10 01/01/2012] [01:10 01/01/2012] 68E9E9252E45ED7BD51B8680E8DD4462
    C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveRight_png.png --a---- 606 bytes [01:10 01/01/2012] [01:10 01/01/2012] 8D8D187BA99DBEF76E4286668B474A4E
    C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png --a---- 493 bytes [01:09 01/01/2012] [01:09 01/01/2012] 275C9DA2D536F18F528C80E050C3D705
    C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png --a---- 706 bytes [01:09 01/01/2012] [01:09 01/01/2012] 3AD88BD8E832DA39FAAEDF07AD595F94
    C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png --a---- 674 bytes [01:09 01/01/2012] [01:09 01/01/2012] 650731EEF807C292E699779B12CBE552
    C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png --a---- 696 bytes [01:09 01/01/2012] [01:09 01/01/2012] 70D43EC3F4BD7C10D5534EFCEC6D7AE5
    C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png --a---- 607 bytes [01:09 01/01/2012] [01:09 01/01/2012] 9B4D914888BCFFCBAE6757A0E450551C
    C:\Users\Guest\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu&locale=en-us.xml --a---- 6560 bytes [01:08 01/01/2012] [18:32 25/11/2010] 68451D444D8AF7483B9A5A6A244B9540
    C:\Users\Guest\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu2_0&locale=en-us.xml --a---- 6819 bytes [01:09 01/01/2012] [01:09 02/01/2012] A278FCD81E7E9E287A0F8BB1C89CD2C6
    C:\Users\Guest\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu&locale=en-us.xml --a---- 4013 bytes [01:08 01/01/2012] [18:32 25/11/2010] 2185FA6EB24E54A78F1913C33B5408BC
    C:\Users\Guest\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu2_0&locale=en-us.xml --a---- 4475 bytes [01:09 01/01/2012] [01:09 02/01/2012] 74F81E98677EB434ADD4BC697F677185
    C:\Users\Guest\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\Q6AGH7NT\cap1.conduit-apps[1].xml --a---- 13 bytes [01:09 01/01/2012] [01:09 01/01/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634215803994037500_png.png --a---- 752 bytes [01:08 01/01/2012] [01:08 01/01/2012] 0FF53562D6B8E9DE569945DBD55270D8
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634215829629975000_png.png --a---- 663 bytes [01:08 01/01/2012] [01:08 01/01/2012] 79F3F686A6C47867DD7EEE27EF1F2F96
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634219291587531250_png.png --a---- 861 bytes [01:08 01/01/2012] [01:08 01/01/2012] A276631C543FF46289E60346DB096F6F
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634220946896281250_png.png --a---- 633 bytes [01:08 01/01/2012] [01:08 01/01/2012] 51EA87AFACA1E0861BE32ACF0A70FCA5
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634226715423943750_png.png --a---- 679 bytes [01:08 01/01/2012] [01:08 01/01/2012] 35CC663FEF2BA24D110D83F7E7BC13FA
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634244832697856250_png.png --a---- 1190 bytes [01:08 01/01/2012] [01:08 01/01/2012] 882670329B254795D93AC1F9B2FB0D53
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_SearchActivationButton-go_but01_gif-General-634220918830656250_gif.gif --a---- 291 bytes [01:08 01/01/2012] [01:08 01/01/2012] 47169130441835D901EC4A4A4C1D8135
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png --a---- 821 bytes [02:45 01/01/2012] [02:45 01/01/2012] 99D5F75C338F2A877CBF891E0F18746E
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png --a---- 729 bytes [02:45 01/01/2012] [02:45 01/01/2012] F2291FAB46ED9291A1A2FFE9F88E9D84
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png --a---- 531 bytes [02:45 01/01/2012] [02:45 01/01/2012] A847C5F6CE2C700048749892DD2E0619
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png --a---- 669 bytes [02:45 01/01/2012] [02:45 01/01/2012] FED9E00C76F647EE6A0B7CC684C89F0C
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png --a---- 263 bytes [02:45 01/01/2012] [02:45 01/01/2012] 36BD416D16391EFAAAFB2C3C54EAE986
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png --a---- 734 bytes [02:45 01/01/2012] [02:45 01/01/2012] 943ADFD9E0DF1507F7BC419802BF4303
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png --a---- 562 bytes [02:45 01/01/2012] [02:45 01/01/2012] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png --a---- 493 bytes [02:45 01/01/2012] [02:45 01/01/2012] 275C9DA2D536F18F528C80E050C3D705
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png --a---- 706 bytes [02:45 01/01/2012] [02:45 01/01/2012] 3AD88BD8E832DA39FAAEDF07AD595F94
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png --a---- 674 bytes [02:45 01/01/2012] [02:45 01/01/2012] 650731EEF807C292E699779B12CBE552
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png --a---- 696 bytes [02:45 01/01/2012] [02:45 01/01/2012] 70D43EC3F4BD7C10D5534EFCEC6D7AE5
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___Storage_conduit_com_BankImages_ConduitEngine_ContextMenu_Upgrade_png.png --a---- 607 bytes [02:45 01/01/2012] [02:45 01/01/2012] 9B4D914888BCFFCBAE6757A0E450551C
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Events_png.png --a---- 705 bytes [02:45 01/01/2012] [02:45 01/01/2012] 70B83DCDF7A6FA34240E1AA1D23EE535
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Friends_png.png --a---- 746 bytes [02:45 01/01/2012] [02:45 01/01/2012] 2AE805114215925E00858FD2FEFF1439
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Groups_png.png --a---- 669 bytes [02:45 01/01/2012] [02:45 01/01/2012] 6CFEA2D0DB786FDB4D72C1C1DE036822
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Home_png.png --a---- 338 bytes [02:45 01/01/2012] [02:45 01/01/2012] DB45ACA16C515F2FD8CB3B6F5E4FC386
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Inbox_png.png --a---- 545 bytes [02:45 01/01/2012] [02:45 01/01/2012] 6EB69BFCBFD422247C103705B532BFE1
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Logout_png.png --a---- 514 bytes [02:45 01/01/2012] [02:45 01/01/2012] 7F396C3A400239B9B66DEC2D503D86BB
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Photos_png.png --a---- 3355 bytes [02:45 01/01/2012] [02:45 01/01/2012] EC261A170D34BE434129E71B9C2C0408
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Profile_png.png --a---- 594 bytes [02:45 01/01/2012] [02:45 01/01/2012] 62C86296694EF7F41D380804A58EF5CA
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Settings_png.png --a---- 415 bytes [02:45 01/01/2012] [02:45 01/01/2012] E42D284CC0436B66C1DB4AAFFCCC1957
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Share_png.png --a---- 461 bytes [02:45 01/01/2012] [02:45 01/01/2012] B4AEAC6600360BC4148538F716453AAC
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Status_png.png --a---- 699 bytes [02:45 01/01/2012] [02:45 01/01/2012] 640E17444F44717CA5039BCB7FD3551E
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif --a---- 403 bytes [01:09 01/01/2012] [01:09 01/01/2012] EC3C2B4E0DEC4D880BAFF88ABBF94188
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif --a---- 414 bytes [01:09 01/01/2012] [01:09 01/01/2012] A9E001CBC00B06B121DFBC80707F5298
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif --a---- 278 bytes [01:09 01/01/2012] [01:09 01/01/2012] 15DEF39E438E807E2F0E22D44FDC7FB7
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif --a---- 405 bytes [01:09 01/01/2012] [01:09 01/01/2012] 995595D4C685D659E8F03CD0A287EDDF
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif --a---- 405 bytes [01:09 01/01/2012] [01:09 01/01/2012] AA39D8A6B65E208901EBA9F3D4728D3E
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif --a---- 361 bytes [02:45 01/01/2012] [02:45 01/01/2012] 464E244E7E2F27FB85E0C3AB69D72104
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif --a---- 425 bytes [01:09 01/01/2012] [01:09 01/01/2012] 6427565C7105DC497287866100F260BB
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif --a---- 381 bytes [01:09 01/01/2012] [01:09 01/01/2012] AE7C9F67594A84B096D225601ACB0B2A
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif --a---- 351 bytes [02:45 01/01/2012] [02:45 01/01/2012] C3EBA0237D68F665AF6D663906221092
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif --a---- 392 bytes [01:09 01/01/2012] [01:09 01/01/2012] 5E7217A3357550F9749A095631F51015
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif --a---- 399 bytes [01:09 01/01/2012] [01:09 01/01/2012] 8BE02D510B4B2E05AD2611B1E9A0BD56
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif --a---- 405 bytes [01:09 01/01/2012] [01:09 01/01/2012] 66018EAE0906C9831A821CAE5D1089BB
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif --a---- 371 bytes [01:09 01/01/2012] [01:09 01/01/2012] 84896837EDB1A78C14DB6A2F3A0AEE3A
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif --a---- 322 bytes [01:09 01/01/2012] [01:09 01/01/2012] 948781E4B6478290050ECA4423B89B1E
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif --a---- 606 bytes [01:10 01/01/2012] [01:10 01/01/2012] 2A1D4FB45F62D3D260F2134228FAB05E
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif --a---- 240 bytes [01:09 01/01/2012] [01:09 01/01/2012] AE5A39669C623937C0839E079E1088D5
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif --a---- 335 bytes [01:09 01/01/2012] [01:09 01/01/2012] 766433EF38BDA83C4FD4932027A4B9D5
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633826753881225000_png.png --a---- 1238 bytes [01:08 01/01/2012] [01:08 01/01/2012] 36AF2F0ED92774CAFC81516A143F15C9
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633826758646068750_png.png --a---- 1238 bytes [01:08 01/01/2012] [01:08 01/01/2012] 36AF2F0ED92774CAFC81516A143F15C9
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827552376087500_png.png --a---- 1209 bytes [01:08 01/01/2012] [01:08 01/01/2012] C48497E1806503750A9942E11DF24D6F
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827552502181250_png.png --a---- 1199 bytes [01:09 01/01/2012] [01:09 01/01/2012] A1FD6E124B43657A31CDF749AC4BFC3A
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827552614056250_png.png --a---- 1127 bytes [01:08 01/01/2012] [01:08 01/01/2012] 55DD7E8CE32CD69B7594AD173F3C21BC
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827552723118750_png.png --a---- 1214 bytes [01:09 01/01/2012] [01:09 01/01/2012] 7E4465251C69FC1893A66CD62B968D2B
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827565870150000_png.png --a---- 1209 bytes [01:08 01/01/2012] [01:08 01/01/2012] C48497E1806503750A9942E11DF24D6F
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_633827655684775000_png.png --a---- 1199 bytes [01:08 01/01/2012] [01:08 01/01/2012] A1FD6E124B43657A31CDF749AC4BFC3A
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_634161798257141250_png.png --a---- 1108 bytes [01:08 01/01/2012] [01:08 01/01/2012] D3F59A757505809B67E19367BD8663D2
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_634161799307581250_png.png --a---- 1188 bytes [01:08 01/01/2012] [01:08 01/01/2012] 212028E46D8DB0FBBEF7F095105E6ED0
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Images_634161801077882500_png.png --a---- 1102 bytes [01:09 01/01/2012] [01:09 01/01/2012] 5BE48357BFC5718F7A1FAC614E43E1D4
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___storage_conduit_com_MarketPlace_b9_e6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Appearance_634161804982048752_png.png --a---- 977 bytes [01:08 01/01/2012] [01:08 01/01/2012] 9707F0FD36497409796431CE1BB23DBF
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_big_gif.gif --a---- 1318 bytes [00:31 02/01/2012] [00:31 02/01/2012] E68D03F681101CF6A643FE70B2B7021F
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_gif.gif --a---- 173 bytes [00:29 02/01/2012] [00:29 02/01/2012] E509575F473727B14C87367068C42353
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_big_gif.gif --a---- 1423 bytes [00:31 02/01/2012] [00:31 02/01/2012] EC789DFB1FA2BEC3C4BB90E726CA76E1
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif --a---- 259 bytes [01:09 01/01/2012] [01:09 01/01/2012] 110EC9BCA8470D6488B626EA28914A6C
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml --a---- 7042 bytes [01:09 01/01/2012] [01:33 02/01/2012] C159A6BEAA8E32AAEFE7172DD5C2481E
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml --a---- 5520 bytes [01:09 01/01/2012] [01:33 02/01/2012] D2E48F631F8A9768E9BBCB0964C7878F
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml --a---- 6586 bytes [01:08 01/01/2012] [01:33 02/01/2012] 0DC95CF28A384D3BFBFA60244A55125A
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml --a---- 5519 bytes [01:08 01/01/2012] [01:33 02/01/2012] 2B856ABBDD6E033594465C4945D5C93A
    C:\Users\Jimmy\Documents\Cell Cases\iPad Enclosure Files\3.5mm TRRS cables\Alan - tested and working RE TRRS 3.5mm male to TRRS 3.5mm female (both right angles) 4 conduit cable - Stereo Audio Cable.htm --a---- 45672 bytes [16:43 15/05/2012] [16:43 15/05/2012] 39EE1E34CC3380B456FD4A6ACD53323F
    C:\Users\Jimmy\Documents\Cell Cases\iPad Enclosure Files\Patent\nCLOSE 3.5mm TRRS right angle male to 3.5mm TRRS right angle female - 4 Conduit - specs .pdf --a---- 29148 bytes [21:08 17/10/2012] [21:08 17/10/2012] 563FD07D803EC234E12888DA319DB408
    C:\Users\Jimmy\Documents\Cell Cases\iPad Enclosure Files\Patent\nCLOSE 3.5mm TRRS right angle male to 3.5mm TRRS right angle female - 4 conduit schematic.pdf --a---- 225386 bytes [21:09 17/10/2012] [21:10 17/10/2012] 9A89BFC7BAECE1D42DA2E00F897D4E14
    C:\Users\Jimmy\Documents\Cell Cases\iPad Enclosure Files\Patent\nCLOSE-3.5MM-RIGHT-ANGLE-MALE-TRRS-TO-3.5MM-FEMALE-TRRS---4-CONDUIT-.jpg --a---- 138613 bytes [21:06 17/10/2012] [21:06 17/10/2012] FE34A34AE8718C7601707F0099934239
    C:\Users\Jimmy\Documents\Cell Cases\iPad Enclosure Files\Patent\nCLOSE-3.5MM-RIGHT-ANGLE-MALE-TRRS-TO-3.5MM-FEMALE-TRRS---4-CONDUIT.log --a---- 223 bytes [04:51 19/10/2012] [04:51 19/10/2012] EA18BD43C90F62147091E6690633A11F
    C:\Users\Jimmy\Documents\Cell Cases\Suppliers\Chinese Manufacturers\Audio Cables\Alan - RE TRRS 3.5mm male to TRRS 3.5mm female (both right angles) 4 conduit cable - Stereo Audio Cable.msg --a---- 56320 bytes [16:46 24/05/2012] [16:46 24/05/2012] 09547CCBB9ABB2DC20021A90EB577ED6
    C:\Users\Jimmy\Documents\Cell Cases\Suppliers\Chinese Manufacturers\Audio Cables\RE TRRS 3.5mm male to TRRS 3.5mm female (both right angles) 4 conduit cable - Stereo Audio Cable.msg --a---- 56320 bytes [16:45 24/05/2012] [16:45 24/05/2012] 5CF3B250A1ED55970D0E97F0AF5D55C2
    C:\Users\Jimmy\Documents\Cell Cases\Suppliers\Chinese Manufacturers\Audio Cables\Rosie\nCLOSE 3.5mm TRRS right angle male to 3.5mm TRRS right angle female - 4 Conduit - specs .pdf --a---- 29148 bytes [21:12 17/10/2012] [21:08 17/10/2012] 563FD07D803EC234E12888DA319DB408
    C:\Users\Jimmy\Documents\Cell Cases\Suppliers\Chinese Manufacturers\Audio Cables\Rosie\nCLOSE 3.5mm TRRS right angle male to 3.5mm TRRS right angle female - 4 conduit schematic.pdf --a---- 225386 bytes [21:12 17/10/2012] [21:10 17/10/2012] 9A89BFC7BAECE1D42DA2E00F897D4E14
    C:\Users\Jimmy\Documents\Cell Cases\Suppliers\Chinese Manufacturers\Audio Cables\Rosie\nCLOSE-3.5MM-RIGHT-ANGLE-MALE-TRRS-TO-3.5MM-FEMALE-TRRS---4-CONDUIT-.jpg --a---- 138613 bytes [21:12 17/10/2012] [21:06 17/10/2012] FE34A34AE8718C7601707F0099934239
    C:\Windows\assembly\GAC_MSIL\Act.Devices.Conduit.Config\12.1.181.0__ebf6b2ff4d0a08aa\Act.Devices.Conduit.Config.dll --a---- 36864 bytes [22:38 29/03/2010] [22:38 29/03/2010] F80F12BB30783E9ABCD4C93C7066624F
    C:\Windows\assembly\GAC_MSIL\Act.Devices.Conduit.Records\12.1.181.0__ebf6b2ff4d0a08aa\Act.Devices.Conduit.Records.dll --a---- 241664 bytes [22:38 29/03/2010] [22:38 29/03/2010] A91E2E5F7D7095FDC6C817F87A2D0419
    C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Devices.Conduit#\3113fae661abefdbc44f99c32155ca65\Act.Devices.Conduit.Config.ni.dll --a---- 64000 bytes [11:45 12/01/2013] [11:45 12/01/2013] BABC6C8BA9A05654BC527E2B2CEB5C3D
    C:\Windows\assembly\NativeImages_v2.0.50727_32\Act.Devices.Conduit#\6f0f44243bc3e644dff06b9d57b8c7ab\Act.Devices.Conduit.Records.ni.dll --a---- 646656 bytes [11:45 12/01/2013] [11:45 12/01/2013] 647B421E5D84D45A44AAB688B3AC53FE

    Searching for "*pricegong*.*"
    No files found.

    ========== regfind ==========

    Searching for "utorrent"
    [HKEY_CURRENT_USER\Software\BitTorrent\uTorrent]
    [HKEY_CURRENT_USER\Software\FLEXnet\Connect\db\uTorrent.ini]
    [HKEY_CURRENT_USER\Software\FLEXnet\Connect\db\uTorrentBar Toolbar.ini]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"=""C:\Program Files (x86)\uTorrent\uTorrent.exe""
    [HKEY_CURRENT_USER\Software\Classes\.btapp\DefaultIcon]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe",0"
    [HKEY_CURRENT_USER\Software\Classes\.btapp\shell\open\command]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
    [HKEY_CURRENT_USER\Software\Classes\.btinstall\DefaultIcon]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe",0"
    [HKEY_CURRENT_USER\Software\Classes\.btinstall\shell\open\command]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
    [HKEY_CURRENT_USER\Software\Classes\.btsearch]
    @="uTorrent"
    [HKEY_CURRENT_USER\Software\Classes\.btsearch\OpenWithProgids]
    "uTorrent"=""
    [HKEY_CURRENT_USER\Software\Classes\.btskin\DefaultIcon]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe",0"
    [HKEY_CURRENT_USER\Software\Classes\.btskin\shell\open\command]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
    [HKEY_CURRENT_USER\Software\Classes\.torrent]
    @="uTorrent"
    [HKEY_CURRENT_USER\Software\Classes\.torrent\OpenWithProgids]
    "uTorrent"=""
    [HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe]
    [HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe\shell\open\command]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\uTorrent\uTorrent.exe"="µTorrent"
    [HKEY_CURRENT_USER\Software\Classes\Magnet\DefaultIcon]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe",0"
    [HKEY_CURRENT_USER\Software\Classes\Magnet\shell\open\command]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
    [HKEY_CURRENT_USER\Software\Classes\uTorrent]
    [HKEY_CURRENT_USER\Software\Classes\uTorrent\DefaultIcon]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe",0"
    [HKEY_CURRENT_USER\Software\Classes\uTorrent\shell\open\command]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
    "item"="uTorrent"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent]
    "command"=""C:\Program Files (x86)\uTorrent\uTorrent.exe""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASAPI32]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASMANCS]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent]
    "DisplayIcon"="C:\Program Files (x86)\uTorrent\uTorrent.exe,0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent]
    "UninstallString"=""C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent]
    "InstallLocation"="C:\Program Files (x86)\uTorrent"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent]
    "URLInfoAbout"="http://www.utorrent.com"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "TCP Query User{64F0F725-A466-4A23-8357-925C5A824C9C}C:\program files (x86)\utorrent\utorrent.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Defer=User|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "UDP Query User{06824C8D-D06F-444A-9F99-BEF9B0389D59}C:\program files (x86)\utorrent\utorrent.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Defer=User|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{AE5C90FB-C0B3-499F-B8ED-D635AAAA1AC3}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{6BC72A9C-02FB-4E8E-A473-74D878D4424E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "TCP Query User{64F0F725-A466-4A23-8357-925C5A824C9C}C:\program files (x86)\utorrent\utorrent.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Defer=User|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "UDP Query User{06824C8D-D06F-444A-9F99-BEF9B0389D59}C:\program files (x86)\utorrent\utorrent.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Defer=User|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{AE5C90FB-C0B3-499F-B8ED-D635AAAA1AC3}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{6BC72A9C-02FB-4E8E-A473-74D878D4424E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "TCP Query User{64F0F725-A466-4A23-8357-925C5A824C9C}C:\program files (x86)\utorrent\utorrent.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\program files (x86)\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Defer=User|"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "UDP Query User{06824C8D-D06F-444A-9F99-BEF9B0389D59}C:\program files (x86)\utorrent\utorrent.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\program files (x86)\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Defer=User|"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{AE5C90FB-C0B3-499F-B8ED-D635AAAA1AC3}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{6BC72A9C-02FB-4E8E-A473-74D878D4424E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|"
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\BitTorrent\uTorrent]
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\FLEXnet\Connect\db\uTorrent.ini]
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\FLEXnet\Connect\db\uTorrentBar Toolbar.ini]
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"=""C:\Program Files (x86)\uTorrent\uTorrent.exe""
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Classes\.btapp\DefaultIcon]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe",0"
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Classes\.btapp\shell\open\command]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Classes\.btinstall\DefaultIcon]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe",0"
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Classes\.btinstall\shell\open\command]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Classes\.btsearch]
    @="uTorrent"
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Classes\.btsearch\OpenWithProgids]
    "uTorrent"=""
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Classes\.btskin\DefaultIcon]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe",0"
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Classes\.btskin\shell\open\command]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Classes\.torrent]
    @="uTorrent"
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Classes\.torrent\OpenWithProgids]
    "uTorrent"=""
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Classes\Applications\uTorrent.exe]
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Classes\Applications\uTorrent.exe\shell\open\command]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\uTorrent\uTorrent.exe"="µTorrent"
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Classes\Magnet\DefaultIcon]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe",0"
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Classes\Magnet\shell\open\command]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Classes\uTorrent]
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Classes\uTorrent\DefaultIcon]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe",0"
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Classes\uTorrent\shell\open\command]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001_Classes\.btapp\DefaultIcon]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe",0"
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001_Classes\.btapp\shell\open\command]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001_Classes\.btinstall\DefaultIcon]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe",0"
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001_Classes\.btinstall\shell\open\command]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001_Classes\.btsearch]
    @="uTorrent"
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001_Classes\.btsearch\OpenWithProgids]
    "uTorrent"=""
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001_Classes\.btskin\DefaultIcon]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe",0"
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001_Classes\.btskin\shell\open\command]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001_Classes\.torrent]
    @="uTorrent"
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001_Classes\.torrent\OpenWithProgids]
    "uTorrent"=""
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001_Classes\Applications\uTorrent.exe]
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001_Classes\Applications\uTorrent.exe\shell\open\command]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\uTorrent\uTorrent.exe"="µTorrent"
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001_Classes\Magnet\DefaultIcon]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe",0"
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001_Classes\Magnet\shell\open\command]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001_Classes\uTorrent]
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001_Classes\uTorrent\DefaultIcon]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe",0"
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001_Classes\uTorrent\shell\open\command]
    @=""C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""

    Searching for "conduit"
    [HKEY_CURRENT_USER\Software\Adobe\Acrobat Distiller\PrinterJobControl]
    "7c6022a6"="C:\Users\Jimmy\Documents\Cell Cases\iPad Enclosure Files\Patent\nCLOSE-3.5MM-RIGHT-ANGLE-MALE-TRRS-TO-3.5MM-FEMALE-TRRS---4-CONDUIT.pdf"
    [HKEY_CURRENT_USER\Software\Adobe\Acrobat Distiller\PrinterJobControl]
    "C:\Users\Jimmy\Documents\Cell Cases\iPad Enclosure Files\Patent\nCLOSE-3.5MM-RIGHT-ANGLE-MALE-TRRS-TO-3.5MM-FEMALE-TRRS---4-CONDUIT.pdf"="6"
    [HKEY_CURRENT_USER\Software\SolidWorks\SolidWorks 2011 Viewer\Routing]
    "Routing Conduit Coupling Name"=""
    [HKEY_CURRENT_USER\Software\SolidWorks\SolidWorks 2011 Viewer\Routing]
    "Routing Conduit Coupling Config"=""
    [HKEY_CURRENT_USER\Software\SolidWorks\SolidWorks 2011 Viewer\Routing]
    "Routing Conduit Name"=""
    [HKEY_CURRENT_USER\Software\SolidWorks\SolidWorks 2011 Viewer\Routing]
    "Routing Conduit Config"=""
    [HKEY_CURRENT_USER\Software\SolidWorks\SolidWorks 2011 Viewer\Routing]
    "Routing Conduit Elbow Config "=""
    [HKEY_CURRENT_USER\Software\SolidWorks\SolidWorks 2011 Viewer\Routing]
    "Routing Conduit Elbow Name "=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global]
    "Act.Devices.Conduit.Config,Version="12.1.181.0",ProcessorArchitecture="MSIL",PublicKeyToken="EBF6B2FF4D0A08AA",Culture="neutral",FileVersion="65535.0.0.0""="99$MDZa{g903VoZ7'Pl&ACT_Windows>JaIkO!j.}=$SLW$bXe^w"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global]
    "Act.Devices.Conduit.Records,Version="12.1.181.0",ProcessorArchitecture="MSIL",PublicKeyToken="EBF6B2FF4D0A08AA",Culture="neutral",FileVersion="65535.0.0.0""="99$MDZa{g903VoZ7'Pl&ACT_Windows>C!aij[)?r86^e5wU,ci0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\12a295d4\79d5029c\115]
    "DisplayName"="Act.Devices.Conduit.Config,12.1.181.0,,ebf6b2ff4d0a08aa"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6f52d0da\33d6c2b3\114]
    "DisplayName"="Act.Devices.Conduit.Records,12.1.181.0,,ebf6b2ff4d0a08aa"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\25843f5f\12a295d4\1c8]
    "DisplayName"="Act.Devices.Conduit.Config,12.1.181.0,,ebf6b2ff4d0a08aa"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\65b39266\6f52d0da\1c7]
    "DisplayName"="Act.Devices.Conduit.Records,12.1.181.0,,ebf6b2ff4d0a08aa"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
    "AE48807DEC2E935419BD7466CCE1F5F5"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\AE48807DEC2E935419BD7466CCE1F5F5]
    "File"="iSyncConduit.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42666CB751A7E774088F8D40482C7A4F]
    "4EE597857FCF4A345A6F62E9960DDCB0"="<\Act.Devices.Conduit.Config,Version="12.1.181.0",ProcessorArchitecture="MSIL",PublicKeyToken="EBF6B2FF4D0A08AA",Culture="neutral",FileVersion="65535.0.0.0""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42666CB751A7E774088F8D40482C7A4F\4EE597857FCF4A345A6F62E9960DDCB0]
    "File"="act.devices.conduit.config.d"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4C89B9CC9BAF8E042BA6653F0AB54B72]
    "4EE597857FCF4A345A6F62E9960DDCB0"="<\Act.Devices.Conduit.Records,Version="12.1.181.0",ProcessorArchitecture="MSIL",PublicKeyToken="EBF6B2FF4D0A08AA",Culture="neutral",FileVersion="65535.0.0.0""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4C89B9CC9BAF8E042BA6653F0AB54B72\4EE597857FCF4A345A6F62E9960DDCB0]
    "File"="act.devices.conduit.records."
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727\NGENService\Roots\Act.Devices.Conduit.Config, Version=12.1.181.0, Culture=neutral, PublicKeyToken=ebf6b2ff4d0a08aa, processorArchitecture=MSIL]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727\NGENService\Roots\Act.Devices.Conduit.Records, Version=12.1.181.0, Culture=neutral, PublicKeyToken=ebf6b2ff4d0a08aa, processorArchitecture=MSIL]
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Adobe\Acrobat Distiller\PrinterJobControl]
    "7c6022a6"="C:\Users\Jimmy\Documents\Cell Cases\iPad Enclosure Files\Patent\nCLOSE-3.5MM-RIGHT-ANGLE-MALE-TRRS-TO-3.5MM-FEMALE-TRRS---4-CONDUIT.pdf"
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\Adobe\Acrobat Distiller\PrinterJobControl]
    "C:\Users\Jimmy\Documents\Cell Cases\iPad Enclosure Files\Patent\nCLOSE-3.5MM-RIGHT-ANGLE-MALE-TRRS-TO-3.5MM-FEMALE-TRRS---4-CONDUIT.pdf"="6"
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\SolidWorks\SolidWorks 2011 Viewer\Routing]
    "Routing Conduit Coupling Name"=""
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\SolidWorks\SolidWorks 2011 Viewer\Routing]
    "Routing Conduit Coupling Config"=""
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\SolidWorks\SolidWorks 2011 Viewer\Routing]
    "Routing Conduit Name"=""
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\SolidWorks\SolidWorks 2011 Viewer\Routing]
    "Routing Conduit Config"=""
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\SolidWorks\SolidWorks 2011 Viewer\Routing]
    "Routing Conduit Elbow Config "=""
    [HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\SolidWorks\SolidWorks 2011 Viewer\Routing]
    "Routing Conduit Elbow Name "=""

    Searching for "pricegong"
    No data found.

    ========== dir ==========

    c:\programdata - Parameters: "(none)"

    ---Files---
    ezsidmv.dat --ah--- 56 bytes [04:12 08/03/2010] [04:12 08/03/2010]
    KGyGaAvL.sys --ahs-- 1786 bytes [22:59 02/03/2010] [04:25 04/01/2013]

    ---Folders---
    34BE82C4-E596-4e99-A191-52C6199EBF69 d------ [19:20 13/01/2013]
    Act d------ [23:00 02/03/2010]
    Adobe d------ [04:37 19/02/2010]
    Adobe Systems d------ [18:13 28/02/2010]
    Apple d------ [21:25 03/04/2010]
    Apple Computer d------ [21:26 03/04/2010]
    Application Data d--hs-- [05:08 14/07/2009]
    ATI d------ [14:26 25/02/2010]
    Brother d------ [00:20 11/05/2010]
    Cisco Systems d------ [02:44 25/09/2012]
    Citrix d------ [16:24 03/12/2012]
    ControlCenter4 d------ [22:28 21/12/2011]
    Creative d------ [04:54 19/02/2010]
    Creative Labs d------ [04:54 19/02/2010]
    CyberLink d------ [16:46 27/02/2010]
    DassaultSystemes d------ [02:38 26/11/2012]
    Dell d------ [04:34 19/02/2010]
    Desktop d--hs-- [05:08 14/07/2009]
    Documents d--hs-- [05:08 14/07/2009]
    DVD Shrink d------ [20:09 13/06/2010]
    eBay d------ [00:50 09/08/2010]
    ESET d------ [15:04 25/02/2010]
    Favorites d--hs-- [05:08 14/07/2009]
    FileCure d------ [16:55 09/04/2010]
    FileOpen d------ [17:00 12/08/2010]
    FLEXnet d------ [19:45 02/03/2010]
    InstallShield d------ [05:00 19/02/2010]
    Intel d------ [17:00 03/12/2012]
    LogiShrd d------ [17:38 04/03/2010]
    Logitech d------ [17:40 04/03/2010]
    LogMeIn d------ [04:59 20/04/2011]
    Malwarebytes d------ [16:55 14/07/2010]
    Maxtor d------ [19:37 07/03/2010]
    McAfee d------ [05:07 19/02/2010]
    Microsoft d------ [03:20 14/07/2009]
    Mozilla d------ [17:43 25/04/2012]
    Nero d------ [19:34 28/07/2010]
    Nuance d------ [22:14 21/12/2011]
    PCDr d------ [04:44 19/02/2010]
    Roxio d------ [05:01 19/02/2010]
    Sage Software, Inc d------ [22:57 02/03/2010]
    ScanSoft d------ [18:06 11/05/2010]
    Skype d------ [04:10 08/03/2010]
    Sonic d------ [05:02 19/02/2010]
    StarMicronics d------ [22:57 18/09/2012]
    Start Menu d--hs-- [05:08 14/07/2009]
    Sun d------ [15:28 30/04/2010]
    SUPERAntiSpyware.com d------ [01:56 05/01/2012]
    SupportSoft d------ [04:44 19/02/2010]
    TechSmith d------ [05:37 16/01/2013]
    Templates d--hs-- [05:08 14/07/2009]
    Uninstall d------ [05:03 19/02/2010]
    WebEx d------ [16:11 29/08/2011]
    WinZip d------ [23:13 25/02/2010]
    zeon d------ [22:16 21/12/2011]
    {232FC370-3714-4F10-BC93-DA33AA1D6D22} d------ [23:55 10/09/2012]
    {6B3B265C-2F8E-400E-B182-F45F189D7ECE} d------ [20:37 22/02/2012]
    {93E26451-CD9A-43A5-A2FA-C42392EA4001} d------ [23:43 03/04/2010]
    {C243CCC8-5474-45FC-A546-7FBC284A692E} d------ [23:55 10/09/2012]
    {F74FAF01-6ED9-4DAC-8BD2-E5F7C218B43C} d------ [23:55 10/09/2012]

    -= EOF =-
     
  12. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,665
    Thanks for the logs, also may have solved the reason for OTL freezing, so lets carry on :)



    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      Code:
      :Reg
      [-HKEY_CURRENT_USER\Software\FLEXnet\Connect\db\uTorrentBarToolbar.ini]
      [-HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\FLEXnet\Connect\db\uTorrentBarToolbar.ini]
      :Files
      C:\Users\Guest\AppData\LocalLow\uTorrentBar
      C:\Users\Guest\AppData\LocalLow\Conduit
      C:\Users\Guest\AppData\LocalLow\ConduitEngine
      C:\Users\Guest\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1178763_1174448_US.xml
      C:\Users\Guest\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_US.xml
      C:\Users\Guest\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_2_7_3.xml
      C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png
      C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
      C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
      C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
      C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png
      C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
      C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png
      C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveLeft_png.png
      C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveRight_png.png
      C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png
      C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
      C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
      C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png
      C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png
      C:\Users\Guest\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu&locale=en-us.xml
      C:\Users\Guest\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu2_0&locale=en-us.xml
      C:\Users\Guest\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu&locale=en-us.xml
      C:\Users\Guest\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu2_0&locale=en-us.xml
      C:\Users\Guest\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\Q6AGH7NT\cap1.conduit-apps[1].xml
      ipconfig /flushdns /c
      :Commands 
      [emptytemp] 
      [emptyjava]
      [EMPTYFLASH]
      [purity] 
      [CREATERESTOREPOINT] 
      [Reboot]
    • Then click the Run Fix button at the top
    • Click OK.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.


    -----------------

    Also, can you do this for me:

    Then, lets have a look at the Event logs.

    Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

    Reboot.

    • Please download the Event Viewer Tool by Vino Rosso:

      http://images.malwareremoval.com/vino/VEW.exe

      and save it to your Desktop.
    • Right-click VEW.exe and Run AS Administrator
    • Under Select log to query, select:

      System

    • Under Select type to list, select:

      * Error
      * Warning



      Then use the Number of events as follows:

    • Click the radio button for Number of events
    • Type 20 in the 1 to 20 box
      Then click the Run button.
      Notepad will open with the output log.

    Please post the Output log in your next reply then repeat but select Application.

    eddie
     
  13. spqr05

    spqr05 Thread Starter

    Joined:
    Dec 25, 2011
    Messages:
    130
    All processes killed
    ========== REGISTRY ==========
    Registry key HKEY_CURRENT_USER\Software\FLEXnet\Connect\db\uTorrentBarToolbar.ini\ not found.
    Registry key HKEY_USERS\S-1-5-21-383448877-2826582110-2547957227-1001\Software\FLEXnet\Connect\db\uTorrentBarToolbar.ini\ not found.
    ========== FILES ==========
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\SearchInNewTab folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\Rss folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_en\ToolbarTranslation folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_en folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarTranslation folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarSettings folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarLogin folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_CT2786678\AppsMetaData folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\Repository\conduit_CT2786678_CT2786678 folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\Repository folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\Logs folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\ExternalComponent folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\EmailNotifier folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\uTorrentBar\CacheIcons folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\uTorrentBar folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\Conduit\Toolbar\Facebook folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\Conduit\Toolbar folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\Conduit\Community Alerts\Log folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\Conduit\Community Alerts\Feeds folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\Conduit\Community Alerts folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\Conduit folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\ConduitEngine\MyStuffApps folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\ConduitEngine\Logs folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\ConduitEngine\ExternalComponent folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons folder moved successfully.
    C:\Users\Guest\AppData\LocalLow\ConduitEngine folder moved successfully.
    File\Folder C:\Users\Guest\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1178763_1174448_US.xml not found.
    File\Folder C:\Users\Guest\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_US.xml not found.
    File\Folder C:\Users\Guest\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_2_7_3.xml not found.
    File\Folder C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png not found.
    File\Folder C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png not found.
    File\Folder C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png not found.
    File\Folder C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png not found.
    File\Folder C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png not found.
    File\Folder C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png not found.
    File\Folder C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png not found.
    File\Folder C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveLeft_png.png not found.
    File\Folder C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_MoveRight_png.png not found.
    File\Folder C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png not found.
    File\Folder C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png not found.
    File\Folder C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png not found.
    File\Folder C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png not found.
    File\Folder C:\Users\Guest\AppData\LocalLow\ConduitEngine\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png not found.
    File\Folder C:\Users\Guest\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu&locale=en-us.xml not found.
    File\Folder C:\Users\Guest\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu2_0&locale=en-us.xml not found.
    File\Folder C:\Users\Guest\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu&locale=en-us.xml not found.
    File\Folder C:\Users\Guest\AppData\LocalLow\ConduitEngine\ExternalComponent\http___contextmenu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu2_0&locale=en-us.xml not found.
    C:\Users\Guest\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\Q6AGH7NT\cap1.conduit-apps[1].xml moved successfully.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Jimmy\Desktop\cmd.bat deleted successfully.
    C:\Users\Jimmy\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 52270451 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 940 bytes

    User: Jimmy
    ->Temp folder emptied: 75644377 bytes
    ->Temporary Internet Files folder emptied: 322807258 bytes
    ->Java cache emptied: 35 bytes
    ->FireFox cache emptied: 438472044 bytes
    ->Google Chrome cache emptied: 13660998 bytes
    ->Apple Safari cache emptied: 18604032 bytes
    ->Flash cache emptied: 4003 bytes

    User: Mary
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 405 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 132108823 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 72917 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
    RecycleBin emptied: 761053014 bytes

    Total Files Cleaned = 1,731.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Guest
    ->Java cache emptied: 0 bytes

    User: Jimmy
    ->Java cache emptied: 0 bytes

    User: Mary
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Jimmy
    ->Flash cache emptied: 0 bytes

    User: Mary
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 01272013_151852

    Files\Folders moved on Reboot...
    C:\Users\Jimmy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Windows\temp\PFB189.pdf not found!
    C:\Windows\temp\wbxtra_01272013_145343.wbt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...



    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 27/01/2013 3:39:46 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 27/01/2013 11:36:50 PM
    Type: Error Category: 0
    Event: 7000 Source: Service Control Manager
    The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

    Log: 'System' Date/Time: 27/01/2013 11:36:50 PM
    Type: Error Category: 0
    Event: 7009 Source: Service Control Manager
    A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

    Log: 'System' Date/Time: 27/01/2013 11:36:41 PM
    Type: Error Category: 0
    Event: 7011 Source: Service Control Manager
    A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

    Log: 'System' Date/Time: 27/01/2013 11:36:11 PM
    Type: Error Category: 0
    Event: 7011 Source: Service Control Manager
    A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

    Log: 'System' Date/Time: 27/01/2013 11:35:34 PM
    Type: Error Category: 0
    Event: 7026 Source: Service Control Manager
    The following boot-start or system-start driver(s) failed to load: RxFilter

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 27/01/2013 11:36:09 PM
    Type: Warning Category: 0
    Event: 1014 Source: Microsoft-Windows-DNS-Client
    Name resolution for the name inferno.demonoid.com timed out after none of the configured DNS servers responded.

    Log: 'System' Date/Time: 27/01/2013 11:35:13 PM
    Type: Warning Category: 0
    Event: 4 Source: k57nd60a
    Broadcom NetLink (TM) Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

    Log: 'System' Date/Time: 27/01/2013 11:35:09 PM
    Type: Warning Category: 212
    Event: 219 Source: Microsoft-Windows-Kernel-PnP
    The driver \Driver\WUDFRd failed to load for the device Root\STARMICRONICSORIGINAL\0000.

    Log: 'System' Date/Time: 27/01/2013 11:34:33 PM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.

    Log: 'System' Date/Time: 27/01/2013 11:34:33 PM
    Type: Warning Category: 0
    Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll


    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 27/01/2013 3:40:25 PM

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 27/01/2013 11:35:21 PM
    Type: Error Category: 0
    Event: 0 Source: ACT! Scheduler
    Service cannot be started. System.Exception: Unable to start scheduler service. ScheduledItems count is less than or equal to 0. at Act.Scheduler.SchedulerService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 27/01/2013 11:35:28 PM
    Type: Warning Category: 0
    Event: 3 Source: SQLBrowser
    The configuration of the AdminConnection\TCP protocol in the SQL instance ACT7 is not valid.
     
  14. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    35,665
    Can you run SystemLook again, but with the following code:


    Code:
    :file
    c:\program files\StarMicronics\TSP100\Software\20110922\portemu_umdf_tsp100.exe
    c:\program files\StarMicronics\TSP100\Software\20110922\tcpemu_tsp100lan.exe
    
    And post the log again :)


    ---------------

    Looking in the VEW log, this one caught my eye:

    Just out of curiosity (though I have a feeling it should be okay), can you check the back of the pc to make sure the cable is connected fully.

    I'll trim the startup programs as well, as that should help the computer be a bit smoother.






    The following is a list of all that you have running at startup. For those interested, its the 04 entries. The more you have, the slower your bootup to Windows will be, and you may have problems online, like slowness etc. I've put some explanation on what they are, in case you're curious.

    Don't worry, you're not uninstalling these, just preventing them loading at startup

    =======================

    egui - Related to ESET_Smart_Security. Keep

    IntelWireless - elated to Intel Corp. PRO/Set Wireless software. Keep

    Kernel and Hardware Abstraction Layer - Part of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint. Up to you

    LogMeIn GUI - RemotelyAnywhere is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phone. Up to you

    RunDLLEntry - Related to Creative Technology Inc. Soundblaster Audigy driver. Keep

    SynTPEnh - Synaptics touchpad tray icon. Displays status and provides quick launch to touchpad features such as scrolling and tap zones. Required on IBM Thinkpads with UnltraNav (pointstick and touchpad combo) if you don't want to loose the advanced pointstick features such as scroll. Up to you

    SysTrayApp - Related to Sigmatel Audio sound card. Not needed

    Acrobat Assistant 8.0 - Related to Acrobat_Assistant a process belonging to the Adobe Acrobat Traybar Assistant which provides a shortcut to additional configuration options for Adobe products. Up to you

    Adobe Acrobat Speed Launcher - Related to Adobe_Acrobat_Speed_Launcher This process speeds up the start up time for Adobe Acrobat Reader. You may want to remove this process to save resources if you rarely use Acrobat Reader. Up to you

    Adobe ARM - Related to Adobe Optimize and enable Adobe® Flash® Player 10 and Adobe AIR for ARM Powered® devices, ranging from mobile phones to set-top boxes, mobile Internet devices, televisions, automotive platforms, personal media players and other mobile computing devices. Also related to Adobe Reader's sandbox. Up to you

    AppleSyncNotifier - Related to Apple_Sync_Notifier Apple Mobile Device Service&#8221;. You really didn&#8217;t need it unless you had an iPhone or an iTouch iPod but that didn&#8217;t stop Apple from including it as an Service for all iTunes users. Not needed

    APSDaemon - Related to Apple Inc.Apple Application Support Daemon. Up to you

    BrMfcWnd - Related to Brother Scanner status monitor - can be started manually. Not needed

    BrStsMon00 - Related to Brother Industries, Ltd. Brother MFC printer application. Not needed

    ControlCenter3 - Related to Brother Brother scanner 'Control Center' application; can be started manually. Not needed

    ControlCenter4 - Related to Brother Industries,Ltd. Brother Control Center 4.0 interface enables you to create user profiles and customize your settings to make printing and scanning more efficient. Not needed

    FATrayAlert - Related to Sensible Vision Face recognition software. Keep

    IndexSearch - Associated with PaperPort scanner software from ScanSoft. Not needed

    iTunesHelper - Related to Apple's iTunes for Windows. Installed with Apple's iTunes for Windows. Keep

    mssSort - Related to Maxtor_Drag_and_Sort and provides additional configuration options for these devices. This program is a non-essential process, but should not be terminated unless suspected to be causing problems. Up to you

    mxomssmenu - Related to Maxtor backup utility manager. Up to you

    PaperPort PTD - "PaperPort" from ScanSoft now Nuance software associated with scanners. Not needed

    PDF5 Registry Controller - Related to PDF Professional from Nuance Communications, Inc. solution for instantly turning PDF files into fully- formatted documents, forms and spreadsheets, converts PDF files into documents. Up to you

    PDFHook - Related to PDF_Professional 013Z from Nuance Communications, Inc. For instantly turning PDF files into fully- formatted documents, forms and spreadsheets, converts PDF files into documents. Up to you

    PPort12reminder - Related to Paperport12/ Not needed

    QuickTime Task - System Tray access to Apple's "Quick Time" viewer from version 5 onwards. Not needed

    StartCCC - Related to ATI Technologies Inc. Puts the ATI Catalyst&#8482; Control Center Icon/Shortcut on the System Tray. Not needed

    SunJavaUpdateSched - Checks with Sun's Java updates site to see if newer Java versions are available. Visit http://java.sun.com or just run the Java Plug-In Control Panel. Up to you

    UpdReg - Reminder to register Creative Labs SoundBlaster Live! cards. Not needed

    VolPanel - Related to Creative Sound Blaster X-Fi. Up to you

    Akamai NetSession Interface - Related to Akamai Technologies The Akamai NetSession Interface is secure client-side networking technology that enhances networking protocols for delivery of software and media. Up to you

    Copernic Desktop Search - Home - Related to Copernic_Desktop_Search. Up to you

    uTorrent - Related to BitTorrent BitTorrent client for Windows sporting a very small footprint. It was designed to use as little cpu, memory and space as possible while offering all the functionality expected from advanced clients. Not needed

    "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" - Related to Dell Inc. DataSafe Local Backup 2.0 is able to restore a Dell computer to the original factory-installed configuration without erasing personal files and data. Keep

    Dropbox - Related to Dropbox Photo and video sharing online. Up to you

    FAXRX - Related to Brother Industries, Ltd. PC-FAX Receive driver. Up to you

    ===============================

    Okay, for the one's that say Not Needed, do this:

    Go to Start | Run and type MSCONFIG, and click OK. Startup tab. Untick the ones that are Not Needed, Apply and Restart. When Windows loads back up, you will have a popup box saying that the startup has been changed. Tick the little box to not appear again, and OK.

    For the Up To You ones, that's exactly that. Its your choice if you need them. One way to do this, is after you've done the above with the Not Needed, is to go back to MSCONFIG, and untick one of them. Reboot, and see if all your 'normal' programs work okay. If, for instance your µTorrent has a problem after unticking µTorrent, then just go back in, retick it, and restart.
     
  15. spqr05

    spqr05 Thread Starter

    Joined:
    Dec 25, 2011
    Messages:
    130
    FYI - the Ethernet disabled issue is this. Recently we changed the motherboard, wireless card, etc and even after I've uninstalled / installed the drivers I keep getting this message. It comes up every time my computer comes out of hibernation / sleep. It sometime will not close and I'm 99.9% of the time on wifi, so it's not actual LAN line but wifi. The message I see says, Wireless disabled (or something) and shows my wireless network bars; as if I disabled the wifi adapter itself.

    This is for a printer we use for our work so I hope it's not the Star printer.

    One other thing, I posted another computer report my sister has and I haven't received any help in about 8 days. Any way you can take a look at this or have someone re-que as she's definitely got some issues. Here's that post http://forums.techguy.org/virus-other-malware-removal/1086626-trojan-cannot-load-programs-exe.html

    SystemLook 30.07.11 by jpshortstuff
    Log created at 14:00 on 30/01/2013 by Jimmy
    Administrator - Elevation successful

    ========== file ==========

    c:\program files\StarMicronics\TSP100\Software\20110922\portemu_umdf_tsp100.exe - File found and opened.
    MD5: A6B72F40157E2A700202433869A4906B
    Created at 20:47 on 20/10/2011
    Modified at 20:47 on 20/10/2011
    Size: 203776 bytes
    Attributes: --a----
    FileDescription: TSP100 Virtual Port Emulator Service
    FileVersion: 0.3.256.256
    ProductVersion: 5.0.0.0
    OriginalFilename: portemu_umdf_tsp100.exe
    InternalName: portemu_umdf_tsp100.exe
    ProductName: Star TSP100 Product Software
    CompanyName: Star Micronics Co., Ltd.
    LegalCopyright: Copyright (C) Star Micronics Co.,Ltd. 2011

    c:\program files\StarMicronics\TSP100\Software\20110922\tcpemu_tsp100lan.exe - File found and opened.
    MD5: 18609C1DCB0183C4F27DAE0D295717F2
    Created at 20:50 on 20/10/2011
    Modified at 20:50 on 20/10/2011
    Size: 351744 bytes
    Attributes: --a----
    FileDescription: tcpemu_tsp100lan.exe
    FileVersion: 5.2.0.0
    ProductVersion: 5.2.0
    OriginalFilename: tcpemu_tsp100lan.exe
    InternalName: tcpemu_tsp100lan.exe
    ProductName: Virtual TCP/IP Port
    CompanyName: STAR MICRONICS CO,.LTD
    LegalCopyright: Copyright (C) 2011 STAR MICRONICS CO,.LTD
    Comments: Virtual TCP/IP Port Emulator for TSP100LAN

    -= EOF =-
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1083725

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice