Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

startup problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

startup problems

Unread postby drjpaulwede » February 18th, 2013, 6:31 pm

I am having frequent system crashes, followed by a restart to a blank screen, followed by a manual reboot to windows startup recovery tool. Malwarebytes is positive for PUPs. Getting a lot of pop ups. Thank you. DDS Log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.11.2
Run by Jennifer at 17:26:03 on 2013-02-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2309 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
C:\Users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\mfevtps.exe
C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Users\Jennifer\AppData\Roaming\HOOLAP~1\Hoolapp.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Users\Jennifer\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe
C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe
C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe
C:\Program Files (x86)\Java\jre7\bin\javaw.exe
C:\Users\Jennifer\AppData\Local\StrongVault\StrongVaultApp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Settings Alerter\Datamngr\datamngrUI.exe
C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
C:\Windows\system32\taskeng.exe
C:\Users\Jennifer\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT3272718
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: MixiDJ Toolbar: {c0c2693d-2ee8-47b4-9df7-b67a0ee31988} - C:\Program Files (x86)\MixiDJ\prxtbMixi.dll
mURLSearchHooks: MixiDJ Toolbar: {c0c2693d-2ee8-47b4-9df7-b67a0ee31988} - C:\Program Files (x86)\MixiDJ\prxtbMixi.dll
dURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: InfoAtoms: {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files (x86)\InfoAtoms\IE32\InfoAtomsClientIE.dll
BHO: Deal Vault: {11111111-1111-1111-1111-110111981166} - C:\Program Files (x86)\Deal Vault\Deal Vault.dll
BHO: CouponAmazing 5.0: {160B42B4-CBA6-4DB3-A316-00A3ADE3AEA0} - C:\Users\Jennifer\AppData\Local\couponamazing\ie\couponamazing_1360004687.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: AddLyrics: {4145006D-47F8-42F2-8186-2225AAFECDD3} - C:\Program Files (x86)\AddLyrics\AddLyrics.dll
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: MixiDJ Toolbar: {c0c2693d-2ee8-47b4-9df7-b67a0ee31988} - C:\Program Files (x86)\MixiDJ\prxtbMixi.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ShopAtHomeIEHelper Class: {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
BHO: DataMngr: {F2D6C718-7E52-428E-8852-365C4B1A6E36} - C:\Program Files (x86)\Settings Alerter\Datamngr\BrowserConnection.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: ShopAtHome Toolbar: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: ShopAtHome Toolbar: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll
TB: PasswordBox: {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
TB: MixiDJ Toolbar: {c0c2693d-2ee8-47b4-9df7-b67a0ee31988} - C:\Program Files (x86)\MixiDJ\prxtbMixi.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [HP Photosmart 6510 series (NET)] "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1AS4128G05QB:NW" -scfn "HP Photosmart 6510 series (NET)" -AutoStart 1
uRun: [HP Photosmart 6510 series (NET) #2] "C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN23D4711605QB:NW" -scfn "HP Photosmart 6510 series (NET) #2" -AutoStart 1
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [GenieoUpdaterService] "C:\Users\Jennifer\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5
uRun: [GenieoSystemTray] "C:\Users\Jennifer\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe"
uRun: [Messenger] "C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
uRun: [ContourCameraFinder] "C:\Program Files (x86)\ContourStoryteller\ContourAutoplay.exe"
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe -update plugin
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DATAMNGR] C:\PROGRA~2\SETTIN~1\Datamngr\DATAMN~1.EXE
mRun: [SMessaging] C:\Users\Jennifer\AppData\Local\Strongvault Online Backup\SMessaging.exe
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop(2370).ini
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPODDT~1.LNK - C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STRONG~1.LNK - C:\Users\Jennifer\AppData\Local\StrongVault\StrongVaultApp.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mcafee.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://gamesville.worldwinner.com/games ... Loader.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v51/be ... eweled.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{E78BFD0C-C744-4ADE-8408-35453021F14E} : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\SETTIN~1\Datamngr\datamngr.dll C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: DataMngr: {F2D6C718-7E52-428E-8852-365C4B1A6E36} - C:\Program Files (x86)\Settings Alerter\Datamngr\x64\BrowserConnection.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}&CUI=UN61842949716620837
FF - prefs.js: browser.search.selectedEngine - MixiDJ Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.fantastigames.com/439
FF - prefs.js: keyword.URL - hxxp://isearch.fantastigames.com/web?sr ... mid=439&q=
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Users\Jennifer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Jennifer\AppData\Roaming\Facebook\npfbplugin_1_0_0.dll
FF - plugin: C:\Users\Jennifer\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
FF - ExtSQL: 2013-01-31 18:45; plugin@yontoo.com; C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\plugin@yontoo.com
FF - ExtSQL: 2013-02-05 16:53; couponamazing@jetpack; C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\couponamazing@jetpack
FF - ExtSQL: 2013-02-05 16:53; {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}; C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - ExtSQL: 2013-02-05 16:54; addon@defaulttab.com; C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: 2013-02-05 16:57; {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}; C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF - ExtSQL: 2013-02-05 17:01; addlyrics@addlyrics.net; C:\Program Files (x86)\AddLyrics\FF
FF - ExtSQL: 2013-02-05 17:01; ffxtlbr@delta.com; C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\ffxtlbr@delta.com
FF - ExtSQL: 2013-02-05 17:01; firefox@passwordbox.com; C:\Users\Jennifer\AppData\Local\PasswordBox\Firefox
FF - ExtSQL: 2013-02-08 14:36; crossriderapp19866@crossrider.com; C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\crossriderapp19866@crossrider.com
FF - ExtSQL: 2013-02-08 14:38; {c0c2693d-2ee8-47b4-9df7-b67a0ee31988}; C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}
FF - ExtSQL: 2013-02-09 09:59; infoatoms@infoatoms.com; C:\Program Files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com
FF - ExtSQL: !HIDDEN! 2013-02-05 16:53; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension
FF - ExtSQL: !HIDDEN! 2013-02-09 09:59; infoatoms@infoatoms.com; C:\Program Files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - badca421000000000000002564059662
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15741
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.017:01:32
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2009-11-17 72296]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-7-17 771096]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-7-17 339776]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-10-31 55280]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-31 92160]
R2 DefaultTabSearch;DefaultTabSearch;C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [2013-2-6 572928]
R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2013-1-31 107520]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2009-10-2 411136]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-11-24 309400]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-11-24 515528]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 0075241360420786mcinstcleanup;McAfee Application Installer Cleanup (0075241360420786);C:\Windows\TEMP\007524~1.EXE -cleanup -nolog --> C:\Windows\TEMP\007524~1.EXE -cleanup -nolog [?]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-11-24 69672]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-11-24 106112]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-11-26 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 53760]
.
=============== File Associations ===============
.
FileExt: .scr: DWGTrueViewScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-02-17 22:10:01 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-17 22:10:01 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-17 22:05:58 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-16 23:06:07 -------- d-----w- C:\Users\Jennifer\AppData\Local\{7AC4ED78-6DC3-49BB-B611-547CBA618867}
2013-02-13 00:31:42 -------- d-----w- C:\Program Files (x86)\Audacity
2013-02-13 00:31:23 -------- d-----w- C:\Users\Jennifer\AppData\Local\Programs
2013-02-12 19:38:20 -------- d-----w- C:\Users\Jennifer\AppData\Local\{7DFA60FC-8323-46EA-BA62-397637FBFD7F}
2013-02-10 23:01:54 -------- d-----w- C:\Users\Jennifer\AppData\Local\{8891A1FD-BD1A-429E-9D07-868F582F8D98}
2013-02-09 15:00:16 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\Optimizer Pro
2013-02-09 14:59:29 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2013-02-09 14:59:25 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\Funmoods
2013-02-09 14:59:18 -------- d-----w- C:\Program Files (x86)\InfoAtoms
2013-02-09 14:59:13 -------- d-----w- C:\Program Files (x86)\Funmoods
2013-02-08 19:40:03 -------- d-----w- C:\Program Files (x86)\Conduit
2013-02-08 19:38:52 -------- d-----w- C:\Users\Jennifer\AppData\Local\Conduit
2013-02-08 19:38:42 -------- d-----w- C:\Program Files (x86)\MixiDJ
2013-02-08 19:38:28 -------- d-----w- C:\Users\Jennifer\AppData\Local\CRE
2013-02-08 19:37:26 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\player
2013-02-08 19:37:24 -------- d-----w- C:\Program Files (x86)\Tuguu SL
2013-02-08 19:36:21 -------- d-----w- C:\Users\Jennifer\AppData\Local\Deal Vault
2013-02-08 19:35:59 -------- d-----w- C:\Program Files (x86)\Deal Vault
2013-02-07 21:03:27 -------- d-----w- C:\Users\Jennifer\AppData\Local\{610801AC-1EBE-4199-BA7F-A4C5D221BA8B}
2013-02-07 18:32:15 -------- d-----w- C:\Program Files (x86)\Flash Player Pro
2013-02-06 02:55:18 -------- d-----w- C:\Users\Jennifer\AppData\Local\{3BF2A1AB-9C61-4E5B-99E9-2E36178B72EE}
2013-02-06 00:26:22 -------- d-----w- C:\ProgramData\Browser Manager
2013-02-05 22:01:48 -------- d-----w- C:\Program Files (x86)\PasswordBox
2013-02-05 22:01:31 -------- d-----w- C:\Program Files (x86)\Delta
2013-02-05 22:01:25 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\Delta
2013-02-05 22:01:21 -------- d-----w- C:\Users\Jennifer\AppData\Local\PasswordBox
2013-02-05 22:01:07 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\Babylon
2013-02-05 22:01:07 -------- d-----w- C:\ProgramData\Babylon
2013-02-05 22:01:06 -------- d-----w- C:\Program Files (x86)\AddLyrics
2013-02-05 22:01:04 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\HoolappForAndroid
2013-02-05 21:58:06 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\Strongvault
2013-02-05 21:56:56 -------- d-----w- C:\Users\Jennifer\AppData\Local\Strongvault Online Backup
2013-02-05 21:56:01 -------- d-----w- C:\Users\Jennifer\AppData\Local\Stronghold_LLC
2013-02-05 21:55:15 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2013-02-05 21:55:08 -------- d-----w- C:\ProgramData\Strongvault Online Backup
2013-02-05 21:55:06 -------- d-----w- C:\Users\Jennifer\AppData\Local\StrongVault
2013-02-05 21:55:05 -------- d-----w- C:\Program Files (x86)\Strongvault Online Backup
2013-02-05 21:54:24 -------- d-----w- C:\ProgramData\Wincert
2013-02-05 21:54:14 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\DealPly
2013-02-05 21:54:04 801752 ----a-w- C:\Program Files (x86)\Mozilla Firefox\sqlite3.dll
2013-02-05 21:53:38 -------- d-----w- C:\Users\Jennifer\AppData\Local\Wajam
2013-02-05 21:53:37 -------- d-----w- C:\Users\Jennifer\AppData\Local\couponamazing
2013-02-05 21:53:32 -------- d-----w- C:\Program Files (x86)\Settings Alerter
2013-02-05 21:53:21 -------- d-----w- C:\Program Files (x86)\DealPly
2013-02-05 21:53:19 -------- d-----w- C:\Program Files (x86)\FGIcon
2013-02-05 21:53:14 -------- d-----w- C:\Program Files (x86)\Wajam
2013-02-01 00:57:58 -------- d-----w- C:\Users\Jennifer\AppData\Local\fontconfig
2013-02-01 00:57:50 -------- d-----w- C:\Users\Jennifer\AppData\Local\gegl-0.2
2013-02-01 00:57:50 -------- d-----w- C:\Users\Jennifer\.gimp-2.8
2013-01-31 23:56:12 -------- d-----w- C:\ProgramData\PC Optimizer Pro
2013-01-31 23:47:31 -------- d-----w- C:\Program Files (x86)\GimpShop
2013-01-31 23:46:20 -------- d-----w- C:\Program Files (x86)\DefaultTab
2013-01-31 23:46:06 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\DefaultTab
2013-01-31 23:45:55 -------- d-----w- C:\Program Files\PC Optimizer Pro
2013-01-31 23:45:49 -------- d-----w- C:\Program Files (x86)\Yontoo
2013-01-31 23:45:45 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\Genieo
2013-01-31 23:45:41 -------- d-----w- C:\ProgramData\Tarma Installer
2013-01-31 23:43:39 -------- d-----w- C:\ProgramData\APN
2013-01-29 21:03:33 -------- d-----w- C:\Users\Jennifer\AppData\Local\{9716D0E8-45F0-408B-92E9-A50AD5CE69D9}
2013-01-27 15:57:35 -------- d-----w- C:\Users\Jennifer\AppData\Local\{53E1C719-5CCF-4A3F-BA6A-169D6C2F9C20}
2013-01-26 17:21:17 -------- d-----w- C:\Users\Jennifer\AppData\Local\{8BF53E0E-620F-40FB-BD21-8A0C529A97DD}
2013-01-26 03:28:53 -------- d-----w- C:\Users\Jennifer\AppData\Local\{DC1904EB-D851-4606-9C62-C0F714C15014}
2013-01-24 22:01:06 -------- d-----w- C:\ProgramData\McAfee Security Scan
2013-01-24 22:00:42 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2013-01-24 21:54:57 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-23 21:03:39 -------- d-----w- C:\Users\Jennifer\AppData\Local\{0A1698BF-7EC9-46C1-9E9C-2EF8700034B1}
2013-01-22 22:37:29 -------- d-----w- C:\Users\Jennifer\AppData\Local\{D4FA3C52-2F8A-40D7-914C-00284706B60A}
2013-01-22 11:43:41 -------- d-----w- C:\Users\Jennifer\AppData\Roaming\WeatherBug
2013-01-22 11:43:21 -------- d-----w- C:\Program Files (x86)\AWS
2013-01-22 01:37:27 -------- d-----w- C:\Users\Jennifer\AppData\Local\{45F58618-E0CD-41ED-83FD-8A73B5D4DF62}
2013-01-22 01:36:57 -------- d-----w- C:\Users\Jennifer\AppData\Local\{1D59F46B-8088-4324-ACF3-9CB26C5F53CA}
2013-01-22 01:31:03 -------- d-----w- C:\Users\Jennifer\AppData\Local\{907E95D2-5FA2-4479-A929-7A1AE9AF63F8}
2013-01-22 01:30:09 -------- d-----w- C:\Users\Jennifer\AppData\Local\{8D337CF1-80A1-4CFB-904F-0454A82CC4B1}
.
==================== Find3M ====================
.
2013-02-07 23:11:18 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-07 23:11:18 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-12-26 14:55:26 69672 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-12-26 14:52:44 339776 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-12-26 14:52:34 182312 ----a-w- C:\Windows\System32\mfevtps.exe
2012-12-26 14:51:34 10288 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-12-26 14:51:24 106112 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-12-26 14:50:48 771096 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2012-12-26 14:49:42 515528 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-12-26 14:49:00 309400 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-12-26 14:48:30 178840 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2012-12-07 05:41:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 05:04:20 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 03:21:08 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs
2012-12-05 21:37:24 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-12-05 21:37:24 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-12-05 21:26:38 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-05 21:26:29 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-11-21 18:07:38 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-11-21 18:07:38 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 17:28:18.05 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/31/2009 8:09:53 PM
System Uptime: 2/17/2013 5:26:08 PM (24 hours ago)
.
Motherboard: Dell Inc. | | 0U880P
Processor: Intel(R) Celeron(R) CPU 450 @ 2.20GHz | CPU 1 | 2194/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 432.566 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP275: 2/16/2013 10:47:09 PM - Windows Update
RP276: 2/17/2013 5:04:45 PM - Windows Update
.
==== Installed Programs ======================
.
AddLyrics
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
Audacity 2.0.3
Autodesk Design Review 2013
Autodesk Inventor 2013 Quick Uninstaller
Autodesk Inventor Content Center Libraries 2013 (Desktop Content)
Autodesk Inventor Fusion 2013
Autodesk Inventor Fusion for Inventor 2013 Add-in
Autodesk Inventor Professional 2013
Autodesk Inventor Professional 2013 English
Autodesk Inventor Professional 2013 English Language Pack
Autodesk Material Library 2013
Autodesk Material Library Base Resolution Image Library 2013
Autodesk Material Library Low Resolution Image Library 2013
Autodesk Sync
Autodesk Vault Basic 2013 (Client)
Autodesk Vault Basic 2013 (Client) English Language Pack
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Editor 6
AVS Video Recorder 2.5
AVS4YOU Software Navigator 1.4
Battlefield Heroes
Bing Bar
Bonjour
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
Consumer In-Home Service Agreement
Contour Storyteller
Coupon Printer for Windows
couponamazing
D3DX10
Deal Vault
DealPly
DefaultTab
Dell Communications (Support Software)
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Driver Download Manager
Dell Driver Download Manager - 1
Dell Edoc Viewer
Dell Getting Started Guide
Delta Chrome Toolbar
Delta toolbar
Digital Line Detect
DWG TrueView 2013
Eco Materials Adviser for Autodesk Inventor 2013
Facebook Plug-In
Flash Player Pro V5.4
FlashPlayer
Funmoods
Genieo
GimpShop 2.8
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Hoolapp For Android
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo Creations
HP Photosmart 6510 series Basic Device Software
HP Photosmart 6510 series Help
HP Photosmart 6510 series Product Improvement Study
HP Update
iCloud
InfoAtoms
Intel(R) Graphics Media Accelerator Driver
iTunes
Java 7 Update 11
Java Auto Updater
Java(TM) 6 Update 14 (64-bit)
Java(TM) 6 Update 29
Junk Mail filter update
Keyboard Lock Status
Malwarebytes Anti-Malware version 1.61.0.1400
Manga Studio Debut 4.0
McAfee Anti-Theft
McAfee AntiVirus Plus
McAfee Security Scan Plus
McAfee Virtual Technician
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft IntelliType Pro 7.1
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft WSE 3.0 Runtime
MixiDJ Toolbar
MobileMe Control Panel
Modem Diagnostic Tool
Mozilla Firefox 10.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
NetWaiting
Optimizer Pro v3.0
PasswordBox
PC Optimizer Pro
PowerDVD DX
PunkBuster Services
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Redist
Roxio Burn
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Settings Alerter
Shared C Run-time for x64
ShopAtHome SelectRebates
Spelling Dictionaries Support For Adobe Reader 9
Strongvault Online Backup
TI-83 Plus Flash Debugger
Uniblue DriverScanner 2009
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
V CAST Music with Rhapsody
VBA (2627.01)
Verizon Media Manager
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Wajam
WeatherBug
WildTangent ORB Game Console
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinUtilities 9.36 Professinal Edition
Yahoo! Detect
Yahoo! Toolbar
Yontoo 1.12.02
.
==== Event Viewer Messages From Past Week ========
.
2/18/2013 12:48:01 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR6.
2/18/2013 12:24:25 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
2/18/2013 11:14:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
2/17/2013 5:27:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
2/17/2013 5:27:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFS Lbd
2/17/2013 5:26:44 PM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
2/17/2013 5:00:37 PM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).
2/17/2013 12:20:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2797052).
2/17/2013 12:20:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2792100).
2/17/2013 12:20:30 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2799494).
2/17/2013 10:43:12 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
2/15/2013 5:00:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
2/15/2013 2:41:42 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended.
2/15/2013 2:41:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
.
==== End Of File ===========================
drjpaulwede
Regular Member
 
Posts: 37
Joined: February 17th, 2013, 8:30 pm
Advertisement
Register to Remove

Re: startup problems

Unread postby pgmigg » February 18th, 2013, 10:14 pm

Hello drjpaulwede,

Welcome to the forum! :)

My nickname is pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: startup problems

Unread postby pgmigg » February 19th, 2013, 2:27 am

Hello drjpaulwede,

Step 1.
Run CKScanner
  1. Please download CKScanner from Here
  2. Important: - Save it to your Desktop.
  3. Right-click CKScanner.exe and select "Run as administrator...", then click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 2.
Run CodeCheck Scan
  1. Please download codecheck from here to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Right-click on codecheck.exe and select "Run as administrator..." to run it.
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Then,
Please tell me, is this computer used for business purposes or connected to any business network?
I need to know it - so I can provide the proper instructions.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of a log created by CKFiles.txt
  3. Contents of the codecheck.txt log file
  4. Answer for my question related to type of using of your computer.
  5. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: startup problems

Unread postby drjpaulwede » February 19th, 2013, 6:46 pm

1. Do you have any problems executing the instructions?
No, but I had to boot into Safe Mode with Networking due to problems starting the computer.

2. Contents of a log created by CKFiles.txt
CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\gimpshop\share\gimp\2.0\patterns\cracked.pat
c:\users\jennifer\music\itunes\itunes media\music\eminem\relapse\22 crack a bottle (single version).m4a
scanner sequence 3.LB.11.HUNAAS
----- EOF -----

3. Contents of the codecheck.txt log file
Codecheck Version 1.0

02019

4. Answer for my question related to type of using of your computer.
This is a personal computer, on a personal computer home network.

5. Do you see any changes in computer behavior?
No changes, other than difficulty with booting up normally.
drjpaulwede
Regular Member
 
Posts: 37
Joined: February 17th, 2013, 8:30 pm

Re: startup problems

Unread postby pgmigg » February 19th, 2013, 7:13 pm

Cracked/Keygen related software detected!!!

Your recent logs shows evidence of cracked or otherwise illegal software.

This service is provided to you, without charge, by people who volunteer their own time to help.
There is an implied trust that you will respect that donated time, and provide all the information possible to bring the dialog to a successful conclusion.

If false information is provided, that trust is violated, and we will not provide any further help.

This thread will be closed.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: startup problems

Unread postby drjpaulwede » February 19th, 2013, 8:07 pm

Please explain. I am not sure which software is "cracked."
drjpaulwede
Regular Member
 
Posts: 37
Joined: February 17th, 2013, 8:30 pm

Re: startup problems

Unread postby pgmigg » February 20th, 2013, 12:23 am

Hello drjpaulwede,
Please explain. I am not sure which software is "cracked."
I have a problem concerning the way you obtained the copy of GimpShop 2.8 you have installed on your computer.

Please do consider this alternative as most threads containing pirated/cracked software are normally closed without further consideration. Please read Use of "cracked" programs.

If you would like to continue, please comply with the following:

Step 1.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without the word Code: into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    GimpShop 2.8
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.
  6. Reboot you computer.

Step 2.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

Fresh OTL Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Status of removing step you made if you decided to clean this machine with me.
  3. Contents of a OTL.txt log file.
  4. Contents of a Extras.txt log file.

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: startup problems

Unread postby drjpaulwede » February 20th, 2013, 7:03 pm

Thank you for your reply.

I attempted to delete the GimpShop program by your instructions, but I got an error message stating that the windows uninstaller service could not be accessed. Therefore, I was not able to delete that program. Is there another way to get rid of it?

OTL
OTL logfile created on: 2/20/2013 5:10:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jennifer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 3.01 Gb Available Physical Memory | 75.88% Memory free
7.93 Gb Paging File | 7.01 Gb Available in Paging File | 88.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.48 Gb Total Space | 437.42 Gb Free Space | 75.23% Space Free | Partition Type: NTFS

Computer Name: JENNIFER-PC | User Name: Jennifer | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/20 17:08:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/26 09:52:34 | 000,182,312 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/12/26 09:49:32 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/12/26 09:47:40 | 000,241,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/11/16 21:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/04/18 16:36:51 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/01/30 19:10:36 | 000,339,776 | ---- | M] ( ) [Auto | Stopped] -- C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe -- (mitsijm2013)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/31 13:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2013/02/07 18:11:18 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/06 07:04:54 | 000,572,928 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2013/02/03 23:42:34 | 000,066,560 | ---- | M] (PasswordBox, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\PasswordBox\pbbtnService.exe -- (PasswordBox)
SRV - [2013/01/31 18:46:06 | 000,107,520 | ---- | M] () [Auto | Stopped] -- C:\Users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/12/05 16:26:29 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/10/05 10:08:42 | 000,109,064 | ---- | M] (Wajam) [Auto | Stopped] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/15 16:49:26 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/02 00:25:07 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/05 05:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe -- (sprtsvc_DellComms)
SRV - [2009/04/29 11:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/26 09:55:26 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/12/26 09:52:44 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/12/26 09:51:24 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/12/26 09:50:48 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/12/26 09:49:42 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/12/26 09:49:00 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/12/26 09:48:30 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/10 07:06:08 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/17 10:15:34 | 000,072,296 | ---- | M] (McAfee) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\McPvDrv.sys -- (McPvDrv)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 11:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/13 14:21:20 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2009/02/13 14:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/02/12 22:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2006/06/18 06:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2010/01/14 20:20:22 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\AFS.SYS -- (AFS)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{1F6BC42D-34D4-4651-8811-F7421B4AFC4F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2439}: "URL" = http://isearch.fantastigames.com/web?sr ... mid=439&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {c0c2693d-2ee8-47b4-9df7-b67a0ee31988} - C:\Program Files (x86)\MixiDJ\prxtbMixi.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2439}: "URL" = http://isearch.fantastigames.com/web?sr ... mid=439&q={searchTerms}
IE - HKLM\..\SearchScopes\{E2803C9C-A482-40D0-9CD0-A9F61AFDBB84}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT3272718
IE - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\..\URLSearchHook: {c0c2693d-2ee8-47b4-9df7-b67a0ee31988} - C:\Program Files (x86)\MixiDJ\prxtbMixi.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2439}
IE - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=119351&tt=030213_de&babsrc=SP_ss&mntrId=badca421000000000000002564059662
IE - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\..\SearchScopes\{6AAF7BF8-B4F5-4336-B03E-A2C69D69B8EF}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=B4AB9EFF-D359-4247-BA1C-F0F336F077CC&apn_sauid=D0CE9362-CB29-4B56-9C92-55BEF092FCFA
IE - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2439}: "URL" = http://isearch.fantastigames.com/web?sr ... mid=439&q={searchTerms}
IE - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\..\SearchScopes\{B53B8FB5-242F-4450-8C68-5FE57446329D}: "URL" = http://www.mysearchresults.com/search?&c=2652&t=03&q={searchTerms}
IE - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\..\SearchScopes\{D21CC6CC-EEF2-4375-A766-B6A27D3A4E97}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7GGNI_enUS481
IE - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT3272718.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "MixiDJ Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3272718&SearchSource=3&q={searchTerms}&CUI=UN61842949716620837"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "MixiDJ Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://isearch.fantastigames.com/439"
FF - prefs.js..extensions.enabledAddons: textlinks@arcadeweb.com:1.0.0
FF - prefs.js..extensions.enabledAddons: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:5.1.0.252437
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105
FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledAddons: addon@defaulttab.com:1.4.3
FF - prefs.js..extensions.enabledAddons: {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}:1.26
FF - prefs.js..extensions.enabledAddons: crossriderapp19866@crossrider.com:0.87.28
FF - prefs.js..extensions.enabledAddons: ffxtlbr@delta.com:1.5.0
FF - prefs.js..extensions.enabledAddons: addlyrics@addlyrics.net:1.107
FF - prefs.js..extensions.enabledAddons: infoatoms@infoatoms.com:1.6.0.0
FF - prefs.js..extensions.enabledAddons: {c0c2693d-2ee8-47b4-9df7-b67a0ee31988}:10.14.42.7
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: toolbar@shopathome.com:5.1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://isearch.fantastigames.com/web?src=ffb&gct=ds&appid=100&systemid=439&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.0: C:\Users\Jennifer\AppData\Roaming\Facebook\npfbplugin_1_0_0.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Jennifer\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jennifer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\infoatoms@infoatoms.com: C:\Program Files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com [2013/02/09 09:59:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/17 16:31:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/17 16:31:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\addlyrics@addlyrics.net: C:\Program Files (x86)\AddLyrics\FF\ [2013/02/05 17:01:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firefox@passwordbox.com: C:\Users\Jennifer\AppData\Local\PasswordBox\Firefox [2013/02/05 17:01:26 | 000,000,000 | ---D | M]

[2013/02/05 16:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Extensions
[2013/02/17 19:00:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions
[2012/11/24 20:16:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/02/08 14:37:23 | 000,000,000 | ---D | M] (MixiDJ) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}
[2012/11/24 20:17:30 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2013/02/05 16:53:45 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2013/02/05 16:53:40 | 000,000,000 | ---D | M] (CouponAmazing) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\couponamazing@jetpack
[2013/02/08 14:36:19 | 000,000,000 | ---D | M] ("Deal Vault") -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\crossriderapp19866@crossrider.com
[2013/02/05 17:01:31 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\ffxtlbr@delta.com
[2013/01/31 18:45:53 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\plugin@yontoo.com
[2011/10/18 14:40:34 | 000,000,000 | ---D | M] ("ArcadeWeb") -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\textlinks@arcadeweb.com
[2012/11/21 13:19:33 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\toolbar@ask.com
[2010/07/13 17:00:57 | 000,000,000 | ---D | M] (ShopAtHome Intelligent Shopping Toolbar) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\toolbar@shopathome.com
[2013/02/08 14:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\crossriderapp19866@crossrider.com\chrome\content\extensionCode
[2013/02/05 16:54:44 | 000,026,153 | ---- | M] () (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\addon@defaulttab.com.xpi
[2013/02/05 16:57:16 | 000,037,914 | ---- | M] () (No name found) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
[2012/11/21 13:19:32 | 000,002,308 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\searchplugins\askcom.xml
[2013/02/08 14:38:12 | 000,000,971 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\searchplugins\conduit.xml
[2013/02/05 17:01:35 | 000,001,294 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\searchplugins\delta.xml
[2013/02/18 13:16:36 | 000,002,030 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\searchplugins\search-here.xml
[2013/02/05 16:53:40 | 000,002,519 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\searchplugins\WebSearch.xml
[2013/02/09 09:59:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/09 09:59:45 | 000,000,000 | ---D | M] (InfoAtoms) -- C:\Program Files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com
[2013/02/05 17:01:06 | 000,000,000 | ---D | M] ("AddLyrics") -- C:\PROGRAM FILES (X86)\ADDLYRICS\FF
[2013/02/05 16:53:50 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\SETTINGS ALERTER\DATAMNGR\FIREFOXEXTENSION
[2012/02/18 09:00:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/06 19:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2010/10/06 19:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2013/02/05 17:01:14 | 000,006,523 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/02/18 08:59:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/24 20:18:44 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/02/18 08:59:58 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2013/02/05 16:53:40 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearch.xml

========== Chrome ==========

CHR - homepage: http://yahoo.genieo.com/?v=w3i8
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://yahoo.genieo.com/?v=w3i8
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Wajam (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Rev NPAPI (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdlfddggdloaadnphbhejknhaggjaeld\1.107_0\plugin/rev.dll
CHR - plugin: registryAccess (Enabled) = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.9.29524_0\background/registryAccess.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Jennifer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Jennifer\AppData\Roaming\Facebook\npfbplugin_1_0_0.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Jennifer\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Google Drive = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Poppit = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Deal Vault = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mifpbickojhbejhppcfgifjbmiinpjap\1.21.28_0\crossrider
CHR - Extension: Deal Vault = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mifpbickojhbejhppcfgifjbmiinpjap\1.21.28_0\
CHR - Extension: Gmail = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (DataMngr) - {F2D6C718-7E52-428E-8852-365C4B1A6E36} - C:\Program Files (x86)\Settings Alerter\Datamngr\x64\BrowserConnection.dll (Koyote-Lab, inc)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (InfoAtoms) - {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files (x86)\InfoAtoms\IE32\InfoAtomsClientIE.dll (InfoAtoms Inc.)
O2 - BHO: (Deal Vault) - {11111111-1111-1111-1111-110111981166} - C:\Program Files (x86)\Deal Vault\Deal Vault.dll (215 Apps)
O2 - BHO: (CouponAmazing 5.0) - {160B42B4-CBA6-4DB3-A316-00A3ADE3AEA0} - C:\Users\Jennifer\AppData\Local\couponamazing\ie\couponamazing_1360004687.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (AddLyrics) - {4145006D-47F8-42F2-8186-2225AAFECDD3} - C:\Program Files (x86)\AddLyrics\AddLyrics.dll (AddLyrics)
O2 - BHO: (PasswordBox Helper) - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Jennifer\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (MixiDJ Toolbar) - {c0c2693d-2ee8-47b4-9df7-b67a0ee31988} - C:\Program Files (x86)\MixiDJ\prxtbMixi.dll (Conduit Ltd.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O2 - BHO: (DataMngr) - {F2D6C718-7E52-428E-8852-365C4B1A6E36} - C:\Program Files (x86)\Settings Alerter\Datamngr\BrowserConnection.dll (Koyote-Lab, inc)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (PasswordBox) - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3 - HKLM\..\Toolbar: (MixiDJ Toolbar) - {c0c2693d-2ee8-47b4-9df7-b67a0ee31988} - C:\Program Files (x86)\MixiDJ\prxtbMixi.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Settings Alerter\Datamngr\datamngrUI.exe (Koyote-Lab, inc)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SMessaging] C:\Users\Jennifer\AppData\Local\Strongvault Online Backup\SMessaging.exe (Stronghold Online Backup)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2335382365-1412915923-843921817-1001..\Run: [ContourCameraFinder] C:\Program Files (x86)\ContourStoryteller\ContourAutoplay.exe ()
O4 - HKU\S-1-5-21-2335382365-1412915923-843921817-1001..\Run: [GenieoSystemTray] C:\Users\Jennifer\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe ()
O4 - HKU\S-1-5-21-2335382365-1412915923-843921817-1001..\Run: [GenieoUpdaterService] C:\Users\Jennifer\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe ()
O4 - HKU\S-1-5-21-2335382365-1412915923-843921817-1001..\Run: [HP Photosmart 6510 series (NET)] C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-2335382365-1412915923-843921817-1001..\Run: [HP Photosmart 6510 series (NET) #2] C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-2335382365-1412915923-843921817-1001..\Run: [Messenger] C:\Program Files (x86)\Strongvault Online Backup\SMessenger.exe (Stronghold LLC)
O4 - HKU\S-1-5-21-2335382365-1412915923-843921817-1001..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-2335382365-1412915923-843921817-1001..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKU\S-1-5-21-2335382365-1412915923-843921817-1001..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2335382365-1412915923-843921817-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://gamesville.worldwinner.com/games ... Loader.cab (FunGamesLoader Object)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v51/be ... eweled.cab (Bejeweled Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab (SwapIt Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E78BFD0C-C744-4ADE-8408-35453021F14E}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll ()
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SETTIN~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Settings Alerter\Datamngr\x64\datamngr.dll (Koyote-Lab, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SETTIN~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Settings Alerter\Datamngr\x64\IEBHO.dll (Koyote-Lab, inc)
O20 - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~2\SETTIN~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Settings Alerter\Datamngr\datamngr.dll (Koyote-Lab, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Settings Alerter\Datamngr\IEBHO.dll (Koyote-Lab, inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/04/18 15:44:48 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2010/12/08 19:21:16 | 000,000,141 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/20 17:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/02/20 17:08:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2013/02/17 17:06:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/17 17:06:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/17 17:06:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/17 17:06:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/17 17:06:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/17 17:06:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/17 17:06:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/17 17:06:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/17 17:06:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/17 17:06:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/17 17:06:01 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/17 17:06:01 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/17 17:05:57 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/17 17:05:56 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/17 17:05:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/16 18:06:07 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{7AC4ED78-6DC3-49BB-B611-547CBA618867}
[2013/02/12 19:32:08 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Audacity
[2013/02/12 19:31:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2013/02/12 19:31:23 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Programs
[2013/02/12 14:38:20 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{7DFA60FC-8323-46EA-BA62-397637FBFD7F}
[2013/02/10 18:01:54 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{8891A1FD-BD1A-429E-9D07-868F582F8D98}
[2013/02/09 10:00:16 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Optimizer Pro
[2013/02/09 09:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[2013/02/09 09:59:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2013/02/09 09:59:25 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Funmoods
[2013/02/09 09:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InfoAtoms
[2013/02/09 09:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funmoods
[2013/02/08 14:40:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/02/08 14:38:52 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Conduit
[2013/02/08 14:38:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MixiDJ
[2013/02/08 14:38:28 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\CRE
[2013/02/08 14:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPlayer
[2013/02/08 14:37:26 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\player
[2013/02/08 14:37:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tuguu SL
[2013/02/08 14:36:21 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Deal Vault
[2013/02/08 14:35:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deal Vault
[2013/02/07 16:03:27 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{610801AC-1EBE-4199-BA7F-A4C5D221BA8B}
[2013/02/07 13:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Player Pro
[2013/02/07 13:32:15 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\Documents\Flash Player Pro
[2013/02/07 13:32:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flash Player Pro
[2013/02/05 21:55:18 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{3BF2A1AB-9C61-4E5B-99E9-2E36178B72EE}
[2013/02/05 19:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2013/02/05 17:01:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PasswordBox
[2013/02/05 17:01:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013/02/05 17:01:25 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Delta
[2013/02/05 17:01:21 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\PasswordBox
[2013/02/05 17:01:07 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Babylon
[2013/02/05 17:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/02/05 17:01:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AddLyrics
[2013/02/05 17:01:04 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\HoolappForAndroid
[2013/02/05 16:58:06 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Strongvault
[2013/02/05 16:56:56 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Strongvault Online Backup
[2013/02/05 16:56:01 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Stronghold_LLC
[2013/02/05 16:55:15 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/02/05 16:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2013/02/05 16:55:06 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\StrongVault
[2013/02/05 16:55:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Strongvault Online Backup
[2013/02/05 16:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strongvault Online Backup
[2013/02/05 16:54:39 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
[2013/02/05 16:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert
[2013/02/05 16:54:14 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\DealPly
[2013/02/05 16:53:49 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[2013/02/05 16:53:38 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Wajam
[2013/02/05 16:53:37 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\couponamazing
[2013/02/05 16:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Settings Alerter
[2013/02/05 16:53:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly
[2013/02/05 16:53:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FGIcon
[2013/02/05 16:53:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2013/01/31 19:57:58 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\fontconfig
[2013/01/31 19:57:50 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\gegl-0.2
[2013/01/31 19:57:50 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\.gimp-2.8
[2013/01/31 18:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Optimizer Pro
[2013/01/31 18:47:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GimpShop
[2013/01/31 18:46:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefaultTab
[2013/01/31 18:46:06 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\DefaultTab
[2013/01/31 18:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro
[2013/01/31 18:45:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2013/01/31 18:45:45 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Genieo
[2013/01/31 18:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/01/31 18:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/01/29 16:03:33 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{9716D0E8-45F0-408B-92E9-A50AD5CE69D9}
[2013/01/27 10:57:35 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{53E1C719-5CCF-4A3F-BA6A-169D6C2F9C20}
[2013/01/26 12:21:17 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{8BF53E0E-620F-40FB-BD21-8A0C529A97DD}
[2013/01/25 22:28:53 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{DC1904EB-D851-4606-9C62-C0F714C15014}
[2013/01/25 17:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/01/24 17:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013/01/24 17:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2013/01/24 16:54:57 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/01/24 16:54:57 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/01/24 16:54:57 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/01/23 16:03:39 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{0A1698BF-7EC9-46C1-9E9C-2EF8700034B1}
[2013/01/22 17:37:29 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{D4FA3C52-2F8A-40D7-914C-00284706B60A}
[2013/01/22 06:43:41 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\WeatherBug
[2013/01/22 06:43:21 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeatherBug
[2013/01/22 06:43:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AWS
[2013/01/21 20:37:27 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{45F58618-E0CD-41ED-83FD-8A73B5D4DF62}
[2013/01/21 20:36:57 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{1D59F46B-8088-4324-ACF3-9CB26C5F53CA}
[2013/01/21 20:31:03 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{907E95D2-5FA2-4479-A929-7A1AE9AF63F8}
[2013/01/21 20:30:09 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\{8D337CF1-80A1-4CFB-904F-0454A82CC4B1}
[2011/12/19 18:46:40 | 009,014,392 | ---- | C] (Mozy, Inc.) -- C:\ProgramData\TempMOBK-update-27ba6a9b9808bda40c3540a47bb1ff3c.exe
[2011/12/08 15:58:49 | 009,734,240 | ---- | C] (McAfee, Inc.) -- C:\ProgramData\TempMOBK-update-6f587c3c1a49f2fdf5254a3e5ed05791.exe

========== Files - Modified Within 30 Days ==========

[2013/02/20 17:13:07 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2013/02/20 17:11:29 | 000,785,500 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/20 17:11:29 | 000,664,438 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/20 17:11:29 | 000,123,168 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/20 17:08:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2013/02/20 17:06:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/20 17:05:52 | 3193,741,312 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/19 17:42:25 | 000,025,088 | ---- | M] () -- C:\Users\Jennifer\Desktop\codecheck.exe
[2013/02/19 17:35:47 | 000,681,984 | ---- | M] () -- C:\Users\Jennifer\Desktop\CKScanner.exe
[2013/02/18 17:19:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/18 17:12:45 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013/02/18 17:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/18 17:06:45 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\AddLyrics update.job
[2013/02/18 12:54:20 | 000,688,992 | ---- | M] () -- C:\Users\Jennifer\Desktop\dds(3).scr
[2013/02/18 10:38:12 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/17 18:46:01 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2013/02/17 18:18:56 | 000,016,156 | ---- | M] () -- C:\Users\Jennifer\AppData\Roaming\wklnhst.dat
[2013/02/17 17:35:32 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/17 17:35:32 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/17 17:27:12 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2013/02/12 19:32:01 | 000,001,009 | ---- | M] () -- C:\Users\Jennifer\Desktop\Audacity.lnk
[2013/02/12 11:00:01 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 Scan.job
[2013/02/12 10:23:10 | 000,650,597 | ---- | M] () -- C:\Users\Jennifer\Documents\Scan0002.pdf
[2013/02/09 09:59:38 | 000,001,064 | ---- | M] () -- C:\Users\Jennifer\Desktop\Optimizer Pro.lnk
[2013/02/09 09:59:18 | 000,077,671 | ---- | M] () -- C:\Users\Jennifer\AppData\Local\funmoods_2.0.1.crx
[2013/02/08 14:40:22 | 000,000,009 | ---- | M] () -- C:\end
[2013/02/08 14:37:41 | 000,002,603 | ---- | M] () -- C:\Users\Public\Desktop\VPlayer.lnk
[2013/02/07 18:11:18 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/07 18:11:18 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/07 13:32:19 | 000,001,105 | ---- | M] () -- C:\Users\Jennifer\Desktop\Flash Player Pro.lnk
[2013/02/05 16:55:10 | 000,001,308 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe.lnk
[2013/02/05 16:55:10 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Shortcut to Strongvault.exe.lnk
[2013/01/31 20:13:12 | 000,000,887 | ---- | M] () -- C:\Users\Jennifer\AppData\Local\recently-used.xbel
[2013/01/31 18:46:11 | 000,000,924 | ---- | M] () -- C:\Users\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
[2013/01/30 20:29:10 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/01/25 17:33:25 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/01/22 06:43:22 | 000,001,724 | ---- | M] () -- C:\Users\Jennifer\Desktop\WeatherBug.lnk

========== Files Created - No Company Name ==========

[2013/02/19 17:42:25 | 000,025,088 | ---- | C] () -- C:\Users\Jennifer\Desktop\codecheck.exe
[2013/02/19 17:35:47 | 000,681,984 | ---- | C] () -- C:\Users\Jennifer\Desktop\CKScanner.exe
[2013/02/18 12:54:20 | 000,688,992 | ---- | C] () -- C:\Users\Jennifer\Desktop\dds(3).scr
[2013/02/12 19:32:01 | 000,001,021 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013/02/12 19:32:01 | 000,001,009 | ---- | C] () -- C:\Users\Jennifer\Desktop\Audacity.lnk
[2013/02/12 10:23:10 | 000,650,597 | ---- | C] () -- C:\Users\Jennifer\Documents\Scan0002.pdf
[2013/02/09 09:59:38 | 000,001,064 | ---- | C] () -- C:\Users\Jennifer\Desktop\Optimizer Pro.lnk
[2013/02/09 09:59:19 | 000,077,671 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\funmoods_2.0.1.crx
[2013/02/08 14:37:41 | 000,002,603 | ---- | C] () -- C:\Users\Public\Desktop\VPlayer.lnk
[2013/02/07 13:32:19 | 000,001,105 | ---- | C] () -- C:\Users\Jennifer\Desktop\Flash Player Pro.lnk
[2013/02/05 17:01:08 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\AddLyrics update.job
[2013/02/05 16:55:10 | 000,001,308 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.exe.lnk
[2013/02/05 16:55:10 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Shortcut to Strongvault.exe.lnk
[2013/02/05 16:53:11 | 000,000,009 | ---- | C] () -- C:\end
[2013/01/31 20:13:12 | 000,000,887 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\recently-used.xbel
[2013/01/31 18:56:24 | 000,000,412 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro64 Scan.job
[2013/01/31 18:56:15 | 000,000,444 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2013/01/31 18:56:13 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2013/01/31 18:46:11 | 000,000,924 | ---- | C] () -- C:\Users\Jennifer\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
[2013/01/24 17:00:47 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/01/22 06:43:22 | 000,001,724 | ---- | C] () -- C:\Users\Jennifer\Desktop\WeatherBug.lnk
[2012/12/05 16:26:31 | 000,270,240 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/12/05 16:26:29 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/10/24 14:00:00 | 000,000,210 | ---- | C] () -- C:\Windows\wininit.ini
[2012/10/02 19:28:53 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/04/18 16:09:47 | 000,779,224 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/28 20:23:22 | 000,213,187 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\MMUpgrade.jpg
[2011/11/26 22:03:33 | 000,007,597 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\Resmon.ResmonCfg
[2011/11/26 21:27:45 | 000,000,000 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\{25DC8876-11C1-4FCB-B548-26CB7C1A580B}
[2011/11/24 11:39:09 | 000,007,168 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/30 19:20:19 | 000,000,000 | ---- | C] () -- C:\Users\Jennifer\AppData\Local\{08EAC3E6-4231-49BF-8E83-58805D6DC5BD}
[2011/07/30 18:28:13 | 000,180,089 | ---- | C] () -- C:\Users\Jennifer\nickbabyvoice.wma
[2010/11/01 18:34:56 | 000,870,128 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\mcs.rma
[2010/11/01 18:34:56 | 000,000,004 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\4C599B
[2010/08/24 12:57:35 | 000,000,000 | ---- | C] () -- C:\Users\Jennifer\jagex__preferences3.dat
[2010/08/24 12:57:34 | 000,000,099 | ---- | C] () -- C:\Users\Jennifer\jagex_runescape_preferences2.dat
[2010/08/24 12:57:15 | 000,000,046 | ---- | C] () -- C:\Users\Jennifer\jagex_runescape_preferences.dat
[2009/11/06 18:37:08 | 000,016,156 | ---- | C] () -- C:\Users\Jennifer\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 05:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 03:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/08 20:03:37 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\.minecraft
[2009/11/30 16:31:06 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\alot
[2013/02/17 16:32:27 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Audacity
[2012/05/31 16:18:00 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Autodesk
[2013/02/05 17:01:07 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Babylon
[2013/02/17 16:32:27 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\DealPly
[2013/01/31 18:46:06 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\DefaultTab
[2013/02/17 16:32:28 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Delta
[2013/02/17 16:32:28 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Facebook
[2013/02/17 16:32:28 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Funmoods
[2013/01/31 18:45:56 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Genieo
[2013/02/17 16:32:28 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\HoolappForAndroid
[2011/12/11 19:39:45 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\JCP
[2013/02/17 16:32:29 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\OpenCandy
[2009/11/30 16:35:28 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\OpenOffice.org
[2013/02/09 10:00:16 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Optimizer Pro
[2010/12/17 16:56:44 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\PCDr
[2013/02/17 16:32:29 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\player
[2010/12/19 14:39:41 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Smith Micro
[2013/02/05 16:58:06 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Strongvault
[2009/11/06 18:37:14 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Template
[2010/01/09 13:49:33 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Uniblue
[2010/07/03 22:48:41 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Unity
[2013/01/12 21:39:19 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Visan
[2013/01/22 06:43:41 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\WeatherBug
[2009/10/31 19:29:04 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\WildTangent
[2010/12/11 23:29:28 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:373E1720

< End of report >
drjpaulwede
Regular Member
 
Posts: 37
Joined: February 17th, 2013, 8:30 pm

Re: startup problems

Unread postby drjpaulwede » February 20th, 2013, 7:04 pm

Extras Log:

OTL Extras logfile created on: 2/20/2013 5:10:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jennifer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 3.01 Gb Available Physical Memory | 75.88% Memory free
7.93 Gb Paging File | 7.01 Gb Available in Paging File | 88.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.48 Gb Total Space | 437.42 Gb Free Space | 75.23% Space Free | Partition Type: NTFS

Computer Name: JENNIFER-PC | User Name: Jennifer | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20BE684F-DC4C-4B56-AF3F-4B3C093D3172}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21BB2D18-C6FD-425D-A98C-53E4E0C5E0C4}" = rport=137 | protocol=17 | dir=out | app=system |
"{33CAC0C6-04D1-4EC9-BC6E-62A2ADC83EE5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3ACE7B30-7DEF-4BF1-A2F0-3D908E091B27}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3CE6A81E-66DE-4C19-9105-8D0D82CBB25D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3E78B8F2-3ED6-4EC7-A3B7-4F262309666A}" = lport=139 | protocol=6 | dir=in | app=system |
"{432BBA0C-8096-48E9-A5BA-E4C124E421A2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5FC19304-5D3E-47A1-92F8-8734C80A2A19}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6572B0A6-5354-416D-9C45-894C9144B6BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{69A345A8-4391-405A-8C6F-BA7D3391DE2F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6C85C6F5-2FEA-412F-BF57-3DAF68A70951}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6C943711-662D-48CA-B700-59066CB13A51}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{871E55EB-10EB-48F8-B040-D936607CAAC1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8733EA63-B64B-449D-B32B-3F96052FDF8F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A25D7750-742E-4973-825D-7D78F0B48004}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A8277F42-DAB6-446F-9B98-CD3AB5C35220}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8447186-846F-4726-BFD7-0E3D20625CB6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{ABCB8DD4-1BF0-40D1-9E5D-461401B88538}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B27596E4-D7B7-4433-AA72-DC89B682C6A4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B6BC18F2-FFF2-4F0B-B597-C58A7A230602}" = rport=139 | protocol=6 | dir=out | app=system |
"{BBD26268-D058-483C-9E43-E844CCCF2DF6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BE9FB31A-5EFF-4735-AF76-553A7DA74927}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C6856CA3-C752-4E3A-9193-697A6B233057}" = lport=138 | protocol=17 | dir=in | app=system |
"{DADF355C-A8DA-46C7-844E-05C1CDF20408}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DC0C3F02-7A42-41EF-B002-A4D45A6F65D0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DCF834DD-5D64-4E7E-87E5-579A53977FC4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E3C4C407-BE56-4E91-AC40-352C7230D7C6}" = lport=445 | protocol=6 | dir=in | app=system |
"{E7FEDC6F-018D-455A-A373-370FBF600C91}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EA566EFC-068E-48D6-8A65-AC25D3355F2F}" = rport=445 | protocol=6 | dir=out | app=system |
"{ED57C14E-81DB-4DA1-A88D-4B9005C06D99}" = lport=137 | protocol=17 | dir=in | app=system |
"{F7958455-71FB-4A5C-9038-9155C3DD8160}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FB022114-CE0E-4E20-96E1-AE7BDCC15034}" = rport=138 | protocol=17 | dir=out | app=system |
"{FF1E384C-9ABD-476E-8284-67292E5DE063}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{092BA582-EA58-4C7A-B853-AD15EBF042FB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{0C8EFB45-A907-48AF-BF1F-A2C4BC51E26C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0E4613CF-1CF1-43A7-A63D-F943ECD7E2D3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0EBD8C13-81D0-4CE6-B970-010A8840E445}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{129EEA9D-42E2-4810-A082-654F54FB0A1A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{13245654-1D95-4AE2-88A5-4F827791790A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19FE5D66-9157-4D65-978C-364CA137B955}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B79B90B-C611-4CAA-AEC2-898F1B37F357}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{1DD84D6B-ED44-4C03-B847-C21CE2600956}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2619AEED-4C88-4FC2-9E80-1344D4701F42}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{28E1D0BB-B32D-4A74-A7BE-611B7B98C15C}" = dir=in | app=c:\program files\hp\hp photosmart 6510 series\bin\hpnetworkcommunicator.exe |
"{2E86216F-C13D-4220-AEBA-AAA6BAAA8C8E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3165C61B-C49A-4DF1-A7D0-0EE6F2730ABB}" = protocol=6 | dir=in | app=c:\program files (x86)\v cast music with rhapsody\rhapsody.exe |
"{321827FB-AD5D-46F9-AE44-D5C83DB594E0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4862371D-FC0A-46AF-B44D-0F4198120747}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4E1472A8-052D-47BC-9D07-4F479216B76B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4F730D70-C9D1-416D-8552-3B3FF38F6E7E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{58BD3254-7758-4181-A4C4-71A4B6EB80AB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5A2E6B31-246C-4445-A2E1-95B9E4536F0B}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{5DA9A5DD-7A11-4B78-A1AE-8E6B9A0188A1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{606339D1-3C42-4757-A9CA-06F7D200F777}" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{65C31F02-32CC-4ED2-B813-630764A89EE9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{672B69EE-C11C-43E9-9978-09E906D55D26}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6734912B-716D-4551-AE59-DBA1F0842FF0}" = protocol=17 | dir=in | app=c:\program files (x86)\v cast music with rhapsody\rhapsody.exe |
"{6A0FA40F-77E6-4B3F-A163-90F8A12952F9}" = protocol=6 | dir=out | app=system |
"{6F683046-6A90-41C6-BA08-A6E13D04AE83}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{71FA67F8-7315-4EAC-992D-4B6685E828A6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{75E7E900-ED6A-40AC-9757-CD4D0898A30D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7792F105-C9C6-42A5-A907-5DEF5FDA8B56}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{837E1C96-9AAF-480D-92EB-EB64685D412F}" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{853B78E2-A086-495A-949B-3556C0E02229}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{96F654FE-D038-4F8F-9E11-8B5F39AB0375}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ADDA5C97-3653-4A0E-AA5C-8CB9A9AEC536}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BD07B93C-DB1F-4E8B-9F1F-4F8CAF14ABBB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{BF4FCF28-A9DA-4DB3-BBF4-2ECE7B4A2780}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{BFAEE315-5B00-45CE-B253-22EDDA65FE0C}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{C95A6FC2-0D5D-4ADE-B127-63F5C1B87886}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5D92C5D-1C76-41EA-9294-1D3BAAD491DB}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D9A990EB-B071-4B58-B07A-FE9343729688}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DBF60E3E-311E-4008-B0B1-31F7914DD3DA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E4891250-3DD4-4B9A-A785-D351F6291410}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EB239173-EC4B-4AD3-BD02-19865FF95264}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{EC2772B1-AB01-43D3-A383-F640DC7B5C50}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EE1A2D2B-8F84-4A7F-8B25-ACC117437E75}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F66AB27D-E5C4-4B54-B6F2-058F1C83DF09}" = dir=in | app=c:\program files\hp\hp photosmart 6510 series\bin\devicesetup.exe |
"TCP Query User{2E8FDB1C-AE66-49DF-B17B-82986B424465}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{BFB858F9-7421-48C8-861C-F8DD125CBAC8}C:\users\jennifer\documents\nicks stuff\bfheroes.exe" = protocol=6 | dir=in | app=c:\users\jennifer\documents\nicks stuff\bfheroes.exe |
"UDP Query User{2B038994-4190-46E9-8BE7-F44FC85D4707}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{2D591E8F-C107-4EB4-8827-C0B526F8DAB4}C:\users\jennifer\documents\nicks stuff\bfheroes.exe" = protocol=17 | dir=in | app=c:\users\jennifer\documents\nicks stuff\bfheroes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool
"{08BCFE15-8AA1-4A58-B018-4FEF486BA922}" = Autodesk Inventor Fusion for Inventor 2013 Add-in
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{266597A9-1764-0000-0100-DCBF2B69166B}" = Autodesk Vault Basic 2013 (Client) English Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-B028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2013
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624880EA-7610-47B6-B4A6-40DD83DB1AB4}" = McAfee Anti-Theft
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{792A9A32-718A-40D1-9867-A903F76AE2F8}" = Eco Materials Adviser for Autodesk Inventor 2013
"{7EC37923-61DD-4C31-A602-8A9F0C5CF2A1}" = HP Photosmart 6510 series Product Improvement Study
"{7F4DD591-1764-0001-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2013
"{7F4DD591-1764-0001-1033-7107D70F3DB4}" = Autodesk Inventor Professional 2013 English Language Pack
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.12.02
"{89BDAE1A-7B8E-4A0E-A169-02F7F366451D}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B46DECD1-1764-4EF1-0000-22D71E81877C}" = Autodesk Inventor Content Center Libraries 2013 (Desktop Content)
"{CF526A26-1764-0000-0000-02E95019B628}" = Autodesk Vault Basic 2013 (Client)
"{D25FF5C1-1764-469A-9794-69309387C193}" = Autodesk Inventor 2013 Quick Uninstaller
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{E6B7BD80-A921-4C72-A68B-44A9EB438BE4}" = Microsoft IntelliType Pro 7.1
"{EB0D4D8B-A604-42D3-84D8-CCAFA75F753E}" = HP Photosmart 6510 series Basic Device Software
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FFF5619F-2013-0064-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013
"Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013
"Autodesk Inventor Professional 2013" = Autodesk Inventor Professional 2013 English
"CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
"DWG TrueView 2013" = DWG TrueView 2013
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PC Optimizer Pro" = PC Optimizer Pro

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F052922-4BCE-4763-A540-00857554336D}" = Redist
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{144A1586-E16C-448D-910D-E12ACD65DD98}" = Keyboard Lock Status
"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{177586E7-E42E-4F38-83D1-D15B4AF5B714}" = Delta Chrome Toolbar
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11
"{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3002C8EB-2A7E-419B-B77F-5AD7E9F54A5A}" = Strongvault Online Backup
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{351DE0AB-7787-4497-9A7A-4AA9E3A4E290}" = Dell Communications (Support Software)
"{3F1C9552-58E0-4AAC-A616-AE3A28720EC6}" = GimpShop 2.8
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5E33D30D-D896-4D92-B033-5F45819B2937}" = Strongvault Online Backup
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}" = HP Photosmart 6510 series Help
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{BA8B8ADA-084F-4F79-A0CA-6E58A0808794}" = FlashPlayer
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FC274982-5AAD-4C20-848D-4424A5043009}_is1" = WinUtilities 9.36 Professinal Edition
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"addlyrics@addlyrics.net" = AddLyrics
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 2.0.3
"Autodesk Design Review 2013" = Autodesk Design Review 2013
"Autodesk Vault Basic 2013 (Client)" = Autodesk Vault Basic 2013 (Client)
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.5
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Contour Storyteller 3.4.2" = Contour Storyteller
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"couponamazing" = couponamazing
"Deal Vault" = Deal Vault
"DealPly" = DealPly
"DefaultTab" = DefaultTab
"Dell Game Console" = WildTangent ORB Game Console
"delta" = Delta toolbar
"Flash Player Pro_is1" = Flash Player Pro V5.4
"funmoods" = Funmoods
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"HP Photo Creations" = HP Photo Creations
"InfoAtoms" = InfoAtoms
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Manga Studio Debut 4.0" = Manga Studio Debut 4.0
"McAfee Security Scan" = McAfee Security Scan Plus
"MixiDJ Toolbar" = MixiDJ Toolbar
"Mozilla Firefox 10.0.1 (x86 en-US)" = Mozilla Firefox 10.0.1 (x86 en-US)
"MSC" = McAfee AntiVirus Plus
"Optimizer Pro_is1" = Optimizer Pro v3.0
"PasswordBox" = PasswordBox
"PunkBusterSvc" = PunkBuster Services
"SelectRebatesUninstall" = ShopAtHome SelectRebates
"Settings Alerter" = Settings Alerter
"TI-83 Plus Flash Debugger" = TI-83 Plus Flash Debugger
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"Verizon Media Manager" = Verizon Media Manager
"Wajam" = Wajam
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"309a46b1dc89b774" = Dell Driver Download Manager
"f031ef6ac137efc5" = Dell Driver Download Manager - 1
"Facebook Plug-In" = Facebook Plug-In
"genieo" = Genieo
"Hoolapp For Android" = Hoolapp For Android
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/21/2013 10:39:47 PM | Computer Name = Jennifer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2652

Error - 1/21/2013 10:39:48 PM | Computer Name = Jennifer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/21/2013 10:39:48 PM | Computer Name = Jennifer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3666

Error - 1/21/2013 10:39:48 PM | Computer Name = Jennifer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3666

Error - 1/21/2013 10:39:49 PM | Computer Name = Jennifer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/21/2013 10:39:49 PM | Computer Name = Jennifer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4695

Error - 1/21/2013 10:39:49 PM | Computer Name = Jennifer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4695

Error - 1/22/2013 4:52:17 PM | Computer Name = Jennifer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/22/2013 4:52:17 PM | Computer Name = Jennifer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1716

Error - 1/22/2013 4:52:17 PM | Computer Name = Jennifer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1716

[ Dell Events ]
Error - 8/1/2011 8:15:13 PM | Computer Name = Jennifer-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/11/2011 5:29:37 PM | Computer Name = Jennifer-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/11/2011 5:29:37 PM | Computer Name = Jennifer-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/19/2011 1:21:08 PM | Computer Name = Jennifer-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/19/2011 1:21:09 PM | Computer Name = Jennifer-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/26/2011 4:43:58 PM | Computer Name = Jennifer-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/26/2011 4:43:58 PM | Computer Name = Jennifer-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/3/2011 7:39:00 PM | Computer Name = Jennifer-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/3/2011 7:39:00 PM | Computer Name = Jennifer-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/10/2011 8:45:14 PM | Computer Name = Jennifer-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 5/19/2012 3:35:45 AM | Computer Name = Jennifer-PC | Source = MCUpdate | ID = 0
Description = 3:35:43 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/19/2012 4:36:07 AM | Computer Name = Jennifer-PC | Source = MCUpdate | ID = 0
Description = 4:36:04 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/19/2012 1:04:36 PM | Computer Name = Jennifer-PC | Source = MCUpdate | ID = 0
Description = 1:04:36 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/20/2012 1:25:49 AM | Computer Name = Jennifer-PC | Source = MCUpdate | ID = 0
Description = 1:25:47 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/20/2012 1:34:44 PM | Computer Name = Jennifer-PC | Source = MCUpdate | ID = 0
Description = 1:34:44 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/21/2012 1:11:09 AM | Computer Name = Jennifer-PC | Source = MCUpdate | ID = 0
Description = 1:11:07 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/21/2012 2:26:47 PM | Computer Name = Jennifer-PC | Source = MCUpdate | ID = 0
Description = 2:26:44 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/22/2012 6:10:22 AM | Computer Name = Jennifer-PC | Source = MCUpdate | ID = 0
Description = 6:10:12 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/22/2012 2:21:58 PM | Computer Name = Jennifer-PC | Source = MCUpdate | ID = 0
Description = 2:21:57 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/23/2012 6:14:49 AM | Computer Name = Jennifer-PC | Source = MCUpdate | ID = 0
Description = 6:14:49 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

[ System Events ]
Error - 2/20/2013 6:10:49 PM | Computer Name = Jennifer-PC | Source = DCOM | ID = 10005
Description =

Error - 2/20/2013 6:13:38 PM | Computer Name = Jennifer-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/20/2013 6:13:38 PM | Computer Name = Jennifer-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/20/2013 6:13:38 PM | Computer Name = Jennifer-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/20/2013 6:15:44 PM | Computer Name = Jennifer-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/20/2013 6:15:44 PM | Computer Name = Jennifer-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/20/2013 6:15:44 PM | Computer Name = Jennifer-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/20/2013 6:20:44 PM | Computer Name = Jennifer-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/20/2013 6:20:44 PM | Computer Name = Jennifer-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 2/20/2013 6:20:44 PM | Computer Name = Jennifer-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >
drjpaulwede
Regular Member
 
Posts: 37
Joined: February 17th, 2013, 8:30 pm

Re: startup problems

Unread postby pgmigg » February 21st, 2013, 2:12 am

Hello drjpaulwede,
I attempted to delete the GimpShop program by your instructions, but I got an error message stating that the windows uninstaller service could not be accessed. Therefore, I was not able to delete that program.
Please don't worry about it for now... There are another issues which should be processed first.

Step 1.
WARNING: There are Serious Issues with PunkBuster

I noticed you have PunkBuster installed... read the "Published features" section.

Your computer has installed gaming tools.
Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware. The PunkBuster can take control over various aspects of your computer and some gaming tools not unlike PunkBuster, also hinder their removals. They are sometimes designed to prevent orderly removal or modification, and they have only very limited respect for retaining the overall security and integrity of your machine.

These programs are changed/updated often, and it is not possible to predict what effects they actually have on the Operating System.
It is not a certainty that your computer can be cleaned without breaking or removing some of these programs, and this could result in not being able to play the associated games, or corruption of your system.

If you want to continue using the machine in this way, you should consider using imaging software like Norton Ghost or Acronis TrueImage, or Terabyte Image, which can put your entire C: drive back into an earlier state whenever the infections or malfunctions get too severe.

If you really want to clean this machine, I will help, but if you so choose, understand there is NO assurance that the Punkbuster games or your PC system will be trouble-free afterwards.

By the definition we use, PunkBuster is actual spyware. Therefore, I'm asking you to choose one of the following options:
  1. We "try" to leave PunkBuster alone... however, there is no guarantee a spyware component doesn't "inadvertently" get taken out... so PunkBuster might fail. This will also prevent you from playing games using PunkBuster enabled servers.
  2. We can just remove PunkBuster. You can reinstall it afterwards if you wish, but please keep in mind that we do consider it spyware.
  3. We can not clean this computer at all. This ensures PunkBuster will continue to function.
If you choose to remove PunkBuster, please perform the uninstall steps below. Otherwise, let me know what other option you chose.

You should read this entire thread, as just one example of what is going on, then let me know what you want to do.

Uninstall PunkBuster and some other stuff
Remove Program(s) by Revo Uninstaller
Uninstall programs and remove remnants left from previous uninstalls.
Tutorial with screen shots available here, if needed.

Please download Revo Uninstaller Pro and save it to your desktop.
(This version is a fully functional, 30 day free trial)

  1. Right-click on RevoUninProSetup.exe, and select "Run As Administrator..." to install. If UAC prompts, allow it.
  2. Double click Revo Uninstaller from the Start Menu programs list, to run it.
  3. From the list of programs click on (one at a time if more than one program is listed):
    Ask Toolbar
    Ask Toolbar Updater
    Battlefield Heroes
    couponamazing
    Coupon Printer for Windows
    Deal Vault
    Funmoods
    Java 7 Update 11
    Java Auto Updater
    Java(TM) 6 Update 14 (64-bit)
    Java(TM) 6 Update 29
    PunkBuster Services
    Yontoo 1.12.02
  4. Chose "Uninstall". When prompted click Yes.
  5. Make sure the Moderate option is checked... then click Next.
  6. The program will run, when prompted... click Yes... then Next.
  7. Once the program has searched for leftovers click Next.
  8. Check ONLY the bolded items on the list then... click Next... then Yes.
  9. When done click Finish.
    The problem program entries should now be gone. Please repeat for any other programs I listed in the instructions.

Step 2.
Please download PBSVC Setup Program. Save it to your desktop.
  1. right-click on pbsvc.exe, then select "Run As Administrator". If UAC prompts, please allow it.
  2. Then click Uninstall.
    Once that's finished...
  3. Click Start > Run and copy and paste the following into the open text box:
    Code: Select all
    cmd /c for %i in (A B K) do sc delete PnkBstr%i
  4. Click OK. A black box will flash very briefly, this is normal.

Step 3.
Show Hidden and System files
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value, in the open text entry box:
    change search options for files and folders
    then press Enter button
  5. Click on the View tab, then under the "Hidden files and folders" section please
    • SELECT "Show hidden files and folders"
  6. Find below and
    • remove check mark from check box "Hide extensions for known file types"
    • remove check mark from check box "Hide protected operating system files"
  7. Press the Apply, then the OK buttons.

Then please locate the file: PnkBstrK.sys... if found delete it. Reboot you computer.

Let me know if you performed these steps successfully.

Step 4.
Image Junkware Removal Tool
  1. Please download Junkware Removal Tool and save JRT.exe to your Desktop.
  2. Shut down your protection software as shown in This topic now to avoid potential conflicts.
  3. Right click on JRT.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  4. Please be patient as this can take a while to complete depending on your system's specifications.
  5. On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  6. Please post the contents of JRT.txt into your next reply.

Step 5.
SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries into SystemLook's main text entry window:
    Code: Select all
    :filefind
    *alotappbar*
    *Bandoo*
    *Blekko*
    *Conduit*
    *Fun4IM*
    *Funmoods*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *IObit*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *Yontoo*
    
    :folderfind
    *alotappbar*
    *Bandoo*
    *Blekko*
    *Conduit*
    *Fun4IM*
    *Funmoods*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *IObit*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *Yontoo*
    
    :Regfind
    alotappbar
    Bandoo
    Blekko
    Conduit
    Fun4IM
    Funmoods
    Searchnu
    Searchqu
    iLivid
    IObit
    whitesmoke
    datamngr
    trolltech
    Yontoo
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Your decision about Punk Buster and related stuff.
  3. Contents of JRT.txt log file
  4. Contents of the SystemLook.txt log file
  5. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: startup problems

Unread postby drjpaulwede » February 23rd, 2013, 12:25 pm

1. No problems with instructions.
2. I deleted PB.
3. No change in computer performance.
Logs:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Home Premium x64
Ran by Jennifer on Sat 02/23/2013 at 11:04:09.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] defaulttabsearch
Successfully deleted: [Service] defaulttabsearch
Successfully stopped: [Service] defaulttabupdate
Successfully deleted: [Service] defaulttabupdate
Successfully stopped: [Service] wajamupdater
Successfully deleted: [Service] wajamupdater



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\datamngr
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\messenger
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\optimizer pro
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\smessaging
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{82e1477c-b154-48d3-9891-33d83c26bcd3}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{98279c38-de4b-4bcf-93c9-8ec26069d6f4}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{98279c38-de4b-4bcf-93c9-8ec26069d6f4}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2335382365-1412915923-843921817-1001\software\microsoft\internet explorer\main\\Start Page
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{00000000-6e41-4fd3-8538-502f5495e5fc}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\cr_installer
Successfully deleted: [Registry Key] hkey_current_user\software\datamngr
Successfully deleted: [Registry Key] hkey_local_machine\software\datamngr
Successfully deleted: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\default tab
Successfully deleted: [Registry Key] hkey_local_machine\software\default tab
Successfully deleted: [Registry Key] hkey_current_user\software\defaulttab
Successfully deleted: [Registry Key] hkey_local_machine\software\defaulttab
Successfully deleted: [Registry Key] hkey_current_user\software\optimizer pro
Successfully deleted: [Registry Key] hkey_current_user\software\wajam
Successfully deleted: [Registry Key] hkey_local_machine\software\wajam
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\defaulttab
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\browserconnection.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\browserconnection.loader
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\browserconnection.loader.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ilividiehelper.dnsguard
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ilividiehelper.dnsguard.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajambho
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajambho.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajamdownloader
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajamdownloader.1
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3272718
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{103089da-0f31-4a8b-843f-7d24a7fe8345}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{103089da-0f31-4a8b-843f-7d24a7fe8345}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{7f6afbf1-e065-4627-a2fd-810366367d01}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{7f6afbf1-e065-4627-a2fd-810366367d01}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{98279c38-de4b-4bcf-93c9-8ec26069d6f4}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a7a6995d-6ee1-4fd1-a258-49395d5bf99c}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{a7a6995d-6ee1-4fd1-a258-49395d5bf99c}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{c1af5fa5-852c-4c90-812e-a7f75e011d87}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{c1af5fa5-852c-4c90-812e-a7f75e011d87}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e8daaa30-6caa-4b58-9603-8e54238219e2}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{e8daaa30-6caa-4b58-9603-8e54238219e2}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{f2d6c718-7e52-428e-8852-365c4b1a6e36}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{f2d6c718-7e52-428e-8852-365c4b1a6e36}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\pc optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Jennifer\AppData\Roaming\alot"
Successfully deleted: [Folder] "C:\Users\Jennifer\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Jennifer\AppData\Roaming\defaulttab"
Successfully deleted: [Folder] "C:\Users\Jennifer\AppData\Roaming\delta"
Successfully deleted: [Folder] "C:\Users\Jennifer\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Jennifer\AppData\Roaming\optimizer pro"
Successfully deleted: [Folder] "C:\Users\Jennifer\AppData\Roaming\strongvault"
Successfully deleted: [Folder] "C:\Users\Jennifer\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Jennifer\appdata\local\opencandy"
Successfully deleted: [Folder] "C:\Users\Jennifer\appdata\local\stronghold_llc"
Successfully deleted: [Folder] "C:\Users\Jennifer\appdata\local\strongvault"
Successfully deleted: [Folder] "C:\Users\Jennifer\appdata\local\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\Jennifer\appdata\local\wajam"
Successfully deleted: [Folder] "C:\Users\Jennifer\appdata\locallow\alot"
Successfully deleted: [Folder] "C:\Users\Jennifer\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Jennifer\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Jennifer\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\defaulttab"
Successfully deleted: [Folder] "C:\Program Files (x86)\delta"
Successfully deleted: [Folder] "C:\Program Files (x86)\infoatoms"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Folder] "C:\Program Files (x86)\selectrebates"
Successfully deleted: [Folder] "C:\Program Files (x86)\strongvault online backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\wajam"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\strongvault online backup"
Successfully deleted: [Folder] "C:\Users\Jennifer\AppData\Roaming\microsoft\windows\start menu\programs\wajam"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\websearch.xml"
Successfully deleted: [File] C:\Users\Jennifer\AppData\Roaming\mozilla\firefox\profiles\8tymx2h3.default\user.js
Successfully deleted: [File] C:\Users\Jennifer\AppData\Roaming\mozilla\firefox\profiles\8tymx2h3.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
Successfully deleted: [File] C:\Users\Jennifer\AppData\Roaming\mozilla\firefox\profiles\8tymx2h3.default\extensions\addon@defaulttab.com.xpi
Successfully deleted: [File] C:\Users\Jennifer\AppData\Roaming\mozilla\firefox\profiles\8tymx2h3.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Users\Jennifer\AppData\Roaming\mozilla\firefox\profiles\8tymx2h3.default\searchplugins\conduit.xml
Successfully deleted: [File] C:\Users\Jennifer\AppData\Roaming\mozilla\firefox\profiles\8tymx2h3.default\searchplugins\delta.xml
Successfully deleted: [File] C:\Users\Jennifer\AppData\Roaming\mozilla\firefox\profiles\8tymx2h3.default\searchplugins\search-here.xml
Successfully deleted: [File] C:\Users\Jennifer\AppData\Roaming\mozilla\firefox\profiles\8tymx2h3.default\searchplugins\websearch.xml
Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\infoatoms@infoatoms.com"
Failed to delete: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}"
Successfully deleted: [Folder] C:\Users\Jennifer\AppData\Roaming\mozilla\firefox\profiles\8tymx2h3.default\smartbar
Successfully deleted: [Folder] C:\Users\Jennifer\AppData\Roaming\mozilla\firefox\profiles\8tymx2h3.default\extensions\ffxtlbr@delta.com
Failed to delete: [Folder] C:\Users\Jennifer\AppData\Roaming\mozilla\firefox\profiles\8tymx2h3.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\infoatoms@infoatoms.com
Successfully deleted the following from C:\Users\Jennifer\AppData\Roaming\mozilla\firefox\profiles\8tymx2h3.default\prefs.js

user_pref("CT3272718.1000082.isPlayDisplay", "true");
user_pref("CT3272718.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.
user_pref("CT3272718.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3272718.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3272718.FirstTime", "true");
user_pref("CT3272718.FirstTimeFF3", "true");
user_pref("CT3272718.LoginRevertSettingsEnabled", true);
user_pref("CT3272718.PG_ENABLE", "dHJ1ZQ==");
user_pref("CT3272718.RevertSettingsEnabled", true);
user_pref("CT3272718.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272718&SearchSource=2&CUI=UN61842949716620837&q=");
user_pref("CT3272718.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL2NhcDEuY29uZHVpdC1hcHBzLmNvbS9BcHBzL1RvcEhpdHNMeXJpY3MvY29uZmlncy9VUy1HQi1ERS1FUy1JVC9zcHJpdGUuc
user_pref("CT3272718.UserID", "UN61842949716620837");
user_pref("CT3272718.YTbyClickFavorites.enc", "W10=");
user_pref("CT3272718.YTbyClickRecent.enc", "W10=");
user_pref("CT3272718.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT3272718.autoDisableScopes", 0);
user_pref("CT3272718.browser.search.defaultthis.engineName", "true");
user_pref("CT3272718.cbfirsttime.enc", "TW9uIEZlYiAxOCAyMDEzIDEzOjE3OjA0IEdNVC0wNTAwIChFYXN0ZXJuIFN0YW5kYXJkIFRpbWUp");
user_pref("CT3272718.defaultSearch", "true");
user_pref("CT3272718.embeddedsData", "[{\"appId\":\"130004885110157816\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT3272718.enableAlerts", "always");
user_pref("CT3272718.enableFix404ByUser", "FALSE");
user_pref("CT3272718.enableSearchFromAddressBar", "true");
user_pref("CT3272718.firstTimeDialogOpened", "true");
user_pref("CT3272718.fixPageNotFoundError", "true");
user_pref("CT3272718.fixPageNotFoundErrorByUser", "true");
user_pref("CT3272718.fixPageNotFoundErrorInHidden", "true");
user_pref("CT3272718.fixUrls", true);
user_pref("CT3272718.installDate", "8/2/2013 14:37:54");
user_pref("CT3272718.installId", "aaa_cid119");
user_pref("CT3272718.installType", "conduitnsisintegration");
user_pref("CT3272718.isCheckedStartAsHidden", true);
user_pref("CT3272718.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3272718.isFirstTimeToolbarLoading", "false");
user_pref("CT3272718.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3272718.keyword", "true");
user_pref("CT3272718.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3272718&octid=CT3272718&SearchSource=15&CUI=UN618429497166208
user_pref("CT3272718.lastVersion", "10.14.42.7");
user_pref("CT3272718.mam_gk_CouponBuddy_appState.enc", "b24=");
user_pref("CT3272718.mam_gk_PriceGong_appState.enc", "b24=");
user_pref("CT3272718.mam_gk_appStateReportTime.enc", "MTM2MTIxMTQyNDM5NQ==");
user_pref("CT3272718.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnN
user_pref("CT3272718.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");
user_pref("CT3272718.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6IjQzZmVjMDg1LWNkMzktNGQyZi05MDZhLTAyNTdkZj
user_pref("CT3272718.mam_gk_currentVersion.enc", "MS40LjAuNA==");
user_pref("CT3272718.mam_gk_eventsCache.enc", "eyJiMGEyNmMwMi1jNDUwLTRjMDctYmYwYi03NmE2MDIyOTk2MjciOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjpbIldlbGNvbWUiLCJWaWV3Il0sInVuaXF1ZUlk
user_pref("CT3272718.mam_gk_first_time.enc", "MQ==");
user_pref("CT3272718.mam_gk_gadgetOpen.enc", "MA==");
user_pref("CT3272718.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
user_pref("CT3272718.mam_gk_lastLoginTime.enc", "MTM2MTIxMTQxMDQzNA==");
user_pref("CT3272718.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHM
user_pref("CT3272718.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
user_pref("CT3272718.mam_gk_settings1.4.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmll
user_pref("CT3272718.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
user_pref("CT3272718.mam_gk_showWelcomeGadget.enc", "dHJ1ZQ==");
user_pref("CT3272718.mam_gk_userId.enc", "ZDIwZjhkMTgtZGRlNi00YjRlLWIyZTktZWZhYzVkMjg1MGFi");
user_pref("CT3272718.mam_gk_user_apps_selection.enc", "");
user_pref("CT3272718.migrateAppsAndComponents", true);
user_pref("CT3272718.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"I am having frequent system crashes, followed by a restart to a blank screen, followed by a manual reboot t
user_pref("CT3272718.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3272718.openThankYouPage", "false");
user_pref("CT3272718.openUninstallPage", "true");
user_pref("CT3272718.price-gong.isManagedApp", "true");
user_pref("CT3272718.revertSettingsEnabled", "false");
user_pref("CT3272718.search.searchAppId", "130004885110157816");
user_pref("CT3272718.search.searchCount", "0");
user_pref("CT3272718.searchInNewTabEnabledByUser", "true");
user_pref("CT3272718.searchInNewTabEnabledInHidden", "true");
user_pref("CT3272718.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3272718.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3272718.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT3272718.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3272718\"}");
user_pref("CT3272718.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://MixiDJToolbar.OurToolbar.com//xpi\"}");
user_pref("CT3272718.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"MixiDJ\"}");
user_pref("CT3272718.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3272718.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1361211568017");
user_pref("CT3272718.serviceLayer_services_appsMetadata_lastUpdate", "1361211567807");
user_pref("CT3272718.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1361211568030");
user_pref("CT3272718.serviceLayer_services_login_10.14.42.7_lastUpdate", "1361225967628");
user_pref("CT3272718.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1361211568129");
user_pref("CT3272718.serviceLayer_services_searchAPI_lastUpdate", "1361145663058");
user_pref("CT3272718.serviceLayer_services_serviceMap_lastUpdate", "1361145661314");
user_pref("CT3272718.serviceLayer_services_toolbarContextMenu_lastUpdate", "1361211567819");
user_pref("CT3272718.serviceLayer_services_toolbarSettings_lastUpdate", "1361225968473");
user_pref("CT3272718.serviceLayer_services_translation_lastUpdate", "1361211567901");
user_pref("CT3272718.settingsINI", true);
user_pref("CT3272718.shouldFirstTimeDialog", "false");
user_pref("CT3272718.smartbar.CTID", "CT3272718");
user_pref("CT3272718.smartbar.Uninstall", "0");
user_pref("CT3272718.smartbar.homepage", "true");
user_pref("CT3272718.smartbar.toolbarName", "MixiDJ ");
user_pref("CT3272718.startPage", "true");
user_pref("CT3272718.toolbarBornServerTime", "18-2-2013");
user_pref("CT3272718.toolbarCurrentServerTime", "19-2-2013");
user_pref("CT3272718.url_history0001.enc", "aHR0cDovL3VzLW1nNS5tYWlsLnlhaG9vLmNvbS9taW50eS9wYWdlL3NlbmQtY29uZmlybTo6OmNsaWNraGFuZGxlcjo6OjEzNjEyMTE1ODA1MDgsLCxodHRwOi8vd3d3Lm1
user_pref("CT3272718_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1361211394443,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3272718&SearchSource=13&CUI=UN61842949716620837");
user_pref("Smartbar.ConduitSearchEngineList", "MixiDJ Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272718&SearchSource=2&CUI=UN61842949716620837&q=");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://isearch.fantastigames.com/web?src=ffb&gct=ds&appid=100&systemid=439&q=");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3272718");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Web Search");
user_pref("browser.search.defaultthis.engineName", "MixiDJ Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272718&SearchSource=3&q={searchTerms}&CUI=UN61842949716620837");
user_pref("browser.search.order.1", "Web Search");
user_pref("browser.search.selectedEngine", "MixiDJ Customized Web Search");
user_pref("browser.startup.homepage", "hxxp://isearch.fantastigames.com/439");
user_pref("ct3272718.UserID", "UN61842949716620837");
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119351&tt=030213_de&babsrc=NT_ss&mntrId=badca421000000000000002564059662");
user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.yahoo.com/search?fr=mcafee&p=");
user_pref("extensions.crossrider.bic", "13cea9a79d1547235bc292c0a745604e");
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.bbDpng", "18");
user_pref("extensions.delta.cntry", "US");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.hdrMd5", "EAC4FD5D4ACD79A60F2F5863E6B194F7");
user_pref("extensions.delta.id", "badca421000000000000002564059662");
user_pref("extensions.delta.instlDay", "15741");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.lastVrsnTs", "1.8.10.017:01:32");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.sg", "azb");
user_pref("extensions.delta.smplGrp", "azb");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.10.0");
user_pref("extensions.delta.vrsnTs", "1.8.10.017:01:32");
user_pref("extensions.delta.vrsni", "1.8.10.0");
user_pref("extensions.wajam.affiliate_id", "6447");
user_pref("extensions.wajam.firstrun", "false");
user_pref("extensions.wajam.log_send_info", "false");
user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21084\",\"supported_sites\":{\"google\":{\"patterns\":[\"^hxxp\\\\:\\/\\/www\\\\.google\\\\..{2,3}(|\\\\\
user_pref("extensions.wajam.no_trace", "false");
user_pref("extensions.wajam.server_current_mapping_version", "0.21084");
user_pref("extensions.wajam.trace_log", "1361145654250 - processInstallationUpgrade - version set to : 1.26\n1361145654250 - processBrowserLoad - Bad mappingListJsonString: nu
user_pref("extensions.wajam.unique_id", "BF7CE56E7CEAD673D5D1374FE3E7E2F9");
user_pref("extensions.wajam.user_current_mapping_version", "0");
user_pref("extensions.wajam.version", "1.26");
user_pref("keyword.URL", "hxxp://isearch.fantastigames.com/web?src=ffb&gct=ds&appid=100&systemid=439&q=");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3272718&SearchSource=13&CUI=UN61842949716620837");
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272718&SearchSource=2&CUI=UN61842949716620837&q=");
user_pref("smartbar.originalHomepage", "hxxp://www.delta-search.com/?affID=119351&tt=030213_de&babsrc=HP_ss&mntrId=badca421000000000000002564059662");
user_pref("smartbar.originalSearchAddressUrl", "hxxp://isearch.fantastigames.com/web?src=ffb&gct=ds&appid=100&systemid=439&q=");
user_pref("smartbar.originalSearchEngine", "Delta Search");
Emptied folder: C:\Users\Jennifer\AppData\Roaming\mozilla\firefox\profiles\8tymx2h3.default\minidumps [8 files]



~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\kdidombaedgpfiiedeimiebkmbilgmlc



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/23/2013 at 11:10:25.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drjpaulwede
Regular Member
 
Posts: 37
Joined: February 17th, 2013, 8:30 pm

Re: startup problems

Unread postby drjpaulwede » February 23rd, 2013, 12:55 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 11:23 on 23/02/2013 by Jennifer
Administrator - Elevation successful

========== filefind ==========

Searching for "*alotappbar*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Blekko*"
No files found.

Searching for "*Conduit*"
C:\Autodesk\Autodesk_Inventor_2013_English_Win_32bit\x86\en-US\Inventor\Program Files\Autodesk\Inventor 2013\Design Data\BIM Exchange\Support\en-US\ConduitConnector.xml --a---- 2124 bytes [19:47 18/04/2012] [05:07 26/06/2008] DA925AA82FA286F270004E5E9B5BC523
C:\Autodesk\Autodesk_Inventor_2013_English_Win_64bit\x64\en-US\Inventor\Program Files\Autodesk\Inventor 2013\Design Data\BIM Exchange\Support\en-US\ConduitConnector.xml --a---- 2124 bytes [21:00 18/04/2012] [05:07 26/06/2008] DA925AA82FA286F270004E5E9B5BC523
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206160 bytes [03:32 10/08/2012] [03:32 10/08/2012] 309B2B1B22EE841E49F62C7A6FB55E46
C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage --a---- 4096 bytes [19:41 08/02/2013] [19:41 08/02/2013] F8521287F4838F61B9AE5DBAADFB7532
C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal --a---- 3608 bytes [19:41 08/02/2013] [19:41 08/02/2013] B3E60BE963795FED6AD8070295C4A35C
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VXKBGYM\Conduit.Search[2].htm --a---- 221 bytes [02:43 23/02/2013] [02:43 23/02/2013] 4BD91C3CD57C5D3528F6F891AC82D278
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VXKBGYM\Conduit[1].htm --a---- 1276 bytes [22:34 19/02/2013] [22:34 19/02/2013] 490B5167843DC7E797A798DDDBDC48F4
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VXKBGYM\Conduit[2].htm --a---- 1276 bytes [16:20 23/02/2013] [16:20 23/02/2013] 490B5167843DC7E797A798DDDBDC48F4
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GAGBVHQ0\Conduit.Search[1].htm --a---- 222 bytes [16:20 23/02/2013] [16:20 23/02/2013] 499BB6CEBFA6483D2608E94FF077F973
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GAGBVHQ0\Conduit[1].htm --a---- 1276 bytes [22:07 20/02/2013] [22:07 20/02/2013] 490B5167843DC7E797A798DDDBDC48F4
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GAGBVHQ0\Conduit[2].htm --a---- 1276 bytes [03:30 23/02/2013] [03:30 23/02/2013] 490B5167843DC7E797A798DDDBDC48F4
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GAGBVHQ0\search_conduit_com[1].htm --a---- 9268 bytes [16:05 23/02/2013] [16:05 23/02/2013] A19FE03E18DD368631A3A8783AF605DF
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHKX5U5Q\Conduit[1].htm --a---- 1276 bytes [21:42 20/02/2013] [21:42 20/02/2013] 490B5167843DC7E797A798DDDBDC48F4
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHKX5U5Q\Conduit[2].htm --a---- 1276 bytes [02:43 23/02/2013] [02:43 23/02/2013] 490B5167843DC7E797A798DDDBDC48F4
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHKX5U5Q\Conduit[3].htm --a---- 1276 bytes [02:45 23/02/2013] [02:45 23/02/2013] 490B5167843DC7E797A798DDDBDC48F4
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHKX5U5Q\Conduit[4].htm --a---- 1276 bytes [02:45 23/02/2013] [02:45 23/02/2013] 490B5167843DC7E797A798DDDBDC48F4
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHKX5U5Q\Conduit[5].htm --a---- 1276 bytes [15:53 23/02/2013] [15:53 23/02/2013] 490B5167843DC7E797A798DDDBDC48F4
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2UC1RVR\Conduit[1].htm --a---- 1276 bytes [02:40 23/02/2013] [02:40 23/02/2013] 490B5167843DC7E797A798DDDBDC48F4
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2UC1RVR\Conduit[2].htm --a---- 1276 bytes [02:43 23/02/2013] [02:43 23/02/2013] 490B5167843DC7E797A798DDDBDC48F4
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2UC1RVR\Conduit[3].htm --a---- 1276 bytes [02:45 23/02/2013] [02:45 23/02/2013] 490B5167843DC7E797A798DDDBDC48F4
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2UC1RVR\Conduit[4].htm --a---- 1276 bytes [16:05 23/02/2013] [16:05 23/02/2013] 490B5167843DC7E797A798DDDBDC48F4
C:\Users\Jennifer\AppData\Local\Temp\mconduitinstaller.exe --a---- 68528 bytes [07:06 03/02/2013] [07:06 03/02/2013] F1E16AB9120369E7D70D0C18F8453490
C:\Users\Jennifer\AppData\Local\Temp\ct3272718\conduit.xml --a---- 785 bytes [06:29 18/07/2012] [06:29 18/07/2012] 6ACD8B6E740CB1E9A9FA43F2087592C6
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\CT3272718\toolbarImages\http___storage_conduit_com_6_325_CT3255406_Images_634865922899792583.png --a---- 5893 bytes [00:01 18/02/2013] [00:01 18/02/2013] 5B1FBDF18731EB9B9C4A24AB567FE54A
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\CT3272718\toolbarImages\http___storage_conduit_com_images_ClientImages_radio.gif --a---- 419 bytes [00:01 18/02/2013] [00:01 18/02/2013] 01B83C91554738F6AFFB7895BBBA73FB
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\CT3272718\toolbarImages\http___storage_conduit_com_Images_ClientResources_mini_browser.gif --a---- 950 bytes [00:01 18/02/2013] [00:01 18/02/2013] EE3DCA0EABAE8D7DDEAC14E36B1142CD
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\CT3272718\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif --a---- 322 bytes [00:01 18/02/2013] [00:01 18/02/2013] 948781E4B6478290050ECA4423B89B1E
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\CT3272718\toolbarImages\http___storage_conduit_com_MarketPlace_1a_2dc_1af6a81c-86ff-4937-bd94-7bdb646af2dc_Appearance_634473642776763064.png --a---- 2059 bytes [00:01 18/02/2013] [00:01 18/02/2013] C3B432A941C21390B8733518922DE131
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\CT3272718\toolbarImages\http___storage_conduit_com_MarketPlace_71_92f_71422c68-106e-4efa-a402-2c5d0c3ab92f_Appearance_634374241008412502.png --a---- 873 bytes [00:01 18/02/2013] [00:01 18/02/2013] DB555F6A82F9D139A490B8CA6AA8FD71
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\CT3272718\toolbarImages\http___storage_conduit_com_MarketPlace_78_f1b_789d74ff-86a2-4fb9-9903-16e7b2641f1b_Appearance_634825030599553405.png --a---- 1462 bytes [00:01 18/02/2013] [00:01 18/02/2013] F87298585D68850952F0C3FE08C1C143
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\CT3272718\toolbarImages\http___storage_conduit_com_MarketPlace_93_ce3_93951332-f9a7-4af7-af02-17ec3d749ce3_Appearance_634159521796627506_24x24.png --a---- 1749 bytes [00:01 18/02/2013] [00:01 18/02/2013] 4E07765DAE6EF5004CC1821A6DA22B32
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\chrome\CT3272718\content\ConduitAbstractionLayer.js --a---- 33095 bytes [22:51 07/02/2013] [22:51 07/02/2013] D17BE3A04B2F8C90FD78EBA64B9421FA
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\chrome\CT3272718\content\ConduitAbstractionLayerBack.js --a---- 33030 bytes [22:51 07/02/2013] [22:51 07/02/2013] 192C74FC5051D5C4082E7C391E1D499A
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\chrome\CT3272718\content\ConduitAbstractionLayerFront.js --a---- 33030 bytes [22:51 07/02/2013] [22:51 07/02/2013] 192C74FC5051D5C4082E7C391E1D499A
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\chrome\CT3272718\content\tb\al\aboutBox\images\conduit-logo-OLD.png --a---- 1305 bytes [22:51 07/02/2013] [22:51 07/02/2013] 5F8EF9A0B050532B90B2645E9627E3F9
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\chrome\CT3272718\content\tb\al\aboutBox\images\conduit-logo.png --a---- 3926 bytes [22:51 07/02/2013] [22:51 07/02/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\lib\log4conduit.jsm --a---- 760 bytes [22:51 07/02/2013] [22:51 07/02/2013] 93898FE6A232C5FCD838D8168F65D802
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\Plugins\npConduitFirefoxPlugin.dll --a---- 105216 bytes [22:51 07/02/2013] [22:51 07/02/2013] C63FDA65FBCB47B1A2C88EBADF187138
C:\Users\Public\Documents\Autodesk\Inventor 2013\Design Data\BIM Exchange\Support\en-US\ConduitConnector.xml --a---- 2124 bytes [05:07 26/06/2008] [05:07 26/06/2008] DA925AA82FA286F270004E5E9B5BC523
C:\Windows\Temp\Temporary Internet Files\Content.IE5\HVZ9IIL4\conduit[1].js --a---- 4065 bytes [21:15 08/01/2010] [21:15 08/01/2010] 34245C1C3A1D62CD8DCBB784E45D18C7
C:\Windows\Temp\Temporary Internet Files\Content.IE5\UOMKFERE\rmInteractionTrackingConduit[1].js --a---- 9977 bytes [21:15 08/01/2010] [21:15 08/01/2010] 741B87635A04CB2A956B4802C2F296E2

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
C:\Users\Jennifer\AppData\Local\Temp\Funmoods.ruel --a---- 14574 bytes [02:45 23/02/2013] [02:45 23/02/2013] DCE1CAE7BB9236BA6D4831488F4568A7
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\funmoods.css --a---- 23137 bytes [17:42 07/02/2013] [17:42 07/02/2013] 0CA9B214CDBEB3B873401DEFF1531FA8
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\funmoods-icon.png --a---- 3950 bytes [22:14 02/08/2012] [22:14 02/08/2012] 07AA33A7DF29FA36F25A24434EC37C73
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\funmoods-img.png --a---- 72202 bytes [16:25 04/07/2012] [16:25 04/07/2012] 159C1A06E97EE79AE44DB9C8F729285F
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\funmoods-logo.png --a---- 6011 bytes [12:42 03/08/2012] [12:42 03/08/2012] AB0ECF0577C8E5EF2CFE6854A44A019F
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\funmoods-toolbar-2-gris.png --a---- 4145 bytes [21:53 04/12/2012] [21:53 04/12/2012] 3E30AC5738349CBD3F816A48422003B5
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\funmoods-toolbar-2.png --a---- 5957 bytes [21:53 04/12/2012] [21:53 04/12/2012] 1564E646C15B58A04FAE7F8642680542
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\funmoods-toolbar-big.png --a---- 8197 bytes [22:17 04/12/2012] [22:17 04/12/2012] 5DC9B98455E6431120DDEAD51AA3992F
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\funmoods-toolbar-gris.png --a---- 3961 bytes [16:14 05/11/2012] [16:14 05/11/2012] 3C7FE813BD04A5393FC5281D23A4EAD3
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\funmoods-toolbar.png --a---- 5650 bytes [16:14 05/11/2012] [16:14 05/11/2012] 3473E17B43BC704A9FACE6C564510971
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\OLDfunmoods-toolbar-gris.jpg --a---- 19581 bytes [12:46 03/10/2012] [12:46 03/10/2012] 01BBF88ECB279829E31277B7864AD16E
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\OLDfunmoods-toolbar.jpg --a---- 8266 bytes [21:06 24/09/2012] [21:06 24/09/2012] A2A37354B7844E16D504A25BD0F30275
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\temp\FunMoodsV2.2info.dfe --a---- 131276 bytes [19:34 08/02/2013] [14:57 09/02/2013] E38952C3BB87C3D0C11DBD5FAE526421
C:\Windows\System32\Tasks\Funmoods --a---- 3304 bytes [14:59 09/02/2013] [14:59 09/02/2013] 57F88BEF5853B133D5C934207196D667

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage --a---- 3072 bytes [02:20 06/02/2013] [02:20 06/02/2013] D47D8C3DF5DE3B1F45152D7DCB9E46B5
C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage-journal --a---- 3608 bytes [02:20 06/02/2013] [02:20 06/02/2013] 4330778D21D91F6277918B90853A1D0B

Searching for "*IObit*"
No files found.

Searching for "*whitesmoke*"
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHKX5U5Q\muted_whitesmoke_toolbar[1].jpg --a---- 81978 bytes [18:31 07/02/2013] [18:31 07/02/2013] 3CB7EDD696076A6339923CA7D902532D
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\whitesmoke.css --a---- 8189 bytes [23:25 31/01/2013] [23:25 31/01/2013] D73B23447CFEC7DD648AC9FEC319DA01
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\whitesmoke-img-gris.png --a---- 6104 bytes [15:53 16/10/2012] [15:53 16/10/2012] ECDA9D419EF846E066B16A51AC94AADE
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\whitesmoke-img.jpg --a---- 5405 bytes [14:10 17/08/2012] [14:10 17/08/2012] 24A87BBB91F103F38E3DD4136C2EC358
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\whitesmoke-img.png --a---- 5223 bytes [12:42 03/08/2012] [12:42 03/08/2012] 5F58552CF5DA329F3390D05C19B3A447
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\whitesmoke-img2.jpg --a---- 6885 bytes [13:47 01/08/2012] [13:47 01/08/2012] EFB7F860C1BC8F34C6A5E2BA0F6B36F8
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\whitesmoke-logo.png --a---- 4134 bytes [12:42 03/08/2012] [12:42 03/08/2012] F0704EA722C449E60FC41C0BA822FA79
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\whitesmoke-toolbar-new-gris.png --a---- 4080 bytes [16:46 30/01/2013] [16:46 30/01/2013] 19CE0ACD2D24AE259C66C25F2FAF652A
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\temp\WhiteSmokeinfo.dfe --a---- 32848 bytes [19:34 08/02/2013] [14:57 09/02/2013] 145E6E794C3AC72A6418D0BC342D0F2D

Searching for "*datamngr*"
C:\Program Files (x86)\Settings Alerter\Datamngr\datamngr.dll --a---- 1541312 bytes [21:53 05/02/2013] [14:50 03/01/2013] 3B0DE9086F05786995979BEFF8CC1404
C:\Program Files (x86)\Settings Alerter\Datamngr\datamngrUI.exe --a---- 1684160 bytes [21:53 05/02/2013] [14:50 03/01/2013] D2CD32B400CEDD0E2B87EF0E46B170C3
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt --a---- 1009 bytes [21:53 05/02/2013] [14:49 03/01/2013] C317A7493D9EB507391B0217CEEACAE1
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll --a---- 836608 bytes [21:53 05/02/2013] [14:47 03/01/2013] 38D1A648F07CCBE7660EA83F0486F67C
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll --a---- 836608 bytes [21:53 05/02/2013] [14:47 03/01/2013] 1B91815321C9126739F0E68E6E848586
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF12.dll --a---- 836608 bytes [21:53 05/02/2013] [14:48 03/01/2013] 0BC5C21CF9589A47EDDC24BEDDAC9B20
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF13.dll --a---- 836608 bytes [21:53 05/02/2013] [14:48 03/01/2013] 6FA2594B1CF7553F0826B12E348C3D92
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF14.dll --a---- 836608 bytes [21:53 05/02/2013] [14:49 03/01/2013] 59A9358E16C651933E89ACA92A4515DE
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF15.dll --a---- 836608 bytes [21:53 05/02/2013] [14:49 03/01/2013] 972FEAA8ECC6BE665008BA6E140245B7
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF16.dll --a---- 836608 bytes [21:53 05/02/2013] [14:49 03/01/2013] 8F2246FFE45A8B8715893449B840C966
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF17.dll --a---- 836096 bytes [21:53 05/02/2013] [14:50 03/01/2013] E3EFA242953874BA6011083C1253F8A5
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll --a---- 841216 bytes [21:53 05/02/2013] [14:44 03/01/2013] A86952129BC1F50502B15B48CB7B1541
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll --a---- 836608 bytes [21:53 05/02/2013] [14:45 03/01/2013] 29899E6DDEECE1C2FA0DD77C1D507493
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll --a---- 836608 bytes [21:53 05/02/2013] [14:45 03/01/2013] 115949C2EF23693DB0BAE1076E0AE99E
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll --a---- 836608 bytes [21:53 05/02/2013] [14:45 03/01/2013] DFF9CEF8A5A13EE8BA358D93B7B156FC
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll --a---- 836608 bytes [21:53 05/02/2013] [14:46 03/01/2013] 36F576FAE8E69D20A9152AEF39603614
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll --a---- 836608 bytes [21:53 05/02/2013] [14:46 03/01/2013] 914ED68B60785F1A526806A45692E0C8
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll --a---- 836608 bytes [21:53 05/02/2013] [14:47 03/01/2013] CEE635F5CF82150C5193AADAB04169CB
C:\Program Files (x86)\Settings Alerter\Datamngr\FirefoxExtension\content\DataMngr.js --a---- 19255 bytes [21:53 05/02/2013] [08:54 16/10/2012] 0482F311EC3BEFB2018232CC83E2D867
C:\Program Files (x86)\Settings Alerter\Datamngr\x64\datamngr.dll --a---- 2017984 bytes [21:53 05/02/2013] [14:50 03/01/2013] CCBE1ED3F509316E8F755610B3B07A84
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2UC1RVR\SetupDataMngr_FantastiGames[1].exe --a---- 3274280 bytes [21:53 05/02/2013] [21:53 05/02/2013] 17C1DE690B60D1E8AEDDF7BBA656F606

Searching for "*trolltech*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*alotappbar*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Blekko*"
No folders found.

Searching for "*Conduit*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\FunMoodsV2.2 d------ [19:34 08/02/2013]
C:\Users\Jennifer\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\Funmoods-22022013-214736 d------ [02:47 23/02/2013]
C:\Users\Jennifer\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\Funmoods-22022013-214803 d------ [02:48 23/02/2013]
C:\Users\Jennifer\AppData\Local\VS Revo Group\Revo Uninstaller Pro\Logs\Funmoods d------ [02:45 23/02/2013]

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
No folders found.

Searching for "*whitesmoke*"
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\WhiteSmoke d------ [19:34 08/02/2013]

Searching for "*datamngr*"
C:\Program Files (x86)\Settings Alerter\Datamngr d------ [21:53 05/02/2013]

Searching for "*trolltech*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "alotappbar"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Blekko"
No data found.

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar]
"SearchServerUrl"="http://search.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar]
"Server"="users.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar]
"SocialDomains"="http://apps.conduit.com; http://social.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ABTestUsage]
"ServiceUrl"="http://tb-test.conduit-data.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\AppRegisterUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\AppsMetaData]
"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\AppsSettings]
"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\AppTrackingFirstTime]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\AppTrackingUsage]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\AppUninstallUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\BrowserToolbarsInfo]
"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ClientErrorLog]
"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\DynamicDialogs]
"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\GottenAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\HostingUsage]
"ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\LocationService]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\OtherAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\RecoveryService]
"ServiceUrl"="http://recovery.conduit-services.com/toolbar"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\SearchInNewTabBlank]
"ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\SearchSettings]
"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID&um=UM_ID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\SharedAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\SPStubConditionalDownload]
"ServiceUrl"="http://sp-download.conduit-services.com/ConditionalDownload?CTID=EB_TOOLBAR_ID&ToolbarRunMode=EB_TOOLBAR_RUN_MODE&ToolbarType=EB_PLATFORM&UAC=EB_UAC_MODE&IntegrityLevel=EB_INTEGRITY_LEVEL&WindowsVersion=EB_WINDOWS_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarAppComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarAppUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarGrouping]
"ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarHiddenLogin]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarHiddenSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarHiddenSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarSetupAPI]
"ServiceUrl"="http://setupapi.toolbar.conduit-services.com/Properties/json/EB_TOOLBAR_ID/CC/EB_COUNTRY_CODE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarTranslation]
"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarUninstall]
"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\UninstallDialog]
"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\UninstallDialogUsage]
"ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\WebAppSettings]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/meta/WEB_APP_GUID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\WebAppSettingsNC]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/metanc/WEB_APP_GUID"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\WebAppValidation]
"ServiceUrl"="http://upload.webapp.conduit-services.com/Validate/IsValid"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Settings]
"SearchFromAddressUrl"="http://search.conduit.com/ResultsExt.aspx?ctid=CT3272718&SearchSource=2&CUI=SB_CUI&q=MYSEARCHTERM"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Wajam]
"supported_sites.google.wajam_google_se_js"="try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['WAJAM_PATH'] = 'http://www.wajam.com/'; window['WAJAM_PATH_ADS'] = 'http://ads.wajam.com/'; window['WAJAM_PATH_NEW_ADS'] = 'http://social-ads.wajam.com'; window['WAJAM_CONTAINER_HEIGHT'] = '225px'; window['WAJAM_BROWSER'] = 'b'; window['WAJAM_BROWSER_VERSION'] = '1.21'; window['WAJAM_AFFILIATE'] = '6447';window['WAJAM_ENV'] = '0'; window['WAJAM_PLATFORM'] = navigator.platform;window['WAJAM_SEARCH_ENGINE'] = 'google'; window['WAJAM_SERVER_VERSION'] = '1.00258.0'; window['WAJAM_SUPPORT_CRC32_MAPPING'] = '0'; window['WAJAM_SHOULD_SEE_ADS'] = true; window['WAJAM_ID_USER'] = '0'; window['WAJAM_LATITUDE'] = '43.0481';window['WAJAM_LONGITUDE'] = '-76.1474';window['WAJAM_NEW_ADS_SERVERS'] = fa
[HKEY_CURRENT_USER\Software\Classes\Interface\{744F35C4-CD6F-46C3-87B8-80425AB4AFA2}]
@="BIMConduitConnectorDefinition"
[HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Interface\{744F35C4-CD6F-46C3-87B8-80425AB4AFA2}]
@="BIMConduitConnectorDefinition"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\AEC\7.0\AecbElecBase70\DisplayRepresentations\AecbDbDispRepConduit1Line]
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\AEC\7.0\AecbElecBase70\DisplayRepresentations\AecbDbDispRepConduit2Line]
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\AEC\7.0\AecbElecBase70\DisplayRepresentations\AecbDbDispRepConduitFitting1Line]
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\AEC\7.0\AecbElecBase70\DisplayRepresentations\AecbDbDispRepConduitFitting2Line]
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\AEC\7.0\AecbElecBase70\DisplayRepresentations\AecbDbDispRepConduitFittingHaloedLine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\AEC\7.0\AecbElecBase70\DisplayRepresentations\AecbDbDispRepConduitFittingModel]
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\AEC\7.0\AecbElecBase70\DisplayRepresentations\AecbDbDispRepConduitHaloedLine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\AEC\7.0\AecbElecBase70\DisplayRepresentations\AecbDbDispRepConduitModel]
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\AEC\7.0\General\ObjectStyleMap]
"AecbDbConduitFitting"="AecbDbConduitFittingStyle"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\AEC\7.0\General\ObjectStyleMap]
"AecbDbConduit"="AecbDbConduitStyle"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\AEC\7.0\General\Preferences\LayerKey\Defaults]
"CONDUITFITTING"="CONDUIT FITTING"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\AEC\7.0\General\Preferences\LayerKey\Defaults]
"CONDUIT"="CONDUIT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv]
"AecbDbConduitFittingStyle"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv]
"AecbDbDispRepConduit1Line"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv]
"AecbDbDispRepConduitFittingHaloedLine"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv]
"AecbDbDispPropsConduitHaloedLine"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv]
"AecbDbDispRepConduitFitting1Line"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv]
"AecbDictConduitStyle"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv]
"AecbDbDispRepConduitModel"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv]
"AecbDictConduitFittingStyle"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv]
"AecbDbDispRepConduitFittingModel"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv]
"AecbDbConduitRiseDropStyle"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv]
"AecbDictConduitPartCatPrefStyle"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv]
"AecbDbDispRepConduitHaloedLine"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv]
"AecbQueryAecbDbConduitFitting"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv]
"AecbDbConduitFitting"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv]
"AecbCompSpecConduitFitting"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv]
"AecbCompSpecConduit"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv]
"AecbDbConduitStyle"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv]
"AecbDbDispRepConduit2Line"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv]
"AecbDbConduitPartCatPrefStyle"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv]
"AecbDictConduitRiseDropStyle"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv]
"AecbDbConduit"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv]
"AecbDbDispPropsConduit"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv]
"AecbDbDispRepConduitFitting2Line"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv]
"AecbQueryAecbDbConduit"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv40]
"AecbDbConduitFitting"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv40]
"AecbCompSpecConduitFitting"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv40]
"AecbDictConduitStyle"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv40]
"AecbDbDispRepConduitFitting1Line"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv40]
"AecbDictConduitFittingStyle"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv40]
"AecbDictConduitPartCatPrefStyle"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv40]
"AecbCompSpecConduit"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv40]
"AecbDbDispRepConduitHaloedLine"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv40]
"AecbDbConduitStyle"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv40]
"AecbDbDispRepConduit2Line"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv40]
"AecbDbDispRepConduitModel"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv40]
"AecbDictConduitRiseDropStyle"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv40]
"AecbDbConduitRiseDropStyle"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv40]
"AecbQueryAecbDbConduitFitting"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv40]
"AecbDbDispRepConduitFittingModel"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv40]
"AecbDbDispRepConduitFitting2Line"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv40]
"AecbDbDispPropsConduit"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv40]
"AecbDbConduitFittingStyle"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv40]
"AecbDbDispRepConduitFittingHaloedLine"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv40]
"AecbDbDispRepConduit1Line"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv40]
"AecbQueryAecbDbConduit"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv40]
"AecbDbConduit"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv40]
"AecbDbConduitPartCatPrefStyle"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv40]
"AecbDbDispPropsConduitHaloedLine"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv45]
"AecbQueryAecbDbConduit"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv45]
"AecbDbDispPropsConduitHaloedLine"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv45]
"AecbDbDispRepConduitFitting1Line"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv45]
"AecbQueryAecbDbConduitFitting"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv45]
"AecbDbConduitRiseDropStyle"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv45]
"AecbDbDispRepConduitFittingModel"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv45]
"AecbDbConduitFitting"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv45]
"AecbDictConduitRiseDropStyle"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv45]
"AecbDbDispRepConduitModel"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv45]
"AecbDbConduit"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv45]
"AecbDbConduitStyle"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv45]
"AecbDbConduitPartCatPrefStyle"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv45]
"AecbDbDispRepConduit2Line"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv45]
"AecbDictConduitPartCatPrefStyle"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv45]
"AecbCompSpecConduitFitting"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv45]
"AecbCompSpecConduit"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv45]
"AecbDbDispRepConduitFitting2Line"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv45]
"AecbDbDispRepConduitHaloedLine"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv45]
"AecbDbDispPropsConduit"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv45]
"AecbDictConduitStyle"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv45]
"AecbDbConduitFittingStyle"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv45]
"AecbDbDispRepConduitFittingHaloedLine"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv45]
"AecbDbDispRepConduit1Line"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Autodesk\DWG TrueView\R10\dwgviewr-B001:409\RedirectedAppnames\AecbBldSrv45]
"AecbDictConduitFittingStyle"="AecbElecBase70"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"AE48807DEC2E935419BD7466CCE1F5F5"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\AE48807DEC2E935419BD7466CCE1F5F5]
"File"="iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\54F886FC467170E43899256FEBAFD52F]
"195DD4F746711000013317707DF0D34B"="C:\Users\Public\Documents\Autodesk\Inventor 2013\Design Data\BIM Exchange\Support\en-US\ConduitConnector.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28F11346-8948-4FE4-B990-83B5E6EA2A14}]
"AppPath"="C:\Users\Jennifer\AppData\Local\Conduit\CT3272718"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MixiDJ\Communicator]
"Url"="http://servicemap.conduit-services.com/Toolbar/?ownerId=EB_ORIGINAL_CTID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MixiDJ\Communicator]
"UsageUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MixiDJ\toolbar]
"InstallationType"="ConduitNSISIntegration"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MixiDJ\toolbar]
"Server"="users.conduit.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MixiDJ\toolbar]
"PlatformType"="ConduitToolbarMyStuff"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MixiDJ\toolbar]
"AutoUpdateHelperPath"="C:\Users\Jennifer\AppData\Local\Conduit\CT3272718\MixiDJAutoUpdateHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MixiDJ\toolbar]
"IsConduitAppsToolbar"="FALSE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MixiDJ\toolbar]
"BrowserSearchURL"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3272718&CUI=UN28946744941046512"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar]
"SearchServerUrl"="http://search.conduit.com"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar]
"SocialDomains"="http://apps.conduit.com; http://social.conduit.com"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718]
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ABTestUsage]
"ServiceUrl"="http://tb-test.conduit-data.com"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\AppRegisterUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\AppsMetaData]
"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\AppsSettings]
"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\AppTrackingFirstTime]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\AppTrackingUsage]
"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\AppUninstallUsage]
"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\BrowserToolbarsInfo]
"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ClientErrorLog]
"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\DynamicDialogs]
"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\GottenAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\HostingUsage]
"ServiceUrl"="http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\LocationService]
"ServiceUrl"="http://ip2location.conduit-services.com/ip/"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\OtherAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\RecoveryService]
"ServiceUrl"="http://recovery.conduit-services.com/toolbar"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\SearchInNewTabBlank]
"ServiceUrl"="http://storage.conduit.com/SearchInNewTab/SearchInNewTabBlank.html"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\SearchSettings]
"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID&um=UM_ID"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\SharedAppsContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\SPStubConditionalDownload]
"ServiceUrl"="http://sp-download.conduit-services.com/ConditionalDownload?CTID=EB_TOOLBAR_ID&ToolbarRunMode=EB_TOOLBAR_RUN_MODE&ToolbarType=EB_PLATFORM&UAC=EB_UAC_MODE&IntegrityLevel=EB_INTEGRITY_LEVEL&WindowsVersion=EB_WINDOWS_VERSION"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarAppComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarAppUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarComponentUsage]
"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarContextMenu]
"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarGrouping]
"ServiceUrl"="http://grouping.services.conduit.com/GroupingRequest.ctp?type=GetGroup&ctid=EB_ORIGINAL_CTID&lut=0&locale=EB_OS_LOCALE"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarHiddenLogin]
"ServiceUrl"="http://login.hiddentoolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarHiddenSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarHiddenSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarLogin]
"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarSettings]
"ServiceUrl"="http://Settings.toolbar.search.conduit.com/root/EB_TOOLBAR_ID/EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarSettingsForPublisher]
"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarSettingsForSB]
"ServiceUrl"="http://settings.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarSettingsPublisherForSB]
"ServiceUrl"="http://settings.publisher.smartbar.conduit-services.com/settings/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&protocolVersion=EB_PROTOCOL_VERSION"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarSetupAPI]
"ServiceUrl"="http://setupapi.toolbar.conduit-services.com/Properties/json/EB_TOOLBAR_ID/CC/EB_COUNTRY_CODE"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarTranslation]
"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarUninstall]
"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ToolbarUsage]
"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\UninstallDialog]
"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\UninstallDialogUsage]
"ServiceUrl"="http://uninstalldialogusage.toolbar.conduit-services.com/Usage.ashx"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\WebAppSettings]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/meta/WEB_APP_GUID"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\WebAppSettingsNC]
"ServiceUrl"="http://metadata.webapp.conduit-services.com/metanc/WEB_APP_GUID"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\WebAppValidation]
"ServiceUrl"="http://upload.webapp.conduit-services.com/Validate/IsValid"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Settings]
"SearchFromAddressUrl"="http://search.conduit.com/ResultsExt.aspx?ctid=CT3272718&SearchSource=2&CUI=SB_CUI&q=MYSEARCHTERM"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Wajam]
"supported_sites.google.wajam_google_se_js"="try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['WAJAM_PATH'] = 'http://www.wajam.com/'; window['WAJAM_PATH_ADS'] = 'http://ads.wajam.com/'; window['WAJAM_PATH_NEW_ADS'] = 'http://social-ads.wajam.com'; window['WAJAM_CONTAINER_HEIGHT'] = '225px'; window['WAJAM_BROWSER'] = 'b'; window['WAJAM_BROWSER_VERSION'] = '1.21'; window['WAJAM_AFFILIATE'] = '6447';window['WAJAM_ENV'] = '0'; window['WAJAM_PLATFORM'] = navigator.platform;window['WAJAM_SEARCH_ENGINE'] = 'google'; window['WAJAM_SERVER_VERSION'] = '1.00258.0'; window['WAJAM_SUPPORT_CRC32_MAPPING'] = '0'; window['WAJAM_SHOULD_SEE_ADS'] = true; window['WAJAM_ID_USER'] = '0'; window['WAJAM_LATITUDE'] = '43.0481';window['WAJAM_LONGITUDE'] = '-76.147
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Classes\Interface\{744F35C4-CD6F-46C3-87B8-80425AB4AFA2}]
@="BIMConduitConnectorDefinition"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Classes\Wow6432Node\Interface\{744F35C4-CD6F-46C3-87B8-80425AB4AFA2}]
@="BIMConduitConnectorDefinition"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001_Classes\Interface\{744F35C4-CD6F-46C3-87B8-80425AB4AFA2}]
@="BIMConduitConnectorDefinition"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001_Classes\Wow6432Node\Interface\{744F35C4-CD6F-46C3-87B8-80425AB4AFA2}]
@="BIMConduitConnectorDefinition"

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12620A7F-2F24-4C1C-B0A8-2D4BB581D4AA}]
"Path"="\Funmoods"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunMoodsV2_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunMoodsV2_RASMANCS]

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2439}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&gct=ds&appid=100&systemid=439&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2439}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&gct=ds&appid=100&systemid=439&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2439}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&gct=ds&appid=100&systemid=439&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2439}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&gct=ds&appid=100&systemid=439&qu={searchTerms}&ft=json"

Searching for "iLivid"
No data found.

Searching for "IObit"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2D6C718-7E52-428E-8852-365C4B1A6E36}]
@="DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2D6C718-7E52-428E-8852-365C4B1A6E36}\InprocServer32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR]
@="C:\PROGRA~2\SETTIN~1\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR]
@="C:\PROGRA~2\SETTIN~1\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR]
@="C:\PROGRA~2\SETTIN~1\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR]
@="C:\PROGRA~2\SETTIN~1\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\SETTIN~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SETTIN~1\Datamngr\x64\IEBHO.dll "
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Settings Alerter]
"RunDName"="C:\Program Files (x86)\Settings Alerter\Datamngr\installhelper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\IEBHO.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR]
@="C:\PROGRA~2\SETTIN~1\Datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32]
@="C:\PROGRA~2\SETTIN~1\Datamngr\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64]
@="C:\PROGRA~2\SETTIN~1\Datamngr\x64\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR]
@="C:\PROGRA~2\SETTIN~1\Datamngr"

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "Yontoo"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Jennifer\AppData\Local\Temp\Yontoo-D1-0B9C.exe"="Tarma® Installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{361E80BE-388B-4270-BF54-A10C2B756504}]
"TizPath"="C:\Users\Jennifer\AppData\Local\Temp\pkg_172c3a1590\Yontoo-D1.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Yontoo-D1-0B9C_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Yontoo-D1-0B9C_RASMANCS]
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Jennifer\AppData\Local\Temp\Yontoo-D1-0B9C.exe"="Tarma® Installer"
[HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Jennifer\AppData\Local\Temp\Yontoo-D1-0B9C.exe"="Tarma® Installer"

-= EOF =-
drjpaulwede
Regular Member
 
Posts: 37
Joined: February 17th, 2013, 8:30 pm

Re: startup problems

Unread postby pgmigg » February 23rd, 2013, 11:42 pm

Hello drjpaulwede,

Very good job! :D Let continue our treatment...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :OTL
    IE - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT3272718
    IE - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\..\URLSearchHook: {c0c2693d-2ee8-47b4-9df7-b67a0ee31988} - C:\Program Files (x86)\MixiDJ\prxtbMixi.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-2335382365-1412915923-843921817-1001\..\SearchScopes\{6AAF7BF8-B4F5-4336-B03E-A2C69D69B8EF}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q= {searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=B4AB9EFF-D359-4247-BA1C-F0F336F077CC&apn_sauid=D0CE9362-CB29-4B56-9C92-55BEF092FCFA
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3272718&SearchSource=3&q={searchTerms}&CUI=UN61842949716620837"
    FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com :1.20.00
    FF - prefs.js..keyword.URL: "http://isearch.fantastigames.com/web?src=ffb&gct=ds&appid=100&systemid=439&q="
    [2013/02/05 16:53:40 | 000,000,000 | ---D | M] (CouponAmazing) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\couponamazing@jetpack
    [2013/02/08 14:36:19 | 000,000,000 | ---D | M] ("Deal Vault") -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\crossriderapp19866@crossrider.com
    [2013/02/05 17:01:31 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\ffxtlbr@delta.com
    [2013/01/31 18:45:53 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\plugin@yontoo.com
    [2011/10/18 14:40:34 | 000,000,000 | ---D | M] ("ArcadeWeb") -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\textlinks@arcadeweb.com
    [2012/11/21 13:19:33 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\toolbar@ask.com
    [2013/02/05 16:53:50 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\SETTINGS ALERTER\DATAMNGR\FIREFOXEXTENSION
    [2010/10/06 19:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
    [2010/10/06 19:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    CHR - Extension: Poppit = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
    CHR - Extension: Deal Vault = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mifpbickojhbejhppcfgifjbmiinpjap\1.21.28_0\crossrider
    CHR - Extension: Deal Vault = C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mifpbickojhbejhppcfgifjbmiinpjap\1.21.28_0\
    O2:64bit: - BHO: (DataMngr) - {F2D6C718-7E52-428E-8852-365C4B1A6E36} - C:\Program Files (x86)\Settings Alerter\Datamngr\x64\BrowserConnection.dll (Koyote-Lab, inc)
    O2 - BHO: (Deal Vault) - {11111111-1111-1111-1111-110111981166} - C:\Program Files (x86)\Deal Vault\Deal Vault.dll (215 Apps)
    O2 - BHO: (CouponAmazing 5.0) - {160B42B4-CBA6-4DB3-A316-00A3ADE3AEA0} - C:\Users\Jennifer\AppData\Local\couponamazing\ie\couponamazing_1360004687.dll ()
    O2 - BHO: (MixiDJ Toolbar) - {c0c2693d-2ee8-47b4-9df7-b67a0ee31988} - C:\Program Files (x86)\MixiDJ\prxtbMixi.dll (Conduit Ltd.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (DataMngr) - {F2D6C718-7E52-428E-8852-365C4B1A6E36} - C:\Program Files (x86)\Settings Alerter\Datamngr\BrowserConnection.dll (Koyote-Lab, inc)
    O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (MixiDJ Toolbar) - {c0c2693d-2ee8-47b4-9df7-b67a0ee31988} - C:\Program Files (x86)\MixiDJ\prxtbMixi.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://gamesville.worldwinner.com/games ... Loader.cab (FunGamesLoader Object)
    O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} http://www.worldwinner.com/games/v51/be ... eweled.cab (Bejeweled Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.11.2)
    O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab (SwapIt Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.11.2)
    [2013/02/09 09:59:25 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Funmoods
    [2013/02/09 09:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funmoods
    [2013/02/08 14:40:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
    [2013/02/08 14:38:52 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Conduit
    [2013/02/08 14:38:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MixiDJ
    [2013/02/08 14:36:21 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Local\Deal Vault
    [2013/02/08 14:35:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deal Vault
    [2013/02/05 17:01:07 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Babylon
    [2013/02/05 17:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2013/01/31 18:45:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
    [2013/02/05 17:01:07 | 000,000,000 | ---D | M] -- C:\Users\Jennifer\AppData\Roaming\Babylon
    
    :Files
    C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage
    C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal
    C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VXKBGYM\Conduit.Search[2].htm
    C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VXKBGYM\Conduit[1].htm
    C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VXKBGYM\Conduit[2].htm
    C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GAGBVHQ0\Conduit.Search[1].htm
    C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GAGBVHQ0\Conduit[1].htm 
    C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GAGBVHQ0\Conduit[2].htm 
    C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GAGBVHQ0\search_conduit_com[1].htm 
    C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHKX5U5Q\Conduit[1].htm 
    C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHKX5U5Q\Conduit[2].htm 
    C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHKX5U5Q\Conduit[3].htm 
    C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHKX5U5Q\Conduit[4].htm 
    C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHKX5U5Q\Conduit[5].htm 
    C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2UC1RVR\Conduit[1].htm 
    C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2UC1RVR\Conduit[2].htm
    C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2UC1RVR\Conduit[3].htm
    C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2UC1RVR\Conduit[4].htm 
    C:\Users\Jennifer\AppData\Local\Temp\mconduitinstaller.exe
    C:\Users\Jennifer\AppData\Local\Temp\ct3272718\conduit.xml 
    C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\CT3272718\toolbarImages\http___storage_conduit_com_6_325_CT3255406_Images_634865922899792583.png
    C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\CT3272718\toolbarImages\http___storage_conduit_com_images_ClientImages_radio.gif
    C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\CT3272718\toolbarImages\http___storage_conduit_com_Images_ClientResources_mini_browser.gif
    C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\CT3272718\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif
    C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\CT3272718\toolbarImages\http___storage_conduit_com_MarketPlace_1a_2dc_1af6a81c-86ff-4937-bd94-7bdb646af2dc_Appearance_634473642776763064.png
    C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\CT3272718\toolbarImages\http___storage_conduit_com_MarketPlace_71_92f_71422c68-106e-4efa-a402-2c5d0c3ab92f_Appearance_634374241008412502.png
    C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\CT3272718\toolbarImages\http___storage_conduit_com_MarketPlace_78_f1b_789d74ff-86a2-4fb9-9903-16e7b2641f1b_Appearance_634825030599553405.png
    C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\CT3272718\toolbarImages\http___storage_conduit_com_MarketPlace_93_ce3_93951332-f9a7-4af7-af02-17ec3d749ce3_Appearance_634159521796627506_24x24.png
    C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\chrome\CT3272718\content\ConduitAbstractionLayer.js
    C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\chrome\CT3272718\content\ConduitAbstractionLayerBack.js
    C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\chrome\CT3272718\content\ConduitAbstractionLayerFront.js
    C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\chrome\CT3272718\content\tb\al\aboutBox\images\conduit-logo-OLD.png
    C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\chrome\CT3272718\content\tb\al\aboutBox\images\conduit-logo.png
    C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\lib\log4conduit.jsm
    C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\Plugins\npConduitFirefoxPlugin.dll
    C:\Users\Public\Documents\Autodesk\Inventor 2013\Design Data\BIM Exchange\Support\en-US\ConduitConnector.xml
    C:\Windows\Temp\Temporary Internet Files\Content.IE5\HVZ9IIL4\conduit[1].js
    C:\Windows\Temp\Temporary Internet Files\Content.IE5\UOMKFERE\rmInteractionTrackingConduit[1].js
    C:\Users\Jennifer\AppData\Local\Temp\Funmoods.ruel
    C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\funmoods.css
    C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\funmoods-icon.png
    C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\funmoods-img.png 
    C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\funmoods-logo.png
    C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\funmoods-toolbar-2-gris.png
    C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\funmoods-toolbar-2.png
    C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\funmoods-toolbar-big.png
    C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\funmoods-toolbar-gris.png
    C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\funmoods-toolbar.png
    C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\OLDfunmoods-toolbar-gris.jpg
    C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\OLDfunmoods-toolbar.jpg
    C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\temp\FunMoodsV2.2info.dfe 
    C:\Windows\System32\Tasks\Funmoods
    C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage
    C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage-journal 
    C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHKX5U5Q\muted_whitesmoke_toolbar[1].jpg
    C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\whitesmoke.css
    C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\whitesmoke-img-gris.png
    C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\whitesmoke-img.jpg
    C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\whitesmoke-img.png 
    C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\whitesmoke-img2.jpg
    C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\whitesmoke-logo.png
    C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\whitesmoke-toolbar-new-gris.png
    C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\temp\WhiteSmokeinfo.dfe
    C:\Program Files (x86)\Settings Alerter\Datamngr
    C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2UC1RVR\SetupDataMngr_FantastiGames[1].exe
    C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\FunMoodsV2.2
    C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\WhiteSmoke
    @C:\ProgramData\Temp:373E1720
    ipconfig /flushdns /c
    
    :Reg
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar]
    "GroupingServerURL"=-
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar]
    "SearchServerUrl"=-
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar]
    "Server"=-
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar]
    "UsageURL"=-
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar]
    "SocialDomains"=-
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718]
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Settings]
    "SearchFromAddressUrl"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MixiDJ\Communicator]
    "Url"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MixiDJ\Communicator]
    "UsageUrl"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MixiDJ\toolbar]
    "InstallationType"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MixiDJ\toolbar]
    "Server"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MixiDJ\toolbar]
    "PlatformType"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MixiDJ\toolbar]
    "AutoUpdateHelperPath"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MixiDJ\toolbar]
    "IsConduitAppsToolbar"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MixiDJ\toolbar]
    "BrowserSearchURL"=-
    [HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar]
    "GroupingServerURL"=-
    [HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar]
    "SearchServerUrl"=-
    [HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar]
    "Server"=-
    [HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar]
    "UsageURL"=-
    [HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar]
    "SocialDomains"=-
    [-HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718]
    [HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Settings]
    "SearchFromAddressUrl"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12620A7F-2F24-4C1C-B0A8-2D4BB581D4AA}]
    "Path"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunMoodsV2_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunMoodsV2_RASMANCS]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2439}]
    "SuggestionsURL_JSON"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2439}]
    "SuggestionsURL_JSON"=-
    [HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2439}]
    "SuggestionsURL_JSON"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2D6C718-7E52-428E-8852-365C4B1A6E36}]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2D6C718-7E52-428E-8852-365C4B1A6E36}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR]
    @=""
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR]
    @=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMANCS]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Settings Alerter]
    "RunDName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR]
    @=""
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32]
    @=""
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64]
    @=""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR]
    @=""
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\Jennifer\AppData\Local\Temp\Yontoo-D1-0B9C.exe"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{361E80BE-388B-4270-BF54-A10C2B756504}]
    "TizPath"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Yontoo-D1-0B9C_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Yontoo-D1-0B9C_RASMANCS]
    [HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\Jennifer\AppData\Local\Temp\Yontoo-D1-0B9C.exe"=-
    [HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Users\Jennifer\AppData\Local\Temp\Yontoo-D1-0B9C.exe"=-
    
    :Commands
    [emptytemp]
    [emptyflash]
    [emptyjava]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Step 2.
TDSSKiller - Rootkit Removal Tool - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  1. Right click on TDSSKiller.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zarodinu.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Please select Skip instead of Cure (default).
  5. Then click Continue, then Close and then Close again.
  6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
  7. Copy and paste the contents of that file in your next reply.

Step 3.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the most recent TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt file.
  4. Contents of the most recent OTL.txt file after fresh OTL scan
  5. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: startup problems

Unread postby drjpaulwede » February 24th, 2013, 7:03 pm

Executed instructions. The system will boot normally now after I ran these fixes (safe mode not needed).
Logs:
All processes killed
========== COMMANDS ==========
Unable to start System Restore Service. Error code 1084
========== OTL ==========
HKU\S-1-5-21-2335382365-1412915923-843921817-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\ deleted successfully.
C:\Program Files (x86)\MixiDJ\prxtbMixi.dll moved successfully.
Registry key HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6AAF7BF8-B4F5-4336-B03E-A2C69D69B8EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6AAF7BF8-B4F5-4336-B03E-A2C69D69B8EF}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3272718&SearchSource=3&q={searchTerms}&CUI=UN61842949716620837" removed from browser.search.defaulturl
Prefs.js: plugin@yontoo.com :1.20.00 removed from extensions.enabledAddons
Prefs.js: "http://isearch.fantastigames.com/web?src=ffb&gct=ds&appid=100&systemid=439&q=" removed from keyword.URL
Folder C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\couponamazing@jetpack\ not found.
Folder C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\crossriderapp19866@crossrider.com\ not found.
Folder C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\ffxtlbr@delta.com\ not found.
Folder C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\plugin@yontoo.com\ not found.
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\textlinks@arcadeweb.com\components folder moved successfully.
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\textlinks@arcadeweb.com\Chrome folder moved successfully.
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\textlinks@arcadeweb.com folder moved successfully.
Folder C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\toolbar@ask.com\ not found.
C:\PROGRAM FILES (X86)\SETTINGS ALERTER\DATAMNGR\FIREFOXEXTENSION\content folder moved successfully.
C:\PROGRAM FILES (X86)\SETTINGS ALERTER\DATAMNGR\FIREFOXEXTENSION\components folder moved successfully.
C:\PROGRAM FILES (X86)\SETTINGS ALERTER\DATAMNGR\FIREFOXEXTENSION folder moved successfully.
File C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll not found.
File C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll not found.
File C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll not found.
File C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll not found.
C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0 folder moved successfully.
File C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mifpbickojhbejhppcfgifjbmiinpjap\1.21.28_0\crossrider not found.
File C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mifpbickojhbejhppcfgifjbmiinpjap\1.21.28_0 not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2D6C718-7E52-428E-8852-365C4B1A6E36}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2D6C718-7E52-428E-8852-365C4B1A6E36}\ deleted successfully.
C:\Program Files (x86)\Settings Alerter\Datamngr\x64\BrowserConnection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111981166}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111981166}\ not found.
File C:\Program Files (x86)\Deal Vault\Deal Vault.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{160B42B4-CBA6-4DB3-A316-00A3ADE3AEA0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{160B42B4-CBA6-4DB3-A316-00A3ADE3AEA0}\ not found.
File C:\Users\Jennifer\AppData\Local\couponamazing\ie\couponamazing_1360004687.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\ not found.
File C:\Program Files (x86)\MixiDJ\prxtbMixi.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2D6C718-7E52-428E-8852-365C4B1A6E36}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2D6C718-7E52-428E-8852-365C4B1A6E36}\ not found.
C:\Program Files (x86)\Settings Alerter\Datamngr\BrowserConnection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
File C:\Program Files (x86)\Yontoo\YontooIEClient.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\ not found.
File C:\Program Files (x86)\MixiDJ\prxtbMixi.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {1A1F56AA-3401-46F9-B277-D57F3421F821}
C:\Windows\Downloaded Program Files\FunGamesLoader.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1A1F56AA-3401-46F9-B277-D57F3421F821}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A1F56AA-3401-46F9-B277-D57F3421F821}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1A1F56AA-3401-46F9-B277-D57F3421F821}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A1F56AA-3401-46F9-B277-D57F3421F821}\ not found.
Starting removal of ActiveX control {615F158E-D5CA-422F-A8E7-F6A5EED7063B}
C:\Windows\Downloaded Program Files\Bejeweled.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{615F158E-D5CA-422F-A8E7-F6A5EED7063B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{615F158E-D5CA-422F-A8E7-F6A5EED7063B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{615F158E-D5CA-422F-A8E7-F6A5EED7063B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{615F158E-D5CA-422F-A8E7-F6A5EED7063B}\ not found.
Starting removal of ActiveX control {8100D56A-5661-482C-BEE8-AFECE305D968}
C:\Windows\Downloaded Program Files\PhotoUploader55.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8100D56A-5661-482C-BEE8-AFECE305D968}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8100D56A-5661-482C-BEE8-AFECE305D968}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8100D56A-5661-482C-BEE8-AFECE305D968}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8100D56A-5661-482C-BEE8-AFECE305D968}\ not found.
Starting removal of ActiveX control {8A94C905-FF9D-43B6-8708-F0F22D22B1CB}
C:\Windows\Downloaded Program Files\wwlaunch.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {AC2881FD-5760-46DB-83AE-20A5C6432A7E}
C:\Windows\Downloaded Program Files\swapit.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AC2881FD-5760-46DB-83AE-20A5C6432A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC2881FD-5760-46DB-83AE-20A5C6432A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AC2881FD-5760-46DB-83AE-20A5C6432A7E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC2881FD-5760-46DB-83AE-20A5C6432A7E}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Folder C:\Users\Jennifer\AppData\Roaming\Funmoods\ not found.
Folder C:\Program Files (x86)\Funmoods\ not found.
Folder C:\Program Files (x86)\Conduit\ not found.
Folder C:\Users\Jennifer\AppData\Local\Conduit\ not found.
C:\Program Files (x86)\MixiDJ folder moved successfully.
Folder C:\Users\Jennifer\AppData\Local\Deal Vault\ not found.
Folder C:\Program Files (x86)\Deal Vault\ not found.
Folder C:\Users\Jennifer\AppData\Roaming\Babylon\ not found.
Folder C:\ProgramData\Babylon\ not found.
Folder C:\Program Files (x86)\Yontoo\ not found.
Folder C:\Users\Jennifer\AppData\Roaming\Babylon\ not found.
========== FILES ==========
C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage moved successfully.
C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal moved successfully.
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VXKBGYM\Conduit.Search[2].htm moved successfully.
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VXKBGYM\Conduit[1].htm moved successfully.
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VXKBGYM\Conduit[2].htm moved successfully.
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GAGBVHQ0\Conduit.Search[1].htm moved successfully.
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GAGBVHQ0\Conduit[1].htm moved successfully.
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GAGBVHQ0\Conduit[2].htm moved successfully.
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GAGBVHQ0\search_conduit_com[1].htm moved successfully.
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHKX5U5Q\Conduit[1].htm moved successfully.
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHKX5U5Q\Conduit[2].htm moved successfully.
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHKX5U5Q\Conduit[3].htm moved successfully.
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHKX5U5Q\Conduit[4].htm moved successfully.
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHKX5U5Q\Conduit[5].htm moved successfully.
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2UC1RVR\Conduit[1].htm moved successfully.
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2UC1RVR\Conduit[2].htm moved successfully.
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2UC1RVR\Conduit[3].htm moved successfully.
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2UC1RVR\Conduit[4].htm moved successfully.
C:\Users\Jennifer\AppData\Local\Temp\mconduitinstaller.exe moved successfully.
C:\Users\Jennifer\AppData\Local\Temp\ct3272718\conduit.xml moved successfully.
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\CT3272718\toolbarImages\http___storage_conduit_com_6_325_CT3255406_Images_634865922899792583.png moved successfully.
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\CT3272718\toolbarImages\http___storage_conduit_com_images_ClientImages_radio.gif moved successfully.
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\CT3272718\toolbarImages\http___storage_conduit_com_Images_ClientResources_mini_browser.gif moved successfully.
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\CT3272718\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif moved successfully.
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\CT3272718\toolbarImages\http___storage_conduit_com_MarketPlace_1a_2dc_1af6a81c-86ff-4937-bd94-7bdb646af2dc_Appearance_634473642776763064.png moved successfully.
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\CT3272718\toolbarImages\http___storage_conduit_com_MarketPlace_71_92f_71422c68-106e-4efa-a402-2c5d0c3ab92f_Appearance_634374241008412502.png moved successfully.
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\CT3272718\toolbarImages\http___storage_conduit_com_MarketPlace_78_f1b_789d74ff-86a2-4fb9-9903-16e7b2641f1b_Appearance_634825030599553405.png moved successfully.
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\CT3272718\toolbarImages\http___storage_conduit_com_MarketPlace_93_ce3_93951332-f9a7-4af7-af02-17ec3d749ce3_Appearance_634159521796627506_24x24.png moved successfully.
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\chrome\CT3272718\content\ConduitAbstractionLayer.js moved successfully.
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\chrome\CT3272718\content\ConduitAbstractionLayerBack.js moved successfully.
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\chrome\CT3272718\content\ConduitAbstractionLayerFront.js moved successfully.
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\chrome\CT3272718\content\tb\al\aboutBox\images\conduit-logo-OLD.png moved successfully.
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\chrome\CT3272718\content\tb\al\aboutBox\images\conduit-logo.png moved successfully.
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\lib\log4conduit.jsm moved successfully.
C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\8tymx2h3.default\extensions\{c0c2693d-2ee8-47b4-9df7-b67a0ee31988}\Plugins\npConduitFirefoxPlugin.dll moved successfully.
C:\Users\Public\Documents\Autodesk\Inventor 2013\Design Data\BIM Exchange\Support\en-US\ConduitConnector.xml moved successfully.
C:\Windows\Temp\Temporary Internet Files\Content.IE5\HVZ9IIL4\conduit[1].js moved successfully.
C:\Windows\Temp\Temporary Internet Files\Content.IE5\UOMKFERE\rmInteractionTrackingConduit[1].js moved successfully.
C:\Users\Jennifer\AppData\Local\Temp\Funmoods.ruel moved successfully.
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\funmoods.css moved successfully.
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\funmoods-icon.png moved successfully.
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\funmoods-img.png moved successfully.
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\funmoods-logo.png moved successfully.
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\funmoods-toolbar-2-gris.png moved successfully.
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\funmoods-toolbar-2.png moved successfully.
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\funmoods-toolbar-big.png moved successfully.
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\funmoods-toolbar-gris.png moved successfully.
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\funmoods-toolbar.png moved successfully.
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\OLDfunmoods-toolbar-gris.jpg moved successfully.
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\OLDfunmoods-toolbar.jpg moved successfully.
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\temp\FunMoodsV2.2info.dfe moved successfully.
File\Folder C:\Windows\System32\Tasks\Funmoods not found.
C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage moved successfully.
C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage-journal moved successfully.
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KHKX5U5Q\muted_whitesmoke_toolbar[1].jpg moved successfully.
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\whitesmoke.css moved successfully.
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\whitesmoke-img-gris.png moved successfully.
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\whitesmoke-img.jpg moved successfully.
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\whitesmoke-img.png moved successfully.
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\whitesmoke-img2.jpg moved successfully.
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\whitesmoke-logo.png moved successfully.
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\css\images\whitesmoke-toolbar-new-gris.png moved successfully.
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\temp\WhiteSmokeinfo.dfe moved successfully.
C:\Program Files (x86)\Settings Alerter\Datamngr\x64 folder moved successfully.
C:\Program Files (x86)\Settings Alerter\Datamngr folder moved successfully.
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2UC1RVR\SetupDataMngr_FantastiGames[1].exe moved successfully.
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\FunMoodsV2.2 folder moved successfully.
C:\Users\Jennifer\AppData\Local\Temp\DM\FlashPlayer_084\bin\WhiteSmoke folder moved successfully.
ADS C:\ProgramData\Temp:373E1720 deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jennifer\Desktop\cmd.bat deleted successfully.
C:\Users\Jennifer\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\\GroupingServerURL deleted successfully.
Registry value HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\\SearchServerUrl deleted successfully.
Registry value HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\\Server deleted successfully.
Registry value HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\\UsageURL deleted successfully.
Registry value HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\\SocialDomains deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\AppDataLow\Software\MixiDJ\toolbar\Settings\\SearchFromAddressUrl deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MixiDJ\Communicator\\Url deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MixiDJ\Communicator\\UsageUrl deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MixiDJ\toolbar\\InstallationType deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MixiDJ\toolbar\\Server deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MixiDJ\toolbar\\PlatformType deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MixiDJ\toolbar\\AutoUpdateHelperPath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MixiDJ\toolbar\\IsConduitAppsToolbar deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MixiDJ\toolbar\\BrowserSearchURL deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\\GroupingServerURL not found.
Registry value HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\\SearchServerUrl not found.
Registry value HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\\Server not found.
Registry value HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\\UsageURL not found.
Registry value HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\\SocialDomains not found.
Registry key HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Repository\conduit_CT3272718\ not found.
Registry value HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\AppDataLow\Software\MixiDJ\toolbar\Settings\\SearchFromAddressUrl not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12620A7F-2F24-4C1C-B0A8-2D4BB581D4AA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunMoodsV2_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\FunMoodsV2_RASMANCS\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2439}\\SuggestionsURL_JSON deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2439}\\SuggestionsURL_JSON not found.
Registry value HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2439}\\SuggestionsURL_JSON deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2D6C718-7E52-428E-8852-365C4B1A6E36}\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2D6C718-7E52-428E-8852-365C4B1A6E36}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR\\@|""HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32]@="" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR\\@|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMANCS\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Settings Alerter\\RunDName deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{25DA73D2-CBE0-43A5-8BFA-F757F5E69864}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{935696E1-CFE1-476D-8786-AF70E069E5A9}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\0\win64\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0BF321DF-A919-4F8F-B865-4DBE670E1D28}\1.0\HELPDIR\\@|""HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win32]@=""HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\0\win64]@="" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{24CD4990-37BC-4B7F-8E8D-BA7258D80152}\1.0\HELPDIR\\@|"" /E : value set successfully!
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Trolltech\ not found.
Registry key HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.3\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Jennifer\AppData\Local\Temp\Yontoo-D1-0B9C.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{361E80BE-388B-4270-BF54-A10C2B756504} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Yontoo-D1-0B9C_RASAPI32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Yontoo-D1-0B9C_RASMANCS\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Jennifer\AppData\Local\Temp\Yontoo-D1-0B9C.exe not found.
Registry value HKEY_USERS\S-1-5-21-2335382365-1412915923-843921817-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Jennifer\AppData\Local\Temp\Yontoo-D1-0B9C.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jennifer
->Temp folder emptied: 6740767217 bytes
->Temporary Internet Files folder emptied: 1216133793 bytes
->Java cache emptied: 23762018 bytes
->FireFox cache emptied: 74958428 bytes
->Google Chrome cache emptied: 148893330 bytes
->Flash cache emptied: 221793 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1211408564 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 54372 bytes
RecycleBin emptied: 10423436841 bytes

Total Files Cleaned = 18,921.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jennifer
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jennifer
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02242013_171944
drjpaulwede
Regular Member
 
Posts: 37
Joined: February 17th, 2013, 8:30 pm

Re: startup problems

Unread postby drjpaulwede » February 24th, 2013, 7:04 pm

17:36:49.0877 3936 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:36:50.0252 3936 ============================================================
17:36:50.0252 3936 Current date / time: 2013/02/24 17:36:50.0252
17:36:50.0252 3936 SystemInfo:
17:36:50.0252 3936
17:36:50.0252 3936 OS Version: 6.1.7601 ServicePack: 1.0
17:36:50.0252 3936 Product type: Workstation
17:36:50.0252 3936 ComputerName: JENNIFER-PC
17:36:50.0252 3936 UserName: Jennifer
17:36:50.0252 3936 Windows directory: C:\Windows
17:36:50.0252 3936 System windows directory: C:\Windows
17:36:50.0252 3936 Running under WOW64
17:36:50.0252 3936 Processor architecture: Intel x64
17:36:50.0252 3936 Number of processors: 1
17:36:50.0252 3936 Page size: 0x1000
17:36:50.0252 3936 Boot type: Normal boot
17:36:50.0252 3936 ============================================================
17:36:53.0603 3936 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:36:53.0622 3936 ============================================================
17:36:53.0622 3936 \Device\Harddisk0\DR0:
17:36:53.0623 3936 MBR partitions:
17:36:53.0623 3936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
17:36:53.0623 3936 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x48AF7AB0
17:36:53.0623 3936 ============================================================
17:36:53.0660 3936 C: <-> \Device\Harddisk0\DR0\Partition2
17:36:53.0661 3936 ============================================================
17:36:53.0661 3936 Initialize success
17:36:53.0661 3936 ============================================================
17:37:05.0973 1276 ============================================================
17:37:05.0973 1276 Scan started
17:37:05.0973 1276 Mode: Manual;
17:37:05.0973 1276 ============================================================
17:37:07.0904 1276 ================ Scan system memory ========================
17:37:07.0904 1276 System memory - ok
17:37:07.0908 1276 ================ Scan services =============================
17:37:08.0278 1276 0075241360420786mcinstcleanup - ok
17:37:08.0450 1276 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:37:08.0454 1276 1394ohci - ok
17:37:08.0479 1276 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:37:08.0485 1276 ACPI - ok
17:37:08.0518 1276 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:37:08.0520 1276 AcpiPmi - ok
17:37:08.0676 1276 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:37:08.0680 1276 AdobeFlashPlayerUpdateSvc - ok
17:37:08.0722 1276 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:37:08.0738 1276 adp94xx - ok
17:37:08.0778 1276 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:37:08.0784 1276 adpahci - ok
17:37:08.0811 1276 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:37:08.0816 1276 adpu320 - ok
17:37:08.0866 1276 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:37:08.0942 1276 AeLookupSvc - ok
17:37:09.0028 1276 [ 3AC22A3DFA8A050E35F0E3CD99D0CDF2 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
17:37:09.0088 1276 AERTFilters - ok
17:37:09.0162 1276 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:37:09.0167 1276 AFD - ok
17:37:09.0201 1276 AFS - ok
17:37:09.0226 1276 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:37:09.0228 1276 agp440 - ok
17:37:09.0253 1276 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:37:09.0255 1276 ALG - ok
17:37:09.0275 1276 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:37:09.0277 1276 aliide - ok
17:37:09.0298 1276 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:37:09.0300 1276 amdide - ok
17:37:09.0326 1276 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:37:09.0329 1276 AmdK8 - ok
17:37:09.0347 1276 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:37:09.0350 1276 AmdPPM - ok
17:37:09.0370 1276 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:37:09.0372 1276 amdsata - ok
17:37:09.0399 1276 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:37:09.0402 1276 amdsbs - ok
17:37:09.0424 1276 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:37:09.0425 1276 amdxata - ok
17:37:09.0455 1276 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:37:09.0458 1276 AppID - ok
17:37:09.0480 1276 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:37:09.0482 1276 AppIDSvc - ok
17:37:09.0501 1276 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:37:09.0503 1276 Appinfo - ok
17:37:09.0634 1276 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:37:09.0636 1276 Apple Mobile Device - ok
17:37:09.0655 1276 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:37:09.0657 1276 arc - ok
17:37:09.0714 1276 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:37:09.0717 1276 arcsas - ok
17:37:09.0865 1276 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:37:09.0958 1276 aspnet_state - ok
17:37:09.0996 1276 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:37:09.0998 1276 AsyncMac - ok
17:37:10.0017 1276 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:37:10.0018 1276 atapi - ok
17:37:10.0048 1276 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:37:10.0065 1276 AudioEndpointBuilder - ok
17:37:10.0091 1276 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:37:10.0099 1276 AudioSrv - ok
17:37:10.0155 1276 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:37:10.0158 1276 AxInstSV - ok
17:37:10.0196 1276 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:37:10.0212 1276 b06bdrv - ok
17:37:10.0287 1276 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:37:10.0291 1276 b57nd60a - ok
17:37:10.0424 1276 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
17:37:10.0493 1276 BBSvc - ok
17:37:10.0521 1276 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
17:37:10.0590 1276 BBUpdate - ok
17:37:10.0614 1276 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:37:10.0616 1276 BDESVC - ok
17:37:10.0640 1276 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:37:10.0642 1276 Beep - ok
17:37:10.0802 1276 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:37:10.0820 1276 BFE - ok
17:37:10.0872 1276 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
17:37:10.0890 1276 BITS - ok
17:37:10.0946 1276 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:37:10.0948 1276 blbdrive - ok
17:37:11.0040 1276 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:37:11.0044 1276 Bonjour Service - ok
17:37:11.0068 1276 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:37:11.0069 1276 bowser - ok
17:37:11.0097 1276 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:37:11.0099 1276 BrFiltLo - ok
17:37:11.0143 1276 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:37:11.0170 1276 BrFiltUp - ok
17:37:11.0223 1276 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
17:37:11.0229 1276 Browser - ok
17:37:11.0276 1276 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:37:11.0276 1276 Brserid - ok
17:37:11.0322 1276 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:37:11.0322 1276 BrSerWdm - ok
17:37:11.0338 1276 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:37:11.0338 1276 BrUsbMdm - ok
17:37:11.0369 1276 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:37:11.0369 1276 BrUsbSer - ok
17:37:11.0385 1276 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:37:11.0400 1276 BTHMODEM - ok
17:37:11.0432 1276 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:37:11.0447 1276 bthserv - ok
17:37:11.0463 1276 [ 46F088D1247E825B313200254EDD9E5B ] CAXHWBS2 C:\Windows\system32\DRIVERS\CAXHWBS2.sys
17:37:11.0463 1276 CAXHWBS2 - ok
17:37:11.0494 1276 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:37:11.0494 1276 cdfs - ok
17:37:11.0510 1276 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:37:11.0525 1276 cdrom - ok
17:37:11.0572 1276 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:37:11.0572 1276 CertPropSvc - ok
17:37:11.0681 1276 [ A73276435F75025DA6E67B2470E1FE16 ] cfwids C:\Windows\system32\drivers\cfwids.sys
17:37:11.0697 1276 cfwids - ok
17:37:11.0712 1276 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:37:11.0712 1276 circlass - ok
17:37:11.0775 1276 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:37:11.0775 1276 CLFS - ok
17:37:11.0868 1276 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:37:11.0884 1276 clr_optimization_v2.0.50727_32 - ok
17:37:11.0946 1276 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:37:11.0946 1276 clr_optimization_v2.0.50727_64 - ok
17:37:12.0009 1276 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:37:12.0227 1276 clr_optimization_v4.0.30319_32 - ok
17:37:12.0258 1276 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:37:12.0336 1276 clr_optimization_v4.0.30319_64 - ok
17:37:12.0383 1276 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:37:12.0383 1276 CmBatt - ok
17:37:12.0414 1276 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:37:12.0414 1276 cmdide - ok
17:37:12.0446 1276 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys
17:37:12.0504 1276 CNG - ok
17:37:12.0575 1276 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:37:12.0578 1276 Compbatt - ok
17:37:12.0607 1276 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:37:12.0608 1276 CompositeBus - ok
17:37:12.0631 1276 COMSysApp - ok
17:37:12.0657 1276 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:37:12.0659 1276 crcdisk - ok
17:37:12.0720 1276 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:37:12.0724 1276 CryptSvc - ok
17:37:12.0782 1276 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:37:12.0807 1276 DcomLaunch - ok
17:37:12.0835 1276 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:37:12.0840 1276 defragsvc - ok
17:37:12.0860 1276 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:37:12.0862 1276 DfsC - ok
17:37:12.0927 1276 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:37:12.0946 1276 Dhcp - ok
17:37:12.0971 1276 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:37:12.0972 1276 discache - ok
17:37:13.0011 1276 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:37:13.0023 1276 Disk - ok
17:37:13.0056 1276 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:37:13.0101 1276 Dnscache - ok
17:37:13.0247 1276 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
17:37:13.0327 1276 DockLoginService - ok
17:37:13.0355 1276 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:37:13.0361 1276 dot3svc - ok
17:37:13.0386 1276 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:37:13.0389 1276 DPS - ok
17:37:13.0419 1276 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:37:13.0420 1276 drmkaud - ok
17:37:13.0462 1276 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:37:13.0468 1276 DXGKrnl - ok
17:37:13.0509 1276 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:37:13.0513 1276 EapHost - ok
17:37:13.0603 1276 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:37:13.0656 1276 ebdrv - ok
17:37:13.0731 1276 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:37:13.0789 1276 EFS - ok
17:37:13.0875 1276 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:37:13.0892 1276 ehRecvr - ok
17:37:13.0921 1276 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:37:13.0924 1276 ehSched - ok
17:37:13.0953 1276 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:37:13.0970 1276 elxstor - ok
17:37:14.0015 1276 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:37:14.0017 1276 ErrDev - ok
17:37:14.0163 1276 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:37:14.0169 1276 EventSystem - ok
17:37:14.0216 1276 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:37:14.0219 1276 exfat - ok
17:37:14.0245 1276 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:37:14.0249 1276 fastfat - ok
17:37:14.0322 1276 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:37:14.0380 1276 Fax - ok
17:37:14.0403 1276 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:37:14.0404 1276 fdc - ok
17:37:14.0421 1276 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:37:14.0432 1276 fdPHost - ok
17:37:14.0491 1276 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:37:14.0494 1276 FDResPub - ok
17:37:14.0511 1276 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:37:14.0514 1276 FileInfo - ok
17:37:14.0532 1276 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:37:14.0534 1276 Filetrace - ok
17:37:14.0646 1276 [ 64AB6F28047744B9B19C97459C2AB31B ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
17:37:14.0747 1276 FLEXnet Licensing Service 64 - ok
17:37:14.0774 1276 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:37:14.0777 1276 flpydisk - ok
17:37:14.0813 1276 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:37:14.0817 1276 FltMgr - ok
17:37:14.0858 1276 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:37:14.0898 1276 FontCache - ok
17:37:14.0996 1276 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:37:15.0102 1276 FontCache3.0.0.0 - ok
17:37:15.0157 1276 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:37:15.0162 1276 FsDepends - ok
17:37:15.0179 1276 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:37:15.0182 1276 Fs_Rec - ok
17:37:15.0231 1276 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:37:15.0288 1276 fvevol - ok
17:37:15.0313 1276 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:37:15.0316 1276 gagp30kx - ok
17:37:15.0487 1276 [ A6D90E322D7E2D124D0AE78F78AC1D0E ] GameConsoleService C:\Program Files (x86)\Dell Games\Dell Game Console\GameConsoleService.exe
17:37:15.0583 1276 GameConsoleService - ok
17:37:15.0615 1276 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:37:15.0616 1276 GEARAspiWDM - ok
17:37:15.0677 1276 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
17:37:15.0738 1276 GoToAssist - ok
17:37:15.0874 1276 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:37:15.0906 1276 gpsvc - ok
17:37:15.0999 1276 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:37:15.0999 1276 gupdate - ok
17:37:16.0046 1276 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:37:16.0046 1276 gupdatem - ok
17:37:16.0140 1276 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:37:16.0202 1276 gusvc - ok
17:37:16.0249 1276 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:37:16.0264 1276 hcw85cir - ok
17:37:16.0296 1276 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:37:16.0296 1276 HdAudAddService - ok
17:37:16.0342 1276 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:37:16.0342 1276 HDAudBus - ok
17:37:16.0358 1276 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:37:16.0358 1276 HidBatt - ok
17:37:16.0389 1276 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:37:16.0389 1276 HidBth - ok
17:37:16.0405 1276 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:37:16.0405 1276 HidIr - ok
17:37:16.0452 1276 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
17:37:16.0452 1276 hidserv - ok
17:37:16.0483 1276 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:37:16.0483 1276 HidUsb - ok
17:37:16.0530 1276 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:37:16.0530 1276 hkmsvc - ok
17:37:16.0545 1276 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:37:16.0561 1276 HomeGroupListener - ok
17:37:16.0639 1276 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:37:16.0654 1276 HomeGroupProvider - ok
17:37:16.0686 1276 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:37:16.0686 1276 HpSAMD - ok
17:37:16.0810 1276 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
17:37:16.0873 1276 HsfXAudioService - ok
17:37:16.0935 1276 [ 26C5D00321937E49B6BC91029947D094 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
17:37:16.0951 1276 HSF_DPV - ok
17:37:16.0982 1276 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:37:16.0982 1276 HTTP - ok
17:37:17.0013 1276 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:37:17.0013 1276 hwpolicy - ok
17:37:17.0029 1276 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:37:17.0044 1276 i8042prt - ok
17:37:17.0091 1276 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:37:17.0107 1276 iaStorV - ok
17:37:17.0247 1276 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:37:17.0325 1276 idsvc - ok
17:37:17.0544 1276 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:37:17.0622 1276 igfx - ok
17:37:17.0668 1276 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:37:17.0668 1276 iirsp - ok
17:37:17.0731 1276 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:37:17.0746 1276 IKEEXT - ok
17:37:17.0824 1276 [ F2B52C7B1C8E6A4FC4C4564F4A421F23 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:37:17.0840 1276 IntcAzAudAddService - ok
17:37:17.0887 1276 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:37:17.0887 1276 intelide - ok
17:37:17.0918 1276 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:37:17.0918 1276 intelppm - ok
17:37:17.0934 1276 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:37:17.0949 1276 IPBusEnum - ok
17:37:17.0980 1276 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:37:17.0980 1276 IpFilterDriver - ok
17:37:18.0043 1276 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:37:18.0058 1276 iphlpsvc - ok
17:37:18.0074 1276 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:37:18.0074 1276 IPMIDRV - ok
17:37:18.0090 1276 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:37:18.0105 1276 IPNAT - ok
17:37:18.0230 1276 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:37:18.0246 1276 iPod Service - ok
17:37:18.0324 1276 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:37:18.0339 1276 IRENUM - ok
17:37:18.0393 1276 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:37:18.0395 1276 isapnp - ok
17:37:18.0447 1276 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:37:18.0472 1276 iScsiPrt - ok
17:37:18.0510 1276 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:37:18.0511 1276 kbdclass - ok
17:37:18.0547 1276 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:37:18.0549 1276 kbdhid - ok
17:37:18.0589 1276 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:37:18.0592 1276 KeyIso - ok
17:37:18.0612 1276 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:37:18.0628 1276 KSecDD - ok
17:37:18.0655 1276 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:37:18.0658 1276 KSecPkg - ok
17:37:18.0676 1276 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:37:18.0678 1276 ksthunk - ok
17:37:18.0745 1276 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:37:18.0779 1276 KtmRm - ok
17:37:18.0846 1276 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:37:18.0851 1276 LanmanServer - ok
17:37:18.0897 1276 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:37:18.0904 1276 LanmanWorkstation - ok
17:37:18.0916 1276 Lbd - ok
17:37:18.0957 1276 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:37:18.0961 1276 lltdio - ok
17:37:19.0022 1276 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:37:19.0064 1276 lltdsvc - ok
17:37:19.0086 1276 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:37:19.0089 1276 lmhosts - ok
17:37:19.0167 1276 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:37:19.0210 1276 LSI_FC - ok
17:37:19.0236 1276 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:37:19.0239 1276 LSI_SAS - ok
17:37:19.0260 1276 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:37:19.0262 1276 LSI_SAS2 - ok
17:37:19.0285 1276 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:37:19.0288 1276 LSI_SCSI - ok
17:37:19.0314 1276 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:37:19.0316 1276 luafv - ok
17:37:19.0520 1276 [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
17:37:19.0592 1276 McComponentHostService - ok
17:37:19.0870 1276 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:37:19.0872 1276 mcmscsvc - ok
17:37:19.0946 1276 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:37:19.0948 1276 McNaiAnn - ok
17:37:19.0964 1276 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:37:19.0966 1276 McNASvc - ok
17:37:20.0109 1276 [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
17:37:20.0114 1276 McODS - ok
17:37:20.0130 1276 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:37:20.0132 1276 McProxy - ok
17:37:20.0210 1276 [ 275ED3A1DD6C5448C3DBAC4D82FDA4BE ] McPvDrv C:\Windows\system32\drivers\McPvDrv.sys
17:37:20.0243 1276 McPvDrv - ok
17:37:20.0288 1276 [ 23EA22ACADD66D7F1E18A4AA72BE6158 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
17:37:20.0348 1276 McShield - ok
17:37:20.0367 1276 MCSTRM - ok
17:37:20.0436 1276 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:37:20.0480 1276 Mcx2Svc - ok
17:37:20.0502 1276 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:37:20.0503 1276 mdmxsdk - ok
17:37:20.0534 1276 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:37:20.0572 1276 megasas - ok
17:37:20.0628 1276 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:37:20.0633 1276 MegaSR - ok
17:37:20.0671 1276 [ 19323081FA4018C9C1AEBF08114BEA11 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
17:37:20.0673 1276 mfeapfk - ok
17:37:20.0758 1276 [ EF1D39A70CAD1B7BEDC220480F26815C ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
17:37:20.0761 1276 mfeavfk - ok
17:37:20.0848 1276 mfeavfk01 - ok
17:37:21.0036 1276 [ 3CBBB569730EFD069B4BD253DDD4AD58 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
17:37:21.0130 1276 mfefire - ok
17:37:21.0301 1276 [ 67972BFC8F23054BD23E1DE1450E40BD ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
17:37:21.0305 1276 mfefirek - ok
17:37:21.0383 1276 [ 5C0EE849C03C37071FABDAA6B58D3D94 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
17:37:21.0403 1276 mfehidk - ok
17:37:21.0448 1276 [ 450B77CAC7384A9C1BAF476AC302CD4C ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
17:37:21.0450 1276 mferkdet - ok
17:37:21.0504 1276 [ 74CE2EBE64AB78904E33DD4C5F21611F ] mfevtp C:\Windows\system32\mfevtps.exe
17:37:21.0565 1276 mfevtp - ok
17:37:21.0590 1276 [ F55F9742BFA88D02F96516B80AB400EC ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
17:37:21.0606 1276 mfewfpk - ok
17:37:21.0721 1276 [ 551A5E070F5DF69A64463852E93009DD ] mitsijm2013 C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
17:37:21.0782 1276 mitsijm2013 - ok
17:37:21.0818 1276 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:37:21.0821 1276 MMCSS - ok
17:37:21.0848 1276 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:37:21.0850 1276 Modem - ok
17:37:21.0941 1276 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:37:21.0943 1276 monitor - ok
17:37:21.0987 1276 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:37:21.0988 1276 mouclass - ok
17:37:22.0022 1276 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:37:22.0023 1276 mouhid - ok
17:37:22.0047 1276 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:37:22.0049 1276 mountmgr - ok
17:37:22.0094 1276 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:37:22.0098 1276 mpio - ok
17:37:22.0128 1276 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:37:22.0130 1276 mpsdrv - ok
17:37:22.0212 1276 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:37:22.0264 1276 MpsSvc - ok
17:37:22.0316 1276 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:37:22.0319 1276 MRxDAV - ok
17:37:22.0404 1276 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:37:22.0406 1276 mrxsmb - ok
17:37:22.0538 1276 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:37:22.0542 1276 mrxsmb10 - ok
17:37:22.0562 1276 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:37:22.0564 1276 mrxsmb20 - ok
17:37:22.0590 1276 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:37:22.0592 1276 msahci - ok
17:37:22.0611 1276 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:37:22.0614 1276 msdsm - ok
17:37:22.0639 1276 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:37:22.0687 1276 MSDTC - ok
17:37:22.0753 1276 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:37:22.0753 1276 Msfs - ok
17:37:22.0831 1276 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:37:22.0925 1276 mshidkmdf - ok
17:37:22.0956 1276 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:37:22.0956 1276 msisadrv - ok
17:37:23.0018 1276 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:37:23.0018 1276 MSiSCSI - ok
17:37:23.0034 1276 msiserver - ok
17:37:23.0096 1276 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:37:23.0112 1276 MSKSSRV - ok
17:37:23.0187 1276 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:37:23.0199 1276 MSPCLOCK - ok
17:37:23.0233 1276 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:37:23.0239 1276 MSPQM - ok
17:37:23.0280 1276 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:37:23.0301 1276 MsRPC - ok
17:37:23.0341 1276 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:37:23.0342 1276 mssmbios - ok
17:37:23.0367 1276 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:37:23.0386 1276 MSTEE - ok
17:37:23.0456 1276 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:37:23.0465 1276 MTConfig - ok
17:37:23.0499 1276 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:37:23.0501 1276 Mup - ok
17:37:23.0586 1276 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:37:23.0594 1276 napagent - ok
17:37:23.0658 1276 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:37:23.0664 1276 NativeWifiP - ok
17:37:23.0716 1276 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
17:37:23.0752 1276 NDIS - ok
17:37:23.0784 1276 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:37:23.0786 1276 NdisCap - ok
17:37:23.0818 1276 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:37:23.0819 1276 NdisTapi - ok
17:37:23.0859 1276 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:37:23.0862 1276 Ndisuio - ok
17:37:23.0903 1276 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:37:23.0905 1276 NdisWan - ok
17:37:23.0949 1276 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:37:23.0950 1276 NDProxy - ok
17:37:24.0024 1276 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:37:24.0026 1276 NetBIOS - ok
17:37:24.0066 1276 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:37:24.0068 1276 NetBT - ok
17:37:24.0089 1276 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:37:24.0092 1276 Netlogon - ok
17:37:24.0176 1276 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:37:24.0185 1276 Netman - ok
17:37:24.0283 1276 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:37:24.0376 1276 NetMsmqActivator - ok
17:37:24.0413 1276 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:37:24.0414 1276 NetPipeActivator - ok
17:37:24.0434 1276 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:37:24.0443 1276 netprofm - ok
17:37:24.0456 1276 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:37:24.0458 1276 NetTcpActivator - ok
17:37:24.0472 1276 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:37:24.0473 1276 NetTcpPortSharing - ok
17:37:24.0615 1276 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:37:24.0617 1276 nfrd960 - ok
17:37:24.0654 1276 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:37:24.0670 1276 NlaSvc - ok
17:37:24.0693 1276 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:37:24.0694 1276 Npfs - ok
17:37:24.0723 1276 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:37:24.0727 1276 nsi - ok
17:37:24.0771 1276 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:37:24.0772 1276 nsiproxy - ok
17:37:25.0236 1276 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:37:25.0272 1276 Ntfs - ok
17:37:25.0305 1276 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:37:25.0306 1276 Null - ok
17:37:25.0381 1276 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:37:25.0414 1276 nvraid - ok
17:37:25.0436 1276 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:37:25.0440 1276 nvstor - ok
17:37:25.0463 1276 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:37:25.0466 1276 nv_agp - ok
17:37:25.0490 1276 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:37:25.0493 1276 ohci1394 - ok
17:37:25.0601 1276 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:37:25.0621 1276 p2pimsvc - ok
17:37:25.0701 1276 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:37:25.0717 1276 p2psvc - ok
17:37:25.0751 1276 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:37:25.0779 1276 Parport - ok
17:37:25.0852 1276 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:37:25.0859 1276 partmgr - ok
17:37:25.0993 1276 [ 3DAB6354ED3FFC48EAE6332AD2F0AD51 ] PasswordBox C:\Program Files (x86)\PasswordBox\pbbtnService.exe
17:37:26.0150 1276 PasswordBox - ok
17:37:26.0187 1276 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:37:26.0193 1276 PcaSvc - ok
17:37:26.0216 1276 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:37:26.0219 1276 pci - ok
17:37:26.0246 1276 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:37:26.0248 1276 pciide - ok
17:37:26.0276 1276 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:37:26.0281 1276 pcmcia - ok
17:37:26.0308 1276 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:37:26.0310 1276 pcw - ok
17:37:26.0344 1276 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:37:26.0349 1276 PEAUTH - ok
17:37:26.0650 1276 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:37:26.0650 1276 PerfHost - ok
17:37:26.0775 1276 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:37:26.0853 1276 pla - ok
17:37:26.0962 1276 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:37:26.0978 1276 PlugPlay - ok
17:37:27.0009 1276 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:37:27.0009 1276 PNRPAutoReg - ok
17:37:27.0040 1276 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:37:27.0040 1276 PNRPsvc - ok
17:37:27.0087 1276 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:37:27.0149 1276 PolicyAgent - ok
17:37:27.0165 1276 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:37:27.0165 1276 Power - ok
17:37:27.0227 1276 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:37:27.0243 1276 PptpMiniport - ok
17:37:27.0305 1276 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:37:27.0305 1276 Processor - ok
17:37:27.0352 1276 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
17:37:27.0352 1276 ProfSvc - ok
17:37:27.0368 1276 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:37:27.0383 1276 ProtectedStorage - ok
17:37:27.0461 1276 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:37:27.0461 1276 Psched - ok
17:37:27.0492 1276 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
17:37:27.0492 1276 PxHlpa64 - ok
17:37:27.0648 1276 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:37:27.0680 1276 ql2300 - ok
17:37:27.0714 1276 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:37:27.0717 1276 ql40xx - ok
17:37:27.0790 1276 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:37:27.0796 1276 QWAVE - ok
17:37:27.0886 1276 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:37:27.0888 1276 QWAVEdrv - ok
17:37:27.0912 1276 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:37:27.0914 1276 RasAcd - ok
17:37:27.0973 1276 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:37:27.0974 1276 RasAgileVpn - ok
17:37:27.0999 1276 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:37:28.0003 1276 RasAuto - ok
17:37:28.0024 1276 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:37:28.0026 1276 Rasl2tp - ok
17:37:28.0058 1276 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:37:28.0074 1276 RasMan - ok
17:37:28.0104 1276 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:37:28.0107 1276 RasPppoe - ok
17:37:28.0181 1276 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:37:28.0183 1276 RasSstp - ok
17:37:28.0202 1276 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:37:28.0206 1276 rdbss - ok
17:37:28.0226 1276 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:37:28.0228 1276 rdpbus - ok
17:37:28.0258 1276 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:37:28.0259 1276 RDPCDD - ok
17:37:28.0284 1276 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:37:28.0285 1276 RDPENCDD - ok
17:37:28.0306 1276 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:37:28.0307 1276 RDPREFMP - ok
17:37:28.0330 1276 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:37:28.0381 1276 RDPWD - ok
17:37:28.0407 1276 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:37:28.0410 1276 rdyboost - ok
17:37:28.0460 1276 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:37:28.0464 1276 RemoteAccess - ok
17:37:28.0490 1276 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:37:28.0495 1276 RemoteRegistry - ok
17:37:28.0639 1276 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
17:37:28.0695 1276 Revoflt - ok
17:37:28.0724 1276 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:37:28.0727 1276 RpcEptMapper - ok
17:37:28.0771 1276 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:37:28.0774 1276 RpcLocator - ok
17:37:28.0799 1276 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:37:28.0806 1276 RpcSs - ok
17:37:28.0827 1276 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:37:28.0829 1276 rspndr - ok
17:37:28.0860 1276 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:37:28.0865 1276 RTL8167 - ok
17:37:28.0889 1276 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:37:28.0891 1276 SamSs - ok
17:37:28.0923 1276 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:37:28.0927 1276 sbp2port - ok
17:37:28.0954 1276 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:37:28.0971 1276 SCardSvr - ok
17:37:28.0992 1276 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:37:28.0994 1276 scfilter - ok
17:37:29.0037 1276 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:37:29.0064 1276 Schedule - ok
17:37:29.0108 1276 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:37:29.0110 1276 SCPolicySvc - ok
17:37:29.0151 1276 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:37:29.0157 1276 SDRSVC - ok
17:37:29.0192 1276 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:37:29.0193 1276 secdrv - ok
17:37:29.0218 1276 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:37:29.0225 1276 seclogon - ok
17:37:29.0249 1276 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:37:29.0252 1276 SENS - ok
17:37:29.0273 1276 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:37:29.0276 1276 SensrSvc - ok
17:37:29.0297 1276 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:37:29.0299 1276 Serenum - ok
17:37:29.0335 1276 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:37:29.0338 1276 Serial - ok
17:37:29.0389 1276 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:37:29.0391 1276 sermouse - ok
17:37:29.0442 1276 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:37:29.0446 1276 SessionEnv - ok
17:37:29.0467 1276 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:37:29.0469 1276 sffdisk - ok
17:37:29.0484 1276 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:37:29.0487 1276 sffp_mmc - ok
17:37:29.0508 1276 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:37:29.0510 1276 sffp_sd - ok
17:37:29.0534 1276 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:37:29.0536 1276 sfloppy - ok
17:37:29.0672 1276 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
17:37:29.0789 1276 SftService - ok
17:37:29.0843 1276 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:37:29.0854 1276 SharedAccess - ok
17:37:29.0889 1276 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:37:29.0905 1276 ShellHWDetection - ok
17:37:29.0956 1276 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:37:29.0958 1276 SiSRaid2 - ok
17:37:30.0003 1276 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:37:30.0010 1276 SiSRaid4 - ok
17:37:30.0042 1276 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:37:30.0045 1276 Smb - ok
17:37:30.0151 1276 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:37:30.0158 1276 SNMPTRAP - ok
17:37:30.0206 1276 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:37:30.0208 1276 spldr - ok
17:37:30.0267 1276 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
17:37:30.0274 1276 Spooler - ok
17:37:30.0387 1276 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:37:30.0504 1276 sppsvc - ok
17:37:30.0522 1276 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:37:30.0526 1276 sppuinotify - ok
17:37:30.0608 1276 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellComms C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
17:37:30.0612 1276 sprtsvc_DellComms - ok
17:37:30.0645 1276 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:37:30.0650 1276 srv - ok
17:37:30.0677 1276 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:37:30.0680 1276 srv2 - ok
17:37:30.0705 1276 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:37:30.0707 1276 srvnet - ok
17:37:30.0739 1276 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:37:30.0744 1276 SSDPSRV - ok
17:37:30.0772 1276 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:37:30.0776 1276 SstpSvc - ok
17:37:30.0798 1276 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:37:30.0800 1276 stexstor - ok
17:37:30.0835 1276 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
17:37:30.0836 1276 StillCam - ok
17:37:30.0893 1276 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:37:30.0911 1276 stisvc - ok
17:37:30.0937 1276 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:37:30.0939 1276 swenum - ok
17:37:30.0965 1276 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:37:30.0982 1276 swprv - ok
17:37:31.0030 1276 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:37:31.0053 1276 SysMain - ok
17:37:31.0084 1276 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:37:31.0084 1276 TabletInputService - ok
17:37:31.0147 1276 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:37:31.0162 1276 TapiSrv - ok
17:37:31.0178 1276 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:37:31.0178 1276 TBS - ok
17:37:31.0365 1276 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:37:31.0396 1276 Tcpip - ok
17:37:31.0443 1276 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:37:31.0459 1276 TCPIP6 - ok
17:37:31.0490 1276 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:37:31.0490 1276 tcpipreg - ok
17:37:31.0537 1276 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:37:31.0537 1276 TDPIPE - ok
17:37:31.0552 1276 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:37:31.0552 1276 TDTCP - ok
17:37:31.0599 1276 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:37:31.0599 1276 tdx - ok
17:37:31.0615 1276 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:37:31.0615 1276 TermDD - ok
17:37:31.0708 1276 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:37:31.0724 1276 TermService - ok
17:37:31.0739 1276 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:37:31.0739 1276 Themes - ok
17:37:31.0802 1276 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:37:31.0802 1276 THREADORDER - ok
17:37:31.0833 1276 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:37:31.0833 1276 TrkWks - ok
17:37:31.0911 1276 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:37:31.0911 1276 TrustedInstaller - ok
17:37:31.0958 1276 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:37:31.0958 1276 tssecsrv - ok
17:37:31.0989 1276 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:37:32.0005 1276 TsUsbFlt - ok
17:37:32.0051 1276 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:37:32.0051 1276 tunnel - ok
17:37:32.0083 1276 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:37:32.0098 1276 uagp35 - ok
17:37:32.0161 1276 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:37:32.0161 1276 udfs - ok
17:37:32.0227 1276 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:37:32.0252 1276 UI0Detect - ok
17:37:32.0277 1276 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:37:32.0279 1276 uliagpkx - ok
17:37:32.0318 1276 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:37:32.0320 1276 umbus - ok
17:37:32.0384 1276 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:37:32.0386 1276 UmPass - ok
17:37:32.0412 1276 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:37:32.0429 1276 upnphost - ok
17:37:32.0456 1276 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:37:32.0459 1276 USBAAPL64 - ok
17:37:32.0500 1276 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:37:32.0503 1276 usbaudio - ok
17:37:32.0522 1276 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:37:32.0525 1276 usbccgp - ok
17:37:32.0555 1276 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:37:32.0558 1276 usbcir - ok
17:37:32.0581 1276 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:37:32.0582 1276 usbehci - ok
17:37:32.0691 1276 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:37:32.0694 1276 usbhub - ok
17:37:32.0722 1276 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:37:32.0729 1276 usbohci - ok
17:37:32.0765 1276 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:37:32.0798 1276 usbprint - ok
17:37:32.0840 1276 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:37:32.0850 1276 usbscan - ok
17:37:32.0881 1276 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:37:32.0883 1276 USBSTOR - ok
17:37:32.0907 1276 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:37:32.0908 1276 usbuhci - ok
17:37:33.0048 1276 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:37:33.0054 1276 UxSms - ok
17:37:33.0089 1276 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:37:33.0091 1276 VaultSvc - ok
17:37:33.0147 1276 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:37:33.0148 1276 vdrvroot - ok
17:37:33.0239 1276 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:37:33.0252 1276 vds - ok
17:37:33.0282 1276 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:37:33.0298 1276 vga - ok
17:37:33.0329 1276 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:37:33.0331 1276 VgaSave - ok
17:37:33.0357 1276 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:37:33.0378 1276 vhdmp - ok
17:37:33.0411 1276 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:37:33.0413 1276 viaide - ok
17:37:33.0441 1276 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:37:33.0443 1276 volmgr - ok
17:37:33.0474 1276 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:37:33.0490 1276 volmgrx - ok
17:37:33.0517 1276 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:37:33.0523 1276 volsnap - ok
17:37:33.0552 1276 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:37:33.0633 1276 vsmraid - ok
17:37:33.0748 1276 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:37:33.0812 1276 VSS - ok
17:37:33.0866 1276 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:37:33.0868 1276 vwifibus - ok
17:37:33.0940 1276 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:37:33.0947 1276 W32Time - ok
17:37:33.0999 1276 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:37:34.0001 1276 WacomPen - ok
17:37:34.0038 1276 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:37:34.0040 1276 WANARP - ok
17:37:34.0058 1276 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:37:34.0060 1276 Wanarpv6 - ok
17:37:34.0164 1276 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:37:34.0238 1276 WatAdminSvc - ok
17:37:34.0304 1276 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:37:34.0376 1276 wbengine - ok
17:37:34.0392 1276 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:37:34.0398 1276 WbioSrvc - ok
17:37:34.0417 1276 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:37:34.0426 1276 wcncsvc - ok
17:37:34.0452 1276 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:37:34.0457 1276 WcsPlugInService - ok
17:37:34.0480 1276 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:37:34.0482 1276 Wd - ok
17:37:34.0521 1276 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:37:34.0539 1276 Wdf01000 - ok
17:37:34.0555 1276 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:37:34.0559 1276 WdiServiceHost - ok
17:37:34.0572 1276 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:37:34.0576 1276 WdiSystemHost - ok
17:37:34.0598 1276 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:37:34.0606 1276 WebClient - ok
17:37:34.0622 1276 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:37:34.0628 1276 Wecsvc - ok
17:37:34.0644 1276 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:37:34.0650 1276 wercplsupport - ok
17:37:34.0673 1276 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:37:34.0677 1276 WerSvc - ok
17:37:34.0704 1276 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:37:34.0706 1276 WfpLwf - ok
17:37:34.0731 1276 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
17:37:34.0735 1276 WimFltr - ok
17:37:34.0756 1276 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:37:34.0758 1276 WIMMount - ok
17:37:34.0832 1276 [ A6EA7A3FC4B00F48535B506DB1E86EFD ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
17:37:34.0838 1276 winachsf - ok
17:37:34.0855 1276 WinDefend - ok
17:37:34.0886 1276 WinHttpAutoProxySvc - ok
17:37:34.0961 1276 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:37:34.0965 1276 Winmgmt - ok
17:37:35.0038 1276 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:37:35.0081 1276 WinRM - ok
17:37:35.0162 1276 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
17:37:35.0165 1276 WinUsb - ok
17:37:35.0219 1276 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:37:35.0237 1276 Wlansvc - ok
17:37:35.0368 1276 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:37:35.0430 1276 wlidsvc - ok
17:37:35.0493 1276 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:37:35.0495 1276 WmiAcpi - ok
17:37:35.0547 1276 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:37:35.0551 1276 wmiApSrv - ok
17:37:35.0560 1276 WMPNetworkSvc - ok
17:37:35.0591 1276 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:37:35.0591 1276 WPCSvc - ok
17:37:35.0607 1276 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:37:35.0623 1276 WPDBusEnum - ok
17:37:35.0638 1276 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:37:35.0638 1276 ws2ifsl - ok
17:37:35.0669 1276 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
17:37:35.0669 1276 wscsvc - ok
17:37:35.0716 1276 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
17:37:35.0716 1276 WSDPrintDevice - ok
17:37:35.0732 1276 WSearch - ok
17:37:35.0810 1276 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:37:35.0857 1276 wuauserv - ok
17:37:35.0903 1276 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:37:35.0903 1276 WudfPf - ok
17:37:35.0950 1276 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:37:35.0966 1276 WUDFRd - ok
17:37:35.0981 1276 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:37:35.0981 1276 wudfsvc - ok
17:37:36.0013 1276 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:37:36.0028 1276 WwanSvc - ok
17:37:36.0059 1276 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
17:37:36.0059 1276 XAudio - ok
17:37:36.0075 1276 ================ Scan global ===============================
17:37:36.0137 1276 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:37:36.0215 1276 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:37:36.0247 1276 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:37:36.0278 1276 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:37:36.0293 1276 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:37:36.0309 1276 [Global] - ok
17:37:36.0309 1276 ================ Scan MBR ==================================
17:37:36.0325 1276 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
17:37:36.0621 1276 \Device\Harddisk0\DR0 - ok
17:37:36.0621 1276 ================ Scan VBR ==================================
17:37:36.0621 1276 [ A5766D9079553EED2A9326838C683FAC ] \Device\Harddisk0\DR0\Partition1
17:37:36.0637 1276 \Device\Harddisk0\DR0\Partition1 - ok
17:37:36.0652 1276 [ 8B59D72876080212D7CC76E0ACC3B8E9 ] \Device\Harddisk0\DR0\Partition2
17:37:36.0652 1276 \Device\Harddisk0\DR0\Partition2 - ok
17:37:36.0652 1276 ============================================================
17:37:36.0652 1276 Scan finished
17:37:36.0652 1276 ============================================================
17:37:36.0750 5308 Detected object count: 0
17:37:36.0750 5308 Actual detected object count: 0
drjpaulwede
Regular Member
 
Posts: 37
Joined: February 17th, 2013, 8:30 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 130 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware