I have run the OTL & the AdwCleaner: I did the scan only for the OTL (NO cleaning!). I thinnk I messed up with the AdwCleaner, though: I see that it cleaned malware: I am enclosing the R0, R1,R2 (also have the So,S1,S2- if you need them). I am very sory if I did this incorrectly.... Anyway (upset with myself) I am copying and pasting the tiems you requested- if you don't want to help me - I understand.... Please accept my apology for not following the instructions exactly as you outlined
Here is the text:
OTL info:
OTL.txt:
OTL logfile created on: 6/9/2014 11:01:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\poc\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16866)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 50.69% Memory free
8.00 Gb Paging File | 5.72 Gb Available in Paging File | 71.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 413.57 Gb Free Space | 88.81% Space Free | Partition Type: NTFS
Drive D: | 38.28 Gb Total Space | 19.90 Gb Free Space | 51.99% Space Free | Partition Type: NTFS
Drive E: | 390.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.73 Gb Total Space | 366.47 Gb Free Space | 78.69% Space Free | Partition Type: NTFS
Computer Name: POC-PC | User Name: poc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2014/06/09 22:59:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\poc\Downloads\OTL.com
PRC - [2014/06/05 21:05:52 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/06/05 00:03:41 | 000,109,048 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2014/06/04 23:52:26 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/05/19 18:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\poc\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/05/14 22:55:34 | 000,257,224 | ---- | M] (Microsoft Corporation) -- C:\Users\poc\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2014/05/14 00:07:22 | 001,863,856 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
PRC - [2014/05/09 22:36:34 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/05/09 16:39:04 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2014/05/09 16:23:24 | 005,562,736 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2014/05/09 16:21:56 | 000,295,800 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2014/04/25 14:14:28 | 004,101,584 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2014/04/25 14:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2014/04/25 14:12:10 | 002,081,752 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/04/25 14:12:06 | 001,738,200 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2014/04/12 10:43:39 | 001,876,816 | ---- | M] (SurfRight B.V.) -- C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
PRC - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2013/04/09 11:47:58 | 000,320,000 | ---- | M] (Photobucket) -- C:\Program Files (x86)\Photobucket Backup\Photobucket.App.exe
PRC - [2012/05/20 19:33:18 | 001,138,688 | ---- | M] (MAXA Research Int'l Inc.) -- C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe
PRC - [2012/05/16 21:35:54 | 001,913,344 | ---- | M] () -- C:\Program Files (x86)\All-in-One Submission 9.0\All-in-One Submission 9.58.exe
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
========== Modules (No Company Name) ========== MOD - [2014/06/09 21:55:58 | 000,043,008 | ---- | M] () -- c:\Users\poc\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfplb6_.dll
MOD - [2014/06/04 23:52:29 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/05/15 00:14:13 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll
MOD - [2014/05/15 00:14:13 | 000,785,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\ee550c3d485d44c7fbeeafe12a3e318b\System.EnterpriseServices.ni.dll
MOD - [2014/05/15 00:14:13 | 000,250,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\ee550c3d485d44c7fbeeafe12a3e318b\System.EnterpriseServices.Wrapper.dll
MOD - [2014/05/14 00:07:21 | 016,361,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
MOD - [2014/05/09 22:36:18 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/04/25 14:11:24 | 000,167,768 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2014/04/25 14:11:22 | 000,109,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2014/04/25 14:11:20 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2014/02/26 18:48:45 | 013,901,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\e1a31634a43becfaae07ce060f2d215b\System.Data.Entity.ni.dll
MOD - [2014/02/26 18:48:29 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\0d3cb1df8b6af32cebdc6e2cc4948c69\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2014/02/26 18:48:28 | 000,025,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\c6ab75afe61e2065e65a2faa795abff9\PresentationFramework-SystemCore.ni.dll
MOD - [2014/02/26 18:48:28 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
MOD - [2014/02/26 18:48:28 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\af02d03484578dbc357d1df8d1b6fd01\PresentationFramework-SystemData.ni.dll
MOD - [2014/02/26 18:47:50 | 000,124,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windc7c43db6#\d41dabb3af6c9f57cf35d4d414591184\System.Windows.Interactivity.ni.dll
MOD - [2014/02/26 18:47:22 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll
MOD - [2014/02/26 18:47:16 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014/02/26 18:47:16 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\c94c36c9ae776de930f2aacb6dd51c38\UIAutomationProvider.ni.dll
MOD - [2014/02/26 02:27:23 | 001,172,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data86569bbf#\42e4e0c2624e0f686d87fa4011455fac\System.Data.OracleClient.ni.dll
MOD - [2014/02/26 02:27:20 | 000,660,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\2053b0e14f1e64a5c5d6d1c4d01485a2\System.Transactions.ni.dll
MOD - [2014/02/26 02:27:19 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/26 02:27:19 | 000,241,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#\2526b5a3ab48717e858a08c3a4a8000c\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2014/02/26 02:27:17 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll
MOD - [2014/02/26 02:27:13 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/26 02:27:12 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll
MOD - [2014/02/26 02:27:09 | 001,861,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\b71ff7f0fb61d547d06ba13548d68748\System.Deployment.ni.dll
MOD - [2014/02/26 02:27:03 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/26 02:27:02 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/26 02:27:01 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/26 02:27:01 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/02/26 02:27:00 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/26 02:26:56 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/26 02:26:56 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll
MOD - [2014/02/26 02:26:54 | 001,632,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\e8f04d39ea7c8991d91498f2867f2c25\Microsoft.CSharp.ni.dll
MOD - [2014/02/26 02:26:54 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\fcffb45098807dbf4f96bb133936789a\System.Security.ni.dll
MOD - [2014/02/26 02:26:54 | 000,394,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\9c792f26e959188b200cd732e1c1d583\System.Dynamic.ni.dll
MOD - [2014/02/26 02:26:53 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/26 02:26:52 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/26 02:26:49 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/26 02:26:48 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/26 02:26:43 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/26 02:26:43 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014/02/12 21:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 21:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/02 19:09:26 | 003,610,624 | ---- | M] () -- C:\Users\poc\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/08/23 13:01:44 | 025,100,288 | ---- | M] () -- C:\Users\poc\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/07/10 18:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2012/05/16 21:35:54 | 001,913,344 | ---- | M] () -- C:\Program Files (x86)\All-in-One Submission 9.0\All-in-One Submission 9.58.exe
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2010/12/19 20:19:56 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\MAXA Cookie Manager\DirectCOM.dll
MOD - [2010/12/19 20:16:06 | 000,338,944 | ---- | M] () -- C:\Program Files (x86)\MAXA Cookie Manager\sqlite36_engine.dll
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
========== Services (SafeList) ========== SRV:
64bit: - [2014/06/05 00:03:41 | 000,109,048 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:
64bit: - [2014/06/04 23:52:26 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:
64bit: - [2014/03/29 12:40:53 | 000,127,752 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:
64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:
64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:
64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:
64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/14 00:07:23 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/09 22:36:34 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/09 16:39:04 | 001,042,808 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2014/05/09 16:21:56 | 000,295,800 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2014/04/12 10:43:39 | 001,876,816 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe -- (hmpalertsvc)
SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/30 22:25:07 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2014/06/05 00:04:55 | 000,447,888 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:
64bit: - [2014/06/05 00:03:48 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:
64bit: - [2014/06/04 23:52:58 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:
64bit: - [2014/06/04 23:52:58 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:
64bit: - [2014/06/04 23:52:58 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:
64bit: - [2014/06/04 23:52:31 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:
64bit: - [2014/06/04 23:52:30 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:
64bit: - [2014/06/04 23:52:30 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:
64bit: - [2014/06/04 23:52:30 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:
64bit: - [2014/06/04 23:52:30 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:
64bit: - [2014/06/04 23:52:18 | 000,044,640 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswTap.sys -- (aswTap)
DRV:
64bit: - [2014/04/28 03:33:58 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:
64bit: - [2014/04/12 10:43:39 | 000,093,144 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hmpalert.sys -- (hmpalert)
DRV:
64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:
64bit: - [2013/09/16 22:43:28 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:
64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:
64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:
64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:
64bit: - [2010/11/20 21:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:
64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:
64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/07/13 15:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:
64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:
64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:
64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:
64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.com/?pc=MSSEIE:
64bit: - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}
IE:
64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:
64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:
64bit: - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" =
http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.com/?pc=AV01IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" =
http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
http://www.msn.com/?pc=AV01IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.com/?pc=AV01IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 AA 46 A5 11 FE CE 01 [binary data]
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" =
http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFD_enUS557
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" =
http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\..\SearchScopes\{9A3190D5-77A9-4E05-BC3F-2AEB4E23D2F8}: "URL" =
http://ctrlq.org/google/?q={searchTerms}
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Microsoft (Bing)"
FF - prefs.js..browser.search.defaultenginename: "Microsoft (Bing)"
FF - prefs.js..browser.search.defaultthis.engineName: "Microsoft (Bing)"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search"
FF - prefs.js..browser.search.order.1: "Microsoft (Bing)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: maxacookie%40maxatools.com:5.3.04
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.28
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/06/05 00:03:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\maxacookie@maxatools.com: C:\Program Files (x86)\MAXA Cookie Manager\extension [2013/07/04 15:01:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\sp2@sp.com: C:\Program Files (x86)\Social Privacy\FF\
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013/07/25 22:53:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\poc\AppData\Roaming\Mozilla\Extensions
[2014/06/04 23:57:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\extensions
[2014/05/13 22:34:04 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2014/05/28 00:12:13 | 000,212,462 | ---- | M] () (No name found) -- C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\extensions\jid0-f3OYUKmtG4wmVwkBHma48wARqig@jetpack.xpi
[2014/05/17 22:21:16 | 000,164,313 | ---- | M] () (No name found) -- C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\extensions\rankchecker@seobook.com.xpi
[2014/01/04 01:09:24 | 000,024,838 | ---- | M] () (No name found) -- C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\extensions\sm@submitter.net.xpi
[2014/06/03 23:19:06 | 000,533,636 | ---- | M] () (No name found) -- C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/04/30 23:06:18 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/01/02 20:49:21 | 000,150,579 | ---- | M] () (No name found) -- C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi
[2014/06/04 23:57:44 | 000,005,830 | ---- | M] () -- C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\searchplugins\bing-avast.xml
[2014/02/04 00:12:04 | 000,001,935 | ---- | M] () -- C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\searchplugins\savefromnet---direct-links.xml
[2013/11/23 14:31:33 | 000,001,100 | ---- | M] () -- C:\Users\poc\AppData\Roaming\Mozilla\Firefox\Profiles\5ncp2a6q.default\searchplugins\sweetpacks-a5-customized-web-search.xml
[2014/05/09 22:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/09 22:36:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/04 15:01:39 | 000,000,000 | ---D | M] (MAXA Cookie Manager) -- C:\PROGRAM FILES (X86)\MAXA COOKIE MANAGER\EXTENSION
========== Chrome ========== CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
http://search.conduit.com/?ctid=CT33172 ... 7ED7&SSPV=CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Kudani FeedGrabber = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\behceiemikmgnpbcnbmjidgpkhdoammf\1.0_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: QuickPin = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhogoimaoahmedeeahleijnpljdbammj\0.1_0\
CHR - Extension: YouTube = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: DuckDuckGo for Chrome = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao\42.5.17_0\
CHR - Extension: Local Rss Reader = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cemddjmmnfebpkpkonmbkdmakilpkcid\0.1.8_0\
CHR - Extension: Google Search = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: FromDocToPDF = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp\8.27.3.62724_0\
CHR - Extension: MozBar = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp\3.0.69_0\
CHR - Extension: Search All = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\eekjldapjblgadclklmgolijbagmdnfk\2.2.20_0\
CHR - Extension: Just Pin It = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\eokdcgmibpioegghefegkcdjcbiggefe\1.2.5_0\
CHR - Extension: avast! Online Security = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: SearchPreview = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcjdanpjacpeeppdjkppebobilhaglfo\3.4_0\
CHR - Extension: Shareaholic for Pinterest = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjkehmceppcpjoaoegdmffmkdhiegmc\2.0.2_0\
CHR - Extension: Find similar images = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\maajjfmghhdilbcfpicokkfaafoapicg\0.1.1_0\
CHR - Extension: Pinner for Pinterest = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndiedfldbpmieeknpleihpglnhgonlni\1.95_0\
CHR - Extension: Google Wallet = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Personal Blocklist (by Google) = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef\2.5.1_0\
CHR - Extension: Google Quick Scroll = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\2.2.2_0\
CHR - Extension: Gmail = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Space Planet = C:\Users\poc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb\1.2_0\
O1 HOSTS File: ([2014/06/04 23:19:51 | 000,450,029 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 updaterspro.com
O1 - Hosts: 127.0.0.1 browsersafeguard.com
O1 - Hosts: 127.0.0.1 thinkcreditreports.com
O1 - Hosts: 127.0.0.1 mindspark.com
O1 - Hosts: 127.0.0.1 loa.teebik.com
O1 - Hosts: 127.0.0.1
www.007guard.comO1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1
www.008k.comO1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1
www.00hq.comO1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1
www.032439.comO1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1
www.0scan.comO1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1
www.1000gratisproben.comO1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1
www.1001namen.comO1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1
www.100888290cs.comO1 - Hosts: 127.0.0.1
www.100sexlinks.comO1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 15474 more lines...
O2:
64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:
64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Photobucket Backup] C:\Program Files (x86)\Photobucket Backup\Photobucket.App.exe (Photobucket)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000..\Run: [DRL Sheduler] C:\Program Files (x86)\All-in-One Submission 9.0\All-in-One Submission 9.58.exe ()
O4 - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000..\Run: [MSCS] C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe (MAXA Research Int'l Inc.)
O4 - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000..\Run: [SkyDrive] C:\Users\poc\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\poc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\poc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-1338860540-2610657624-1817482183-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O8:
64bit: - Extra context menu item: Download all with Free Download Manager -
file://C:\Program Files (x86)\Free Download Manager\dlall.htm File not found
O8:
64bit: - Extra context menu item: Download selected with Free Download Manager -
file://C:\Program Files (x86)\Free Download Manager\dlselected.htm File not found
O8:
64bit: - Extra context menu item: Download video with Free Download Manager -
file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm File not found
O8:
64bit: - Extra context menu item: Download with Free Download Manager -
file://C:\Program Files (x86)\Free Download Manager\dllink.htm File not found
O8 - Extra context menu item: Download all with Free Download Manager -
file://C:\Program Files (x86)\Free Download Manager\dlall.htm File not found
O8 - Extra context menu item: Download selected with Free Download Manager -
file://C:\Program Files (x86)\Free Download Manager\dlselected.htm File not found
O8 - Extra context menu item: Download video with Free Download Manager -
file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm File not found
O8 - Extra context menu item: Download with Free Download Manager -
file://C:\Program Files (x86)\Free Download Manager\dllink.htm File not found
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 75.126.206.18,184.173.169.186
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66846920-3138-4505-81DF-830DA6BEFF14}: DhcpNameServer = 77.234.40.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9538853E-1BA6-4141-9062-9F66CCEEC04E}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9538853E-1BA6-4141-9062-9F66CCEEC04E}: NameServer = 75.126.206.18,184.173.169.186
O18:
64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:
64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/10/29 15:16:26 | 000,000,113 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ========== [2014/06/07 22:56:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/06/07 22:56:00 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/06/07 22:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/06/07 22:55:52 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/06/07 22:55:52 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/06/07 22:55:52 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/06/07 22:55:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/06/06 23:46:14 | 000,000,000 | -HSD | C] -- C:\Jumpshot
[2014/06/06 23:42:21 | 000,000,000 | ---D | C] -- C:\Windows\jumpshot.com
[2014/06/06 22:24:43 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/06/06 22:18:58 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/05 00:04:11 | 000,028,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2014/06/05 00:03:41 | 000,447,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/06/04 23:53:36 | 000,000,000 | ---D | C] -- C:\Users\poc\AppData\Roaming\AVAST Software
[2014/06/04 23:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/06/04 23:52:44 | 000,085,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/06/04 23:52:40 | 001,039,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys.1401947577172
[2014/06/04 23:52:40 | 001,039,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/06/04 23:52:40 | 000,423,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys.1401947577172
[2014/06/04 23:52:40 | 000,423,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/06/04 23:52:39 | 000,079,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/06/04 23:52:37 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/06/04 23:52:34 | 000,334,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/06/04 23:52:29 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/06/04 23:52:18 | 000,044,640 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\aswTap.sys
[2014/06/04 23:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/06/04 23:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/06/04 23:34:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TotalSystemCare
[2014/06/04 22:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/06/04 22:49:31 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014/06/04 22:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/06/04 22:49:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/06/04 22:34:09 | 000,000,000 | ---D | C] -- C:\Users\poc\AppData\Local\WeatherBug
[2014/06/04 22:34:07 | 000,000,000 | ---D | C] -- C:\Users\poc\AppData\Roaming\WeatherBug
[2014/06/04 22:34:02 | 000,000,000 | ---D | C] -- C:\Users\poc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeatherBug
[2014/06/04 22:34:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AWS
[2014/06/03 23:17:23 | 000,000,000 | R--D | C] -- C:\Users\poc\My SpeedyBackup SyncFolder
[2014/05/28 12:17:18 | 000,000,000 | ---D | C] -- C:\Users\poc\Desktop\KUDANIBU
[2014/05/28 11:53:09 | 000,000,000 | ---D | C] -- C:\Users\poc\Documents\__MACOSX
[2014/05/28 00:26:14 | 000,000,000 | ---D | C] -- C:\Users\poc\Desktop\kudani-images
[2014/05/28 00:23:44 | 000,000,000 | ---D | C] -- C:\Users\poc\Desktop\kudani-install
[2014/05/27 23:07:20 | 000,000,000 | ---D | C] -- C:\Users\poc\Documents\kudani
[2014/05/26 23:36:59 | 000,000,000 | ---D | C] -- C:\Users\poc\AppData\Roaming\com.pageone.Kudani
[2014/05/26 23:36:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PageOneTraffic
[2014/05/26 23:36:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PageOneTraffic
[2014/05/17 22:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\All-in-One Submission 9.0
[2014/05/17 22:29:36 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2014/05/17 12:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2014/05/15 00:17:48 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/15 00:17:48 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/15 00:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/14 20:11:36 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/14 20:11:34 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/14 20:11:19 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/14 20:11:18 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/14 20:11:18 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/14 20:11:18 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/14 20:11:17 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/14 20:11:17 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/14 20:11:16 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/14 20:11:16 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/14 20:11:15 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/14 20:11:15 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/14 20:11:15 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/14 20:11:15 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/14 20:11:15 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/14 20:11:15 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/14 20:11:15 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/14 20:11:15 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/14 20:11:15 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/14 20:11:15 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/14 20:11:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/14 20:11:15 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/14 20:11:14 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/14 20:11:14 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/14 20:11:14 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/05/13 22:25:03 | 000,000,000 | ---D | C] -- C:\Users\poc\Desktop\STAGEDFRAMESSTAGES
[2014/05/12 00:17:04 | 000,000,000 | ---D | C] -- C:\Users\poc\AppData\Roaming\Software Defender
[2014/05/11 23:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Submit Equalizer
[2014/05/11 23:48:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Submit Equalizer
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2014/06/09 23:00:08 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\SlimCleaner Startup.job
[2014/06/09 23:00:02 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\SlimCleaner Scan.job
[2014/06/09 22:59:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/09 22:59:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/09 22:18:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1338860540-2610657624-1817482183-1000UA.job
[2014/06/09 22:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/09 22:03:17 | 000,020,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/09 22:03:17 | 000,020,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/09 21:58:11 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\WDPABKP.dat
[2014/06/09 21:55:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/09 21:55:00 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/07 22:55:39 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/06/07 22:55:36 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/06/07 22:55:36 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/06/07 22:55:35 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/06/06 23:46:51 | 008,912,896 | -HS- | M] () -- C:\Users\poc\.ghost-ntfs-3g-00000000000000000009
[2014/06/06 22:34:57 | 000,001,180 | ---- | M] () -- C:\Users\poc\Desktop\adwcleaner_3.212 - Shortcut.lnk
[2014/06/05 23:01:19 | 000,000,787 | ---- | M] () -- C:\Windows\wininit.ini
[2014/06/05 00:39:42 | 000,004,634 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014/06/05 00:05:40 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/06/05 00:04:55 | 000,447,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/06/05 00:03:48 | 000,028,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2014/06/04 23:57:44 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/04 23:52:58 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/06/04 23:52:58 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/06/04 23:52:58 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/06/04 23:52:31 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys.1401947577172
[2014/06/04 23:52:31 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/06/04 23:52:30 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys.1401947577172
[2014/06/04 23:52:30 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/06/04 23:52:30 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/06/04 23:52:30 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/06/04 23:52:30 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/06/04 23:52:30 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/06/04 23:52:29 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/06/04 23:52:18 | 000,044,640 | ---- | M] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\aswTap.sys
[2014/06/04 23:19:51 | 000,450,029 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/06/04 23:14:40 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\SparkTrust Update Version3_triggeronce.job
[2014/06/04 22:34:04 | 000,000,812 | ---- | M] () -- C:\Users\poc\Desktop\WeatherBug.lnk
[2014/06/03 23:53:20 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/06/01 21:04:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1338860540-2610657624-1817482183-1000Core.job
[2014/05/30 22:48:41 | 000,000,997 | ---- | M] () -- C:\Users\poc\Desktop\Traffic Travis v4.lnk
[2014/05/28 00:25:01 | 021,608,432 | ---- | M] () -- C:\Users\poc\Documents\kudani-images.zip
[2014/05/28 00:23:30 | 012,953,296 | ---- | M] () -- C:\Users\poc\Desktop\kudani-install.zip
[2014/05/27 21:46:10 | 000,001,009 | ---- | M] () -- C:\Users\poc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/26 23:36:53 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Kudani.lnk
[2014/05/25 22:28:43 | 000,786,474 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/25 22:28:43 | 000,665,288 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/25 22:28:43 | 000,123,096 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/17 22:29:40 | 000,002,158 | ---- | M] () -- C:\Users\Public\Desktop\All-in-One Submission 9.58 Scheduler.lnk
[2014/05/17 22:29:40 | 000,002,132 | ---- | M] () -- C:\Users\Public\Desktop\All-in-One Submission 9.58.lnk
[2014/05/15 21:33:15 | 000,000,884 | RHS- | M] () -- C:\Users\poc\ntuser.pol
[2014/05/14 00:07:22 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/14 00:07:22 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/11 23:58:08 | 000,000,062 | ---- | M] () -- C:\Windows\submitequalizer.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ========== [2014/06/09 21:57:01 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat
[2014/06/07 09:57:22 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\SlimCleaner Scan.job
[2014/06/06 22:34:57 | 000,001,180 | ---- | C] () -- C:\Users\poc\Desktop\adwcleaner_3.212 - Shortcut.lnk
[2014/06/05 23:01:12 | 000,000,787 | ---- | C] () -- C:\Windows\wininit.ini
[2014/06/05 00:05:40 | 000,001,982 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2014/06/04 23:52:43 | 000,208,416 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/06/04 23:52:40 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/06/04 23:52:39 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/06/04 22:49:40 | 000,001,405 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/06/04 22:34:04 | 000,000,812 | ---- | C] () -- C:\Users\poc\Desktop\WeatherBug.lnk
[2014/06/03 23:53:20 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/06/03 22:46:18 | 000,000,418 | ---- | C] () -- C:\Windows\tasks\SparkTrust Update Version3_triggeronce.job
[2014/05/28 11:52:58 | 021,608,432 | ---- | C] () -- C:\Users\poc\Documents\kudani-images.zip
[2014/05/28 00:23:18 | 012,953,296 | ---- | C] () -- C:\Users\poc\Desktop\kudani-install.zip
[2014/05/26 23:36:53 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Kudani.lnk
[2014/05/17 22:29:40 | 000,002,158 | ---- | C] () -- C:\Users\Public\Desktop\All-in-One Submission 9.58 Scheduler.lnk
[2014/05/17 22:29:40 | 000,002,132 | ---- | C] () -- C:\Users\Public\Desktop\All-in-One Submission 9.58.lnk
[2014/05/17 22:29:37 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\dbrename7.exe
[2014/05/11 23:49:33 | 000,000,062 | ---- | C] () -- C:\Windows\submitequalizer.ini
[2014/04/28 03:33:58 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2013/11/22 23:35:40 | 000,003,072 | ---- | C] () -- C:\Users\poc\AppData\Roaming\ARW.settings
[2013/10/07 23:40:24 | 000,000,485 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/09/14 23:54:46 | 000,000,884 | RHS- | C] () -- C:\Users\poc\ntuser.pol
[2013/09/13 01:31:48 | 000,778,596 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/28 23:54:24 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013/05/28 23:54:24 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2140.DAT
[2013/05/28 20:25:33 | 008,912,896 | -HS- | C] () -- C:\Users\poc\.ghost-ntfs-3g-00000000000000000009
[2013/05/28 20:18:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
========== ZeroAccess Check ========== [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 20:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 20:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Alternate Data Streams ========== @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720
< End of report >
EXTRAS.txt:
OTL Extras logfile created on: 6/9/2014 11:01:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\poc\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16866)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 50.69% Memory free
8.00 Gb Paging File | 5.72 Gb Available in Paging File | 71.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 413.57 Gb Free Space | 88.81% Space Free | Partition Type: NTFS
Drive D: | 38.28 Gb Total Space | 19.90 Gb Free Space | 51.99% Space Free | Partition Type: NTFS
Drive E: | 390.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.73 Gb Total Space | 366.47 Gb Free Space | 78.69% Space Free | Partition Type: NTFS
Computer Name: POC-PC | User Name: poc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{24C48A2A-5865-446F-9FF1-972F25895B82}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{29A82011-C2E1-4E14-9E5E-07E775845B60}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9A4E8EC4-9C37-445A-B72F-9CB0237A3693}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BA65EA26-04A9-4586-9A26-CAE411437C47}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{BBB45302-AE53-4175-9FC9-5D721EDE14B6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08934250-01E1-4C93-BE52-F462EE0917A0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{22235E55-3ADC-475F-A181-07E734C4C800}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2DD1370B-BD28-4D3E-84FC-580F7032EC4F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{562A8B47-FDB2-4D5B-8668-9735D8C38576}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5D7CE943-C9EB-40EC-926F-2BADA8C1F347}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{5EC68A7A-3895-4931-B3BE-4C41DBDB5246}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{6F17190D-F63F-4DCE-9775-4A6D0548B3BD}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{721C380B-E604-4144-A61E-1F56EE550A78}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{760E76CA-C535-4DB3-9454-4AE1455C67C0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{76719F00-19EA-4C29-9069-6C8BAFCDC198}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{7B73B49D-1152-43C1-97CA-C49F09BB3DF4}" = protocol=17 | dir=in | app=c:\users\poc\appdata\roaming\dropbox\bin\dropbox.exe |
"{84644203-6415-4625-AE02-E5890E2E7C93}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{965425A4-6035-422B-8733-68C852EFC48E}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{9B2170D6-DFAC-4B60-BC5F-4E45E4D2E7C5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A2E013F6-16EB-40FF-9967-3F579F7CBCE5}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{AC9B13FD-9F9E-4A05-9D5A-0B7947FECB32}" = dir=in | app=c:\users\poc\appdata\local\microsoft\skydrive\skydrive.exe |
"{B6FC73F6-8EB6-4E3E-9C91-2372F847BFED}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{C3416CF2-D13B-466F-B109-A46F84B21358}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{DEBF34D3-FB5E-4FE3-8F61-7954385296CE}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{DF8E3376-8066-4E82-AB91-6F9EA9E0262E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{E9D362F1-7A7B-4C61-9294-2F76B43903D1}" = protocol=6 | dir=in | app=c:\users\poc\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{D83DA44E-FEEE-4FB5-95AA-7E274BE4B811}C:\users\poc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\poc\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{FD958A80-001F-4085-9855-64D95B8F2EBE}C:\program files (x86)\wikirobot\wikirobot.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wikirobot\wikirobot.exe |
"UDP Query User{E5D3EACA-D4CB-4304-80BF-6CA3BC1EF1E2}C:\program files (x86)\wikirobot\wikirobot.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wikirobot\wikirobot.exe |
"UDP Query User{FCB9FC91-D289-48F4-82D1-AE7ED472966C}C:\users\poc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\poc\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E936B32-5120-412E-AC87-C1D3651E531F}" = WD SmartWare
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"CCleaner" = CCleaner
"HitmanPro.Alert" = HitmanPro.Alert
"HitmanPro37" = HitmanPro 3.7
"Microsoft Security Client" = Microsoft Security Essentials
"Software Informer_is1" = Software Informer 1.3.1031.0
"WinRAR archiver" = WinRAR 5.01 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A3925EA-5B0E-401B-A189-7419149747B2}" = Adobe AIR
"{0A7DD94B-B746-4FB0-8688-8598C22793A0}" = TurboTax 2013 WinPerFedFormset
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F03217060FF}" = Java 7 Update 60
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{2A4EEB5C-3BA6-4299-A87F-783861B567D9}" = TurboTax 2013 WinPerReleaseEngine
"{303B9118-31A3-4E6C-9CAC-282F26E9633A}" = WikiRobot
"{358C44FD-6943-4CDD-B947-7F7C4ADC8A8F}" = TurboTax 2013 WinPerTaxSupport
"{35C0A67C-F107-4700-A430-8956A692C3D4}" = Article Rewriter Wizard
"{37146DD2-013F-4344-82B6-F6D1F99C6F3E}" = SliQ Submitter Plus
"{395A57A6-E0E1-C599-3A28-19A96682B4C6}" = Adobe Photoshop.com Inspiration Browser
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{606EB5EB-AADF-4E21-B715-1CAD291181D6}" = TurboTax 2013 wrapper
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8172C743-5C09-CA2D-EBBC-F43897804D2F}" = Kudani
"{83BEF895-B385-4647-AB43-8DDE52291A21}" = SliQ Article Submitter
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{955E709F-0C73-449C-A9F6-863D3C82FDA8}" = SlimCleaner
"{98813202-6C6E-4ABE-A128-6E8FB3368BE0}" = Photobucket Backup
"{9af08980-8d36-4304-a8d0-53dc0c7d93a5}" = WD SmartWare Installer
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B5C92C15-F625-41E6-9646-245FA011E3DB}" = SlimComputer
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF7CFCDF-08ED-4BFA-8980-9F8F3A9596B3}" = All-in-One Submission 9.58
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E44C453C-5B37-4F46-A8A8-69DF7D591BBE}" = TurboTax 2013 wnmiper
"{F149CF33-0074-4AF8-AC1C-AE51086D4E25}" = SliQ Link Clicker Lite
"{F181233F-67DF-4995-A159-EB81F2B5500B}" = WD Quick View
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Amazon Kindle" = Amazon Kindle
"Avast" = avast! Internet Security
"ClassicFTP" = Classic FTP
"com.pageone.Kudani" = Kudani
"DLL Opener" = DLL Opener
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FastStone Capture" = FastStone Capture 7.6
"Google Chrome" = Google Chrome
"MAXA Cookie Manager_is1" = MAXA Cookie Manager Pro 5.3
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PhotoPad" = PhotoPad Image Editor
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"Pixillion" = Pixillion Image Converter
"Submit Equalizer_is1" = Submit Equalizer 1.2.1
"Traffic Travis 4.1 Setup Wizard_is1" = Traffic Travis 4.1.0
"TurboTax 2013" = TurboTax 2013
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 5.01 (32-bit)
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1338860540-2610657624-1817482183-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"OneDriveSetup.exe" = Microsoft OneDrive
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 6/7/2014 2:53:31 PM | Computer Name = poc-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9173
Error - 6/7/2014 2:53:31 PM | Computer Name = poc-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9173
Error - 6/7/2014 11:54:15 PM | Computer Name = poc-PC | Source = WinMgmt | ID = 10
Description =
Error - 6/7/2014 11:58:58 PM | Computer Name = poc-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WDBackupEngine.exe, version: 2.0.0.15,
time stamp: 0x536d63f3 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x74c3e4e4 Faulting process id:
0xb30 Faulting application start time: 0x01cf82cd5122ee40 Faulting application path:
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe Faulting
module path: unknown Report Id: 3780ce70-eec1-11e3-bb87-000be0f000ed
Error - 6/8/2014 12:24:37 AM | Computer Name = poc-PC | Source = WinMgmt | ID = 10
Description =
Error - 6/8/2014 10:37:46 AM | Computer Name = poc-PC | Source = WinMgmt | ID = 10
Description =
Error - 6/8/2014 12:30:24 PM | Computer Name = poc-PC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16866 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1504 Start
Time: 01cf83364a147100 Termination Time: 10 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id:
Error - 6/8/2014 12:41:15 PM | Computer Name = poc-PC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16866 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 4b4 Start
Time: 01cf8336f364dce0 Termination Time: 8 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id:
Error - 6/8/2014 11:36:26 PM | Computer Name = poc-PC | Source = WinMgmt | ID = 10
Description =
Error - 6/9/2014 12:44:21 AM | Computer Name = poc-PC | Source = WinMgmt | ID = 10
Description =
Error - 6/9/2014 11:55:42 PM | Computer Name = poc-PC | Source = WinMgmt | ID = 10
Description =
[ Spybot - Search and Destroy Events ]
Error - 6/6/2014 1:01:19 AM | Computer Name = poc-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 2/17/2014 1:14:37 PM | Computer Name = poc-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the WD
Backup service to connect.
Error - 2/17/2014 1:14:37 PM | Computer Name = poc-PC | Source = Service Control Manager | ID = 7000
Description = The WD Backup service failed to start due to the following error:
%%1053
Error - 2/19/2014 4:14:31 AM | Computer Name = poc-PC | Source = DCOM | ID = 10010
Description =
Error - 2/20/2014 4:05:23 AM | Computer Name = poc-PC | Source = DCOM | ID = 10010
Description =
Error - 2/21/2014 3:45:54 AM | Computer Name = poc-PC | Source = DCOM | ID = 10010
Description =
Error - 2/22/2014 6:44:13 AM | Computer Name = poc-PC | Source = DCOM | ID = 10010
Description =
Error - 2/23/2014 3:30:18 AM | Computer Name = poc-PC | Source = DCOM | ID = 10010
Description =
Error - 2/24/2014 4:17:38 AM | Computer Name = poc-PC | Source = DCOM | ID = 10010
Description =
Error - 2/25/2014 1:32:34 AM | Computer Name = poc-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.
Error - 2/25/2014 4:25:13 AM | Computer Name = poc-PC | Source = DCOM | ID = 10010
Description =
I ran out of characters allowed; will follow up with R0,R1,R2 AdwCleaner files