Help! Am being plagued by adware.

WildSaffron · 19-02-2014 7:56am #1

Hi all,

Please help put me out of my misery - somehow I acquired adware and suddenly all the websites I visit are filled with ads and new browser windows automatically open with ads.

I have gone through the following steps with no joy (although I came across the PHP.Kryptik.AB virus which I hope is now removed):

1. Kaspersky TDSSKiller
2. Rkill
3. Malwarebytes
4. Hitman Pro
5. RogueKiller
6. ADwCleaner
7. Junkware
8. Eset online scanner

Can anyone help me?

With much gratitude,
wildSaffron:mad:

PirateShampoo · 19-02-2014 8:04am

I only use 2 programmes. AVG free and ccleaner.

Never had a problem. You need to start being more careful online and stop opening random links or ads.

PirateShampoo · 19-02-2014 8:05am

I only use 2 programmes. AVG free and ccleaner.

Never had a problem. You need to start being more careful online and stop opening random links or ads.

Plates · 19-02-2014 8:10am

http://windows.microsoft.com/en-US/windows/security-essentials-download

WildSaffron · 19-02-2014 8:16am

Pirate Shampoo - I came here for help, not for a lecture. Am generally careful about what I open.

Plates - I do have Microsoft Security Essentials running, thanks!

I went through the additional scans following a Malware Removal Guide.

PirateShampoo · 19-02-2014 8:31am

I wasn't lecturing you, merely pointing out that malware is in everything these days.

Skatedude · 19-02-2014 9:04am

er, adblock?

WildSaffron · 19-02-2014 9:42am

Thank Skatedude - I tried adblock - it blocks the ads but the block ad spaces are still there with the text "Ads not by this site"......

gj777 · 19-02-2014 9:45am

Avast. Very good antivirus. The free trial will prob be enough. It also warns when dodgy sites are being accesed with browser. So no more, ahem for you

imitation · 19-02-2014 9:53am

PirateShampoo wrote: »

I only use 2 programmes. AVG free and ccleaner.

Never had a problem. You need to start being more careful online and stop opening random links or ads.

Its not that simple in fairness, plenty of people have gotten driveby virsuses on legitimate sites due to a malicious ad being put up.

I have practiced all the same advice, used av & noscript and have still ended up with keyloggers twice in 5 years. When I had these buggers (with definitive proof it was happening) I tried every av scan and diagnostic under the sun (looking at every process, checking netstat) and I could not find a trace of them.

After that my advice is to reinstall windows, its a pain, but its the only thing that will give you peace of mind.

WildSaffron · 19-02-2014 10:33am

Thanks imitation - people do assume that one is clicking on everything that pops up or visiting porn sites - I am fairly careful about what I open.

I may have to reinstall windows - a pain in the neck.

jsa112 · 20-02-2014 11:08am

can you attach/post logs from these scans

1. Kaspersky TDSSKiller
2. Rkill
3. Malwarebytes
4. Hitman Pro
5. RogueKiller
6. ADwCleaner
8. Eset online scanner

sfbonner · 21-02-2014 12:20pm

Download a live rescue disk like AVG Rescue and make a bootable usb stick or cd of it. Do a scan with this.

Mr. G · 23-02-2014 1:41pm

Disabling and remove all your browser add-ons in all your browsers.

Change preferred homepages and search engines back to normal.

Check the Programs and Features section in the Control Panel (if you're using Windows).

Finally, after running a full antivirus scan, do a rootkit scan- Norton Power Eraser should do for this: https://security.symantec.com/nbrt/npe.aspx

Let us know how you get on.

corks finest · 02-03-2014 12:12am

hi i had somewhat similiar probs last year,and its upsetting/frustrating,i tried c cleaner,along with malwarebytes(free version),and hitman pro,got rid of what i had,hope you dosoon...................without being lectured on.

WildSaffron · 05-04-2014 3:01am

jsa112 - are you still around to have a look at the logs - or anyone - the problem is still persisting, plus some other odd changes to my laptop.

jsa112 · 05-04-2014 10:43am

yeah can you attach/post logs from these scans

1. Kaspersky TDSSKiller
2. Rkill
3. Malwarebytes
4. Hitman Pro
5. RogueKiller
6. ADwCleaner
8. Eset online scanner

corks finest · 05-04-2014 3:01pm

thats hard luck personally id reinstall windows,itll hurt,but if ad ware,avg etc dont work,youre machine must have the plague

WildSaffron · 05-04-2014 4:59pm

Further developments were:

1) My right click doesn't seem to work
2) It is difficult to download files

1. Kaspersky TDSSKiller (attached)
2. Rkill (attached)
3. Malwarebytes (attached)
4. Hitman Pro (attached)
5. RogueKiller (attached)
6. ADwCleaner (will paste)
8. Eset online scanner (attached)

Riesen_Meal · 05-04-2014 5:03pm

A reinstall of windows would be good here, if you can copy what you need to an external hard drive then just try and reinstall it, or see can you even roll back to a time you did not have these viruses...

jsa112 · 05-04-2014 5:21pm

can you paste in the adwcleaner log, and do the same for this

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files here

WildSaffron · 05-04-2014 9:14pm

AdwLog attached

jsa112 · 05-04-2014 9:41pm

can you post the log rather than attach it as its not letting me download it

also do the OTL step

WildSaffron · 05-04-2014 9:50pm

OTL logfile created on: 05/04/2014 21:34:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Technician\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.91 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 50.99% Memory free
5.81 Gb Paging File | 4.64 Gb Available in Paging File | 79.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 39.70 Gb Free Space | 17.05% Space Free | Partition Type: NTFS
Drive

| 623.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LPC | User Name: Technician | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/05 21:27:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Technician\Desktop\OTL.exe
PRC - [2014/04/05 01:16:47 | 000,106,248 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
PRC - [2014/03/29 15:28:51 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/01/30 16:05:24 | 021,822,128 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2014/01/23 16:32:46 | 003,643,224 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
PRC - [2014/01/23 16:26:08 | 000,651,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
PRC - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/07/20 19:13:32 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/09/19 03:15:00 | 000,670,720 | ---- | M] (Yealink) -- C:\Program Files\SkypeMate\SkypeMate.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2014/04/05 01:00:13 | 001,157,120 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\_ssl.pyd
MOD - [2014/04/05 01:00:13 | 000,811,008 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\wx._windows_.pyd
MOD - [2014/04/05 01:00:13 | 000,805,888 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\wx._gdi_.pyd
MOD - [2014/04/05 01:00:13 | 000,712,192 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\_hashlib.pyd
MOD - [2014/04/05 01:00:13 | 000,110,080 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\PyWinTypes27.dll
MOD - [2014/04/05 01:00:13 | 000,087,040 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\_ctypes.pyd
MOD - [2014/04/05 01:00:13 | 000,070,656 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\wx._html2.pyd
MOD - [2014/04/05 01:00:13 | 000,035,840 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\win32process.pyd
MOD - [2014/04/05 01:00:13 | 000,026,624 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\_multiprocessing.pyd
MOD - [2014/04/05 01:00:13 | 000,024,064 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\win32pipe.pyd
MOD - [2014/04/05 01:00:12 | 001,062,400 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\wx._controls_.pyd
MOD - [2014/04/05 01:00:12 | 000,686,080 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\unicodedata.pyd
MOD - [2014/04/05 01:00:12 | 000,127,488 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\pyexpat.pyd
MOD - [2014/04/05 01:00:12 | 000,038,912 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\win32inet.pyd
MOD - [2014/04/05 01:00:12 | 000,025,600 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\win32pdh.pyd
MOD - [2014/04/05 01:00:12 | 000,018,432 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\win32event.pyd
MOD - [2014/04/05 01:00:12 | 000,010,240 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\select.pyd
MOD - [2014/04/05 01:00:11 | 001,175,040 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\wx._core_.pyd
MOD - [2014/04/05 01:00:11 | 000,557,056 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\pysqlite2._sqlite.pyd
MOD - [2014/04/05 01:00:11 | 000,525,640 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\windows._lib_cacheinvalidation.pyd
MOD - [2014/04/05 01:00:11 | 000,320,512 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\win32com.shell.shell.pyd
MOD - [2014/04/05 01:00:11 | 000,128,512 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\_elementtree.pyd
MOD - [2014/04/05 01:00:11 | 000,119,808 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\win32file.pyd
MOD - [2014/04/05 01:00:11 | 000,108,544 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\win32security.pyd
MOD - [2014/04/05 01:00:11 | 000,098,816 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\win32api.pyd
MOD - [2014/04/05 01:00:11 | 000,044,032 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\_socket.pyd
MOD - [2014/04/05 01:00:11 | 000,022,528 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\win32ts.pyd
MOD - [2014/04/05 01:00:11 | 000,017,408 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\win32profile.pyd
MOD - [2014/04/05 01:00:10 | 000,735,232 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\wx._misc_.pyd
MOD - [2014/04/05 01:00:10 | 000,364,544 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\pythoncom27.dll
MOD - [2014/04/05 01:00:10 | 000,122,368 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\wx._wizard.pyd
MOD - [2014/04/05 01:00:10 | 000,011,264 | ---- | M] () -- C:\Users\Technician\AppData\Local\Temp\_MEI31443\win32crypt.pyd
MOD - [2014/01/23 16:33:14 | 000,148,808 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\zlib.dll
MOD - [2014/01/23 16:33:12 | 000,131,920 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\pugixml.dll
MOD - [2014/01/23 16:33:12 | 000,122,704 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\libssh2.dll
MOD - [2014/01/23 16:33:04 | 000,087,928 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_thread-vc100-mt-1_55.dll
MOD - [2014/01/23 16:33:04 | 000,022,392 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_system-vc100-mt-1_55.dll
MOD - [2014/01/23 16:33:00 | 000,405,880 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_locale-vc100-mt-1_55.dll
MOD - [2014/01/23 16:32:58 | 000,107,904 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_filesystem-vc100-mt-1_55.dll
MOD - [2014/01/23 16:32:58 | 000,048,512 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_date_time-vc100-mt-1_55.dll
MOD - [2014/01/23 16:32:56 | 000,030,072 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\boost_chrono-vc100-mt-1_55.dll
MOD - [2014/01/23 16:32:54 | 000,541,008 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\SQLite.dll
MOD - [2014/01/23 16:32:52 | 001,928,008 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\RCF.dll
MOD - [2014/01/23 16:32:52 | 000,118,104 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\Localization.dll
MOD - [2014/01/23 16:32:50 | 000,308,064 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\HtmlFramework.dll
MOD - [2014/01/23 16:32:50 | 000,056,664 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\DllStorage.dll
MOD - [2014/01/23 16:32:46 | 003,643,224 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
MOD - [2014/01/23 16:32:46 | 000,789,360 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTrayDefaultSkin.dll
MOD - [2014/01/23 16:32:44 | 002,084,720 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareShellExtension.dll
MOD - [2012/12/20 10:12:00 | 000,582,144 | ---- | M] () -- C:\Program Files\SkypeMate\SkypeMate.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Mobogenie\MgAssist.exe -- (MgAssistService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NCH Software\Inventoria\inventoria.exe -- (InventoriaService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\NCH Software\ExpressInvoice\expressinvoice.exe -- (ExpressInvoiceService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\NCH Software\ExpressAccounts\expressaccounts.exe -- (ExpressAccountsService)
SRV - [2014/04/05 01:16:47 | 000,106,248 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2014/04/04 12:58:44 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/12 17:41:40 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/03/01 04:38:23 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/01/23 16:26:08 | 000,651,232 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/01/04 06:50:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2014/02/19 01:14:06 | 000,050,200 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\EEK\Run\cleanhlp32.sys -- (cleanhlp)
DRV - [2013/10/28 02:12:12 | 000,182,680 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/10/28 02:12:12 | 000,087,064 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/07/17 17:10:52 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Trufos.sys -- (Trufos)
DRV - [2012/03/26 15:50:12 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/09/15 08:03:46 | 000,030,000 | ---- | M] (Egis Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor)
DRV - [2010/11/20 05:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 05:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 05:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 02:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 02:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/12/30 12:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/09/15 20:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009/09/10 14:31:48 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/24 14:51:38 | 000,101,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/20 19:15:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/14 19:31:59 | 000,000,000 | ---D | M]

[2012/12/19 14:11:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Technician\AppData\Roaming\Mozilla\Extensions
[2014/04/04 19:23:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Technician\AppData\Roaming\Mozilla\Firefox\Profiles\ujaeovqm.default-1396625349610\extensions
[2014/04/04 12:24:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/04/04 12:58:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/04/04 12:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2014/04/04 12:47:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/10/29 06:46:38 | 000,225,360 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2013/07/20 19:13:54 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = http://www.google.com
CHR - default_search_provider: suggest_url = http://www.google.com,
CHR - plugin: Error reading preferences file
CHR - Extension: RealDownloader = C:\Users\Technician\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_1\
CHR - Extension: Google Wallet = C:\Users\Technician\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2014/04/05 02:07:58 | 000,000,741 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AdAwareTray] C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - Startup: C:\Users\Technician\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkypeMate.lnk = C:\Program Files\SkypeMate\SkypeMate.exe (Yealink)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FCA49D9-C6F3-4885-9219-9AB7BDA52A8E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC57F248-37DE-4E86-B998-A016AEA1FF9E}: DhcpNameServer = 62.40.32.33 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F749ACDA-208C-4A1F-85ED-A0CA8E72EBDE}: DhcpNameServer = 89.19.64.164 89.19.64.36
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/07/14 22:23:38 | 000,061,440 | R--- | M] () -

\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/05/17 19:40:16 | 000,000,031 | R--- | M] () -

\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3a530ae0-769d-11e2-9b3f-001e33252471}\Shell - "" = AutoRun
O33 - MountPoints2\{3a530ae0-769d-11e2-9b3f-001e33252471}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3a530c1a-769d-11e2-9b3f-001e33252471}\Shell - "" = AutoRun
O33 - MountPoints2\{3a530c1a-769d-11e2-9b3f-001e33252471}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{653dea60-71d7-11e2-a789-001e33252471}\Shell - "" = AutoRun
O33 - MountPoints2\{653dea60-71d7-11e2-a789-001e33252471}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{653deac0-71d7-11e2-a789-001e33252471}\Shell - "" = AutoRun
O33 - MountPoints2\{653deac0-71d7-11e2-a789-001e33252471}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b621d4ff-2d9e-11e3-b529-001e33252471}\Shell - "" = AutoRun
O33 - MountPoints2\{b621d4ff-2d9e-11e3-b529-001e33252471}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{be2d5cd8-7ba5-11e2-8677-001e33252471}\Shell - "" = AutoRun
O33 - MountPoints2\{be2d5cd8-7ba5-11e2-8677-001e33252471}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e9a4edac-80ee-11e2-a7f3-001e33252471}\Shell - "" = AutoRun
O33 - MountPoints2\{e9a4edac-80ee-11e2-a7f3-001e33252471}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ed66f6c7-49c1-11e2-97bd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ed66f6c7-49c1-11e2-97bd-806e6f6e6963}\Shell\AutoRun\command - "" =

\Autorun.exe -- [2005/07/14 22:23:38 | 000,061,440 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/05 21:32:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Technician\Desktop\OTL.exe
[2014/04/05 17:21:12 | 000,000,000 | ---D | C] -- C:\Users\Technician\AppData\Roaming\Lavasoft
[2014/04/05 17:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2014/04/05 17:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lavasoft
[2014/04/05 01:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/04/04 19:27:15 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/04/04 19:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/04 19:26:40 | 000,073,432 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/04/04 19:26:40 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/04/04 19:26:40 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/04/04 19:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/04/04 15:25:07 | 000,000,000 | ---D | C] -- C:\Users\Technician\Documents\New Downloads
[2014/04/04 13:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/04/04 12:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2014/04/03 07:50:41 | 000,000,000 | ---D | C] -- C:\Users\Technician\Desktop\RK_Quarantine
[2014/03/12 12:34:31 | 000,000,000 | ---D | C] -- C:\Users\Technician\Documents\BackupForDreamweaver
[2014/03/11 11:14:17 | 000,000,000 | ---D | C] -- C:\Users\Technician\Desktop\Print
[2014/03/08 07:28:30 | 000,000,000 | ---D | C] -- C:\Users\Technician\Desktop\SiteCache
[2014/03/07 18:51:48 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/04/05 21:34:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/05 21:27:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Technician\Desktop\OTL.exe
[2014/04/05 21:12:10 | 000,000,181 | ---- | M] () -- C:\Users\Technician\Desktop\Ad-Aware_Report_Quick_Manual_2014-04-05T20-58-20.351322.xml
[2014/04/05 20:55:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/05 20:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/05 20:39:12 | 000,002,305 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/04/05 16:09:12 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/05 14:03:58 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Technician.job
[2014/04/05 14:03:52 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Technician.job
[2014/04/05 14:03:20 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Technician.job
[2014/04/05 01:51:00 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2014/04/05 01:51:00 | 000,000,364 | ---- | M] () -- C:\Windows\System32\bootdelete.lst
[2014/04/05 01:07:33 | 000,014,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/05 01:07:33 | 000,014,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/05 00:59:29 | 2339,467,264 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/05 00:47:33 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/04/04 19:26:56 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/04 15:28:30 | 003,831,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/04/04 13:29:14 | 001,213,312 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/04/04 13:29:14 | 000,402,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/04/04 13:22:28 | 000,000,079 | ---- | M] () -- C:\Windows\wininit.ini
[2014/04/03 17:01:09 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/04/03 15:14:13 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/04/03 08:09:54 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/04/03 08:09:54 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/04/03 08:09:54 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/04/03 06:51:28 | 000,275,386 | ---- | M] () -- C:\Users\Technician\AppData\Local\census.cache
[2014/04/03 06:51:25 | 000,141,368 | ---- | M] () -- C:\Users\Technician\AppData\Local\ars.cache
[2014/03/31 13:57:18 | 000,088,435 | ---- | M] () -- C:\Users\Technician\Desktop\delete.jpg
[2014/03/15 19:33:41 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/12 14:04:55 | 000,077,944 | ---- | M] () -- C:\Users\Technician\Desktop\delete.png
[2014/03/10 08:37:50 | 000,099,670 | ---- | M] () -- C:\Users\Technician\Desktop\Lucy+Brian_sm.jpg
[2014/03/07 12:59:19 | 000,221,211 | ---- | M] () -- C:\Users\Technician\Desktop\screenshot.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/04/05 21:03:50 | 000,000,181 | ---- | C] () -- C:\Users\Technician\Desktop\Ad-Aware_Report_Quick_Manual_2014-04-05T20-58-20.351322.xml
[2014/04/05 17:07:20 | 000,002,305 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2014/04/05 14:03:19 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Technician.job
[2014/04/05 01:51:00 | 000,000,364 | ---- | C] () -- C:\Windows\System32\bootdelete.lst
[2014/04/04 19:26:56 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/03 17:01:09 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/04/03 11:33:15 | 000,000,390 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Technician.job
[2014/04/03 11:33:13 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Technician.job
[2014/04/03 08:09:54 | 000,000,644 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/04/03 08:09:54 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/04/03 08:09:54 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/03/10 14:54:10 | 006,148,608 | ---- | C] () -- C:\Windows\System32\PatchPackage.msp
[2014/03/10 08:37:50 | 000,099,670 | ---- | C] () -- C:\Users\Technician\Desktop\Lucy+Brian_sm.jpg
[2014/03/07 12:59:07 | 000,221,211 | ---- | C] () -- C:\Users\Technician\Desktop\screenshot.jpg
[2014/02/19 10:02:15 | 000,000,079 | ---- | C] () -- C:\Windows\wininit.ini
[2014/02/14 21:02:16 | 000,000,000 | ---- | C] () -- C:\Program Files\moz_update_in_progress.lock
[2014/02/10 11:01:31 | 000,210,992 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2014/02/10 06:05:29 | 000,275,386 | ---- | C] () -- C:\Users\Technician\AppData\Local\census.cache
[2014/02/10 06:05:05 | 000,141,368 | ---- | C] () -- C:\Users\Technician\AppData\Local\ars.cache
[2014/02/10 00:58:17 | 000,000,036 | ---- | C] () -- C:\Users\Technician\AppData\Local\housecall.guid.cache
[2013/08/18 06:55:02 | 000,006,656 | ---- | C] () -- C:\Users\Technician\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/26 10:46:11 | 000,004,096 | -H-- | C] () -- C:\Users\Technician\AppData\Local\keyfile3.drm
[2013/02/08 11:21:33 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013/02/08 11:21:33 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2013/02/08 11:12:50 | 000,071,262 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2012/12/22 11:21:52 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2012/12/19 13:02:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/12/25 02:25:34 | 000,000,000 | ---D | M] -- C:\Users\Technician\AppData\Roaming\4Team
[2013/08/17 09:39:16 | 000,000,000 | ---D | M] -- C:\Users\Technician\AppData\Roaming\Canon
[2013/05/22 11:30:50 | 000,000,000 | ---D | M] -- C:\Users\Technician\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/02/03 08:50:12 | 000,000,000 | ---D | M] -- C:\Users\Technician\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/04/03 15:56:26 | 000,000,000 | ---D | M] -- C:\Users\Technician\AppData\Roaming\Dropbox
[2014/04/04 16:26:28 | 000,000,000 | ---D | M] -- C:\Users\Technician\AppData\Roaming\KeePass
[2013/02/04 14:06:59 | 000,000,000 | ---D | M] -- C:\Users\Technician\AppData\Roaming\PDAppFlex
[2013/09/07 18:43:29 | 000,000,000 | ---D | M] -- C:\Users\Technician\AppData\Roaming\TeamViewer
[2013/05/09 14:54:39 | 000,000,000 | ---D | M] -- C:\Users\Technician\AppData\Roaming\Watchtower
[2013/01/30 12:01:37 | 000,000,000 | ---D | M] -- C:\Users\Technician\AppData\Roaming\webex

========== Purity Check ==========

< End of report >

WildSaffron · 05-04-2014 9:52pm

OTL Extras logfile created on: 05/04/2014 21:34:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Technician\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.91 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 50.99% Memory free
5.81 Gb Paging File | 4.64 Gb Available in Paging File | 79.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 39.70 Gb Free Space | 17.05% Space Free | Partition Type: NTFS
Drive

| 623.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LPC | User Name: Technician | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Technician\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0417C92D-8D0B-4B61-B5BC-E123E2BC29E5}" = rport=139 | protocol=6 | dir=out | app=system |
"{07C50416-D9AF-44D7-B1B8-999E9144328E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1EB2300F-A465-447E-AD4E-0FB6EDB5E2BD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22F90A36-421D-48D1-94DF-1A1D806A3084}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{252041A4-172D-4B27-98B2-E95150D85ABB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2C28BBD4-DBBD-4E20-A580-A91167676A02}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FB07D67-E47A-4616-BC26-F640BFF1DB2B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{31620104-1CE0-42E1-81E6-FF5D606E66EB}" = rport=445 | protocol=6 | dir=out | app=system |
"{3BF72D7B-544D-44D2-934A-AB9F599A56BE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4E1E8807-C434-4243-8D4B-4AC22D459578}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{50D4706E-97CE-422B-A5EC-A0D753E7C043}" = rport=137 | protocol=17 | dir=out | app=system |
"{56ACBDB1-43DB-4FBB-8E52-E0FB4F637823}" = lport=138 | protocol=17 | dir=in | app=system |
"{594628B2-780B-4BD7-B65C-484D5EC43E29}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7DF82E4E-0D93-43CD-B300-B86E4EEDDF22}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7FDB42C5-991B-4B11-B351-50CDF22A8119}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{82A25FA5-C60E-4B61-BDAB-83C6F271D923}" = lport=445 | protocol=6 | dir=in | app=system |
"{8792DEBD-DD29-48CE-A04E-6F41358EEB45}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87A5D256-2972-4893-80B4-4709A2990A3E}" = lport=137 | protocol=17 | dir=in | app=system |
"{883555B0-4E15-4708-9027-075BBEBD007B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{898166A9-3EC4-4A7F-A286-686CD8018587}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{899F9890-4BAB-4BF2-A545-46B4F6AA9AB4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{91777B35-C004-4DB8-8384-E2ED08C3882F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{97AFAFC5-5012-4F1C-9FB7-9AED75975EE8}" = lport=139 | protocol=6 | dir=in | app=system |
"{A076D079-5869-43E6-8EE8-48654EB0DFF6}" = rport=138 | protocol=17 | dir=out | app=system |
"{B2DCFEB0-E972-4130-A785-162B2BE5C229}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E1A371EE-9EE8-4FEF-8747-9EEFB1D5A46A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CF534E0-8600-42CB-8004-288E0B566803}" = protocol=6 | dir=in | app=c:\program files\cincopa\cincopaagent.exe |
"{0D0DD73F-2238-4C0D-B125-B694EDE38385}" = protocol=17 | dir=in | app=c:\program files\cincopa\cincopaagent.exe |
"{0EC2D9CC-AD7B-4684-8FEE-03ABA7911138}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{23FFFCDE-9220-4080-BF02-CDA96669CA22}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{250ADE7D-A0A0-4AF6-BC5A-1A0A2E1C73F7}" = protocol=17 | dir=in | app=c:\program files\cincopa\cincopa.exe |
"{2773DB29-AA8F-45EF-B106-C0C3FA90857E}" = protocol=6 | dir=in | app=c:\program files\cincopa\cincopa.exe |
"{2842A287-8179-42FA-AB2C-7D03E56442B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{34CBAE51-FC60-4141-AB30-AD718E454FAB}" = protocol=6 | dir=in | app=c:\program files\cincopa\cincopaagent.exe |
"{381BB7AA-D7D6-4047-9CB9-F7296706552D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{39E9866C-D570-4E8C-89D1-15B2FC1D2E2E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{45025873-269F-4473-B875-E8D8EE472766}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4DAA6902-77C4-4454-B75A-3A670800816A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6446AE49-2AD3-4E00-87C3-48E12BCCBA58}" = protocol=17 | dir=in | app=c:\program files\cincopa\cincopaagent.exe |
"{66DFFEC7-C5D9-483D-98DD-D14685D72ED3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{747D51FA-9A19-470D-BADE-0FA0F2101376}" = protocol=17 | dir=in | app=c:\users\technician\appdata\roaming\dropbox\bin\dropbox.exe |
"{81A74A02-BDD2-4097-9B3A-2074CA7ACC87}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F1D01BF-BD52-4777-92D1-7760D0068F05}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A315BA1B-8541-464D-8B40-477C4DFAA75B}" = protocol=6 | dir=in | app=c:\users\technician\appdata\roaming\dropbox\bin\dropbox.exe |
"{A940BDBD-4F01-4EAF-9224-CEC0EB7EF1F1}" = protocol=6 | dir=in | app=c:\program files\lavasoft\adaware securesearch toolbar\dtuser.exe |
"{A9B6E3B0-3752-42A7-A3A3-2DBFD61F7333}" = protocol=17 | dir=in | app=c:\program files\lavasoft\adaware securesearch toolbar\dtuser.exe |
"{AAEE0FA8-5A69-401E-A725-16DCD96BD1B6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3577C5-28F5-4C0F-AA32-38C1D9FC46FB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B3267993-32D3-42AC-92F5-D58F6A961FE3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C109813C-4ADE-41F6-A807-6813C763B850}" = protocol=6 | dir=out | app=system |
"{C788ACBE-B0A5-44B2-B62D-9DB6B975758D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CC6D7D15-84C4-4D52-B021-70EF7C849FEB}" = protocol=17 | dir=in | app=c:\program files\cincopa\cincopa.exe |
"{CDDBF654-14B3-4D3F-BBD1-47CA98CC343A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0FC5723-B37B-4094-B90F-3EB8F77A775D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E0D7D2D5-18C4-4B90-B254-02DE7B05309B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F612C4F4-D3D4-42CE-BCF4-57F67832825D}" = dir=in | app=c:\users\technician\appdata\local\microsoft\skydrive\skydrive.exe |
"{F6C0B387-7C8D-44A3-B7D9-E093C58D2BF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F94C5A60-DC9E-47D0-BAC8-92D5098032A1}" = protocol=6 | dir=in | app=c:\program files\cincopa\cincopa.exe |
"{FE18B47F-AAFB-4C17-84AF-407B2C629E70}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{295151DE-73B2-4176-AD3A-DC448F445B14}C:\users\technician\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\technician\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{914A5FE4-2A05-4FD6-AC32-FF2A0BAB858E}C:\program files\spybot - search & destroy 2\sdfiles.exe" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy 2\sdfiles.exe |
"TCP Query User{97FB923A-2A04-4072-9E7C-553CA29CA1FB}C:\program files\macromedia\dreamweaver 8\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\macromedia\dreamweaver 8\dreamweaver.exe |
"UDP Query User{2653183A-E2DF-40A4-92A1-83004CB8D322}C:\users\technician\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\technician\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{7FD3763B-7D21-4378-BC6D-79B0CC448EBD}C:\program files\macromedia\dreamweaver 8\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\macromedia\dreamweaver 8\dreamweaver.exe |
"UDP Query User{A6D6CF8D-E748-4414-A05C-6F7B4D2148D8}C:\program files\spybot - search & destroy 2\sdfiles.exe" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy 2\sdfiles.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{06B5988F-EBA6-4802-9F7B-4FB471291321}" = WebEx Event Manager for Firefox or Chrome
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP230_series" = Canon MP230 series MP Drivers
"{11B5A3EB-8B76-46A9-A4B7-1C1FF5A3AAFD}" = Watchtower Library 2012 - English
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{17E73768-9F21-4334-ABE6-CD131031564C}" = AdAwareUpdater
"{17E73768-9F21-4334-ABE6-CD131031564C}_AdAwareUpdater" = Ad-Aware Antivirus
"{1836BD51-4707-42EB-A81B-831AB2CA9E6A}" = AdAwareInstaller
"{1E9A9E08-0366-45EE-9B66-51852F8D9812}" = Open Workbench
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer Crystal Eye
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{600DEB42-433A-40AF-BC14-082E40577BF2}" = AntimalwareEngine
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.7
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DB93E2C2-851F-44B2-B09C-351D2C624AE1}" = Camtasia Studio 8
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye webcam
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E69BB189-4B20-46AE-93CF-59099F05FC3F}" = OutlookTools 2
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"7-Zip" = 7-Zip 9.20
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressAccounts" = Express Accounts
"ExpressBurn" = Express Burn
"ExpressInvoice" = Express Invoice
"FreeHDSport TV V7.0" = FreeHDSport TV V7.0
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HitmanPro37" = HitmanPro 3.7
"Huawei Modems" = Huawei modem
"Inventoria" = Inventoria Stock Manager
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.21
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.00.0.1000
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Pixillion" = Pixillion Image Converter
"Prism" = Prism Video File Converter
"RealPlayer 16.0" = RealPlayer
"SkypeMate" = SkypeMate
"TVWiz" = Intel(R) TV Wizard
"WinLiveSuite" = Windows Live Essentials
"WinZip" = WinZip

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 05/04/2014 15:30:57 | Computer Name = LPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10454313

Error - 05/04/2014 15:54:45 | Computer Name = LPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 05/04/2014 15:54:45 | Computer Name = LPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2917

Error - 05/04/2014 15:54:45 | Computer Name = LPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2917

Error - 05/04/2014 15:54:49 | Computer Name = LPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 05/04/2014 15:54:49 | Computer Name = LPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6849

Error - 05/04/2014 15:54:49 | Computer Name = LPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6849

Error - 05/04/2014 15:54:58 | Computer Name = LPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 05/04/2014 15:54:58 | Computer Name = LPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16115

Error - 05/04/2014 15:54:58 | Computer Name = LPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16115

[ OSession Events ]
Error - 24/07/2013 10:45:01 | Computer Name = LPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 52307
seconds with 1800 seconds of active time. This session ended with a crash.

Error - 29/07/2013 04:16:41 | Computer Name = LPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 360452
seconds with 20460 seconds of active time. This session ended with a crash.

Error - 31/07/2013 13:17:34 | Computer Name = LPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 99706
seconds with 2040 seconds of active time. This session ended with a crash.

Error - 17/08/2013 06:38:35 | Computer Name = LPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 1347 seconds with 660 seconds of active time. This session ended with a
crash.

Error - 11/11/2013 16:57:35 | Computer Name = LPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 36462
seconds with 60 seconds of active time. This session ended with a crash.

Error - 04/12/2013 11:20:36 | Computer Name = LPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 32910
seconds with 720 seconds of active time. This session ended with a crash.

Error - 30/12/2013 07:09:22 | Computer Name = LPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 52379
seconds with 0 seconds of active time. This session ended with a crash.

Error - 26/01/2014 11:46:30 | Computer Name = LPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 81078
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 03/02/2014 17:06:30 | Computer Name = LPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 32325
seconds with 180 seconds of active time. This session ended with a crash.

Error - 01/03/2014 10:08:58 | Computer Name = LPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 70085
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 05/04/2014 16:00:38 | Computer Name = LPC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 05/04/2014 16:01:49 | Computer Name = LPC | Source = PNRPSvc | ID = 102
Description =

Error - 05/04/2014 16:01:49 | Computer Name = LPC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 05/04/2014 16:01:49 | Computer Name = LPC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 05/04/2014 16:01:55 | Computer Name = LPC | Source = PNRPSvc | ID = 102
Description =

Error - 05/04/2014 16:01:55 | Computer Name = LPC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

Error - 05/04/2014 16:01:55 | Computer Name = LPC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 05/04/2014 16:02:02 | Computer Name = LPC | Source = PNRPSvc | ID = 102
Description =

Error - 05/04/2014 16:02:02 | Computer Name = LPC | Source = Service Control Manager | ID = 7023
Description = The Peer Name Resolution Protocol service terminated with the following
error: %%-2140993535

Error - 05/04/2014 16:02:02 | Computer Name = LPC | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Name Resolution
Protocol service which failed to start because of the following error: %%-2140993535

< End of report >

jsa112 · 05-04-2014 9:59pm

what browser is this happening in ? Does it happen on every site ?

WildSaffron · 05-04-2014 10:11pm

I generally use Firefox.

I did try to download on IE but the same thing was happening.

To install the old timer tool, I had to download it on another computer.

I have managed to download the other tools after several attempts, though.

jsa112 · 05-04-2014 10:26pm

in firefox click the help tab at the top, restart with add-ons disabled

does the problem still occur ?

WildSaffron · 05-04-2014 10:57pm

Yes - I did that and the problem still occurs - the dialogue box for downloading files appears - and one one clicks on "Save File" - nothing happens, and the Save File button greys out and the dialogue box hangs around the only way to get rid of it is to close Firefox through the Task Manager.

I took a screenshot.

jsa112 · 05-04-2014 11:01pm

honestly i'm not sure whats going on. your logs are all clean, and your problems arent typical virus issues. Id be 99% sure that your PC is clean from viruses

can try the following

re-install firefox
go into safe mode with networking, does it occur then ?

WildSaffron · 05-04-2014 11:43pm

1. Uninstalled and reinstalled Firefox
2. Am running in Safe Mode with Networking

The same problems are still there! - Can't download files easily, sometimes doubleclicking on something doesn't work as it did before, and I have no right click button.

I went into Fireworks and my selection tools aren't working.

I wondered if it were a hardware problem - I checked the Control Panel to see that the touchpad settings were ok - I am afraid I can't find where the touchpad is controlled from.

jsa112 · 05-04-2014 11:47pm

na wouldn't be a hardware problem id say. not sure much more advice I can give.

where are the popups sending to you, and what sites give you them ?

WildSaffron · 05-04-2014 11:49pm

The popups are gone now - just the problem morphed into weird changes on my computer and not being able to download files.

Thanks for all your help with this - it is a headscratcher, alright.

The Bogman · 06-04-2014 12:15am

Apologies for jumping on this thread,but I'm having similar problems.
Only in the last few hours, started having problems with ads. If it makes any difference,I use chrome. Some open tabs just randomly change to ads, as well as tabs with ads just opening by themselves. I've attached a pic of other ads that come up when I hover on words in text.
Any help would be appreciated. Never had bother before and completely clueless here

jsa112 · 06-04-2014 9:58am

either of you use RSS reader or things like that ?

bogman, do this

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files here

The Bogman · 06-04-2014 11:15am

OTL Extras logfile created on: 4/6/2014 10:57:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.93 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 65.65% Memory free
7.87 Gb Paging File | 6.29 Gb Available in Paging File | 80.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 101.56 Gb Free Space | 56.74% Space Free | Partition Type: NTFS
Drive

| 266.10 Gb Total Space | 69.53 Gb Free Space | 26.13% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BB92B6A-D134-483F-9AFB-0EB1FC6EF27B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1553C6EE-FE58-4F82-BA14-7F9A06013E68}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20EF9453-0E6C-4155-A661-CA33309BE21E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{21353298-517D-444A-AB7D-8C3D0FB11D9D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{29DC7B12-6E4B-49D7-83B1-CDF1B49BC90A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{2D0D0625-9109-4E9A-86EA-C13DC210F824}" = rport=445 | protocol=6 | dir=out | app=system |
"{2DCC6B5F-5688-4BF3-84A7-D7F59EBBE6B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3164B168-A04A-4FA6-995B-59FD2E4ACB79}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{33D796DC-201E-4FDB-8859-710CE2EE064E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3868D673-E363-4C38-B2E9-050AEB14E115}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3E2B1AF3-C7D6-4757-B761-E0BE0A3EEF95}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{430C60C2-DC7B-4D54-B855-1811C9A8A863}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4FCF4013-02CE-4A73-BFF2-A2DEDD7D8560}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6D3A6760-C0AB-4DB2-A948-59BC4013945A}" = lport=445 | protocol=6 | dir=in | app=system |
"{7718908E-FF59-4EDF-8D3F-EB3925CC4120}" = lport=139 | protocol=6 | dir=in | app=system |
"{7B118E41-53BF-462C-AD17-81ED57ECE91F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{89BF4CA6-BBE7-4FC7-9AFF-C6AC153405B8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A244EFBF-8524-483B-A537-5B7615BD1486}" = lport=137 | protocol=17 | dir=in | app=system |
"{A55B1AF4-0D73-44F0-BE69-33942CE21F6F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9821193-5E6C-4423-B3BE-85B633FF6F59}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA0979BC-963C-477C-AE22-00459F2DAFC9}" = rport=138 | protocol=17 | dir=out | app=system |
"{C175D50B-3B2C-4BB7-91CF-9362053EE623}" = rport=139 | protocol=6 | dir=out | app=system |
"{C77357C6-FDA2-4F1E-B8BA-9F180D7EDC62}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CE953274-3481-4246-807C-D188B703EBA8}" = lport=138 | protocol=17 | dir=in | app=system |
"{D8B9A211-0A7B-434B-8A83-7045F35D8169}" = rport=137 | protocol=17 | dir=out | app=system |
"{FBA63F90-E3D1-4FA3-8E92-AC741B6E8C8A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{051790AB-2B0F-4E7F-88E3-9FB0466FE248}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{084BB337-01E0-42B8-9767-F663C4E90EEB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0E7373F9-C582-4DCE-9EA4-256088A05D8E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{168B0EEB-C93B-45DA-8381-9DA1CCC36622}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1ECF6828-9558-437D-A223-1C430966192A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{23EF260C-B286-4C61-9637-A0964A4ED774}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3679D30D-5F47-4FEB-B2FC-8A5B36EEF781}" = dir=in | app=c:\users\user\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{3C39381E-C1A7-42C6-ABA9-491552C1B4A9}" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\rpds\bin\rpdsvc.exe |
"{444EEEEB-52E5-4B48-A83C-6EBEBE34ECED}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{452006E6-A965-412B-8603-67ED0E8A1CE2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4C6821C4-BB13-4FFE-9E61-E8D9FA987C0C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5ACD761B-1539-4796-93D0-2DD8BF8BDA5C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{68A2A602-30C3-406F-8258-9243DD094E1B}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{69E0FA1E-8206-43B7-8976-8929B1C6C5FD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6FD5E9FF-B76A-4194-8E31-206F2583BB4D}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{7ACA7E61-80FB-4B03-B807-2FB259E9D3E3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{87A59B10-49C3-4CF8-A6FC-6BF7FEE92D15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E69605F-BC0D-4E75-8D46-76C49D479950}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{94996B2F-FD22-466F-80A3-FF9B1FC397EE}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{96153E15-5DD1-4FA0-B705-1CA9F6264D07}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9D3D41E8-ED8C-46A5-AB71-8CAC64B9D1CA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9F4E6C9B-57F2-4E24-A006-AEEBC413A95A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A09C4E52-03B9-4ACE-8435-11F7B5C18028}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A5371150-19B2-4C03-9425-30868E5457A9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B0530D48-366B-4D53-BD84-977F19F919C8}" = protocol=6 | dir=out | app=system |
"{B435673E-91F1-482E-A168-4E49F8697445}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C615D0C6-6D42-48D8-83EB-C90FDC3D63B0}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{D2CF65B6-851B-4CED-AD04-C4882A997414}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{DDEF0D20-AB52-4B53-90FF-DA69230DFB15}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E1151F1F-BBE3-48A5-96C1-03F027C90E02}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E647434F-DCBE-4CEA-8EFB-65FFFA7C20B9}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{EA9918C2-2FBF-4279-9580-83D90C02AA63}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FEDE767F-99B6-4A25-9CAC-67E9533472CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{62DB7519-C886-4CB1-AC2A-032FD57AA33D}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
"TCP Query User{D380EC51-F027-4C83-9203-170094BA9910}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
"UDP Query User{983CC25E-6DD9-413D-B721-F939C50D11DC}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
"UDP Query User{A44EDB59-BBA9-4B89-9039-3A8AB2214BBB}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{215D88B7-661F-4C71-A7F9-75E53E9A5061}" = SolidWorks eDrawings 2012 x64 Edition SP02
"{21E47F47-C9A7-4454-BA48-388327B0EA00}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{3B12A1AA-A3FB-4047-9520-A8584425FF8F}" = DraftSight x64
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4C66F076-D3AB-49C8-85D4-BAA6D82FCAE2}" = SolidWorks 2012 x64 Edition SP02
"{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{6498E673-B9C2-4544-A722-1E854B5B573E}_is1" = Cold Turkey version 0.9
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Elantech" = ETDWare PS/2-X64 8.0.7.0_WHQL
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0765012B-51F6-4868-875E-9C14755B338C}" = RealDownloader
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1DF9729D-2A51-4CA1-B4CE-2B432D7ABA7C}" = Samsung AnyWeb Print
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34AB675C-1965-44B5-B5A7-B02EE6196AD3}" = Windows Live Messenger
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B345B4A-2E94-4346-A38F-17E1347A0DA7}" = HTC Sync
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{532802A1-6DD5-4D70-ACBD-CDF88AFFAE88}" = iMindMap 7
"{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{70BD2558-27DA-8B02-02D0-D8704ECD2EDF}" = savinshoP
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7BCAC0EB-3993-2416-0531-848C39DF8B65}" = ExtraShouppEr
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{8732818E-CA78-4ACB-B077-22311BF4C0E4}" = Easy Network Manager
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{8EB62C87-AAA6-4850-A5BC-64155884B973}" = SketchUp 8
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E308B555-8434-4AF8-B66F-729897C75F93}" = BatteryLifeExtender
"{E3AE96D6-E196-45B4-AF62-2B41998B9E37}" = UpdateService
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}" = Bing Bar
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Optimizer Pro_is1" = Optimizer Pro v3.2
"QuickTime" = QuickTime
"RealPlayer 17.0" = RealPlayer Cloud
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"SolidWorks Installation Manager 20120-40200-1100-100" = SolidWorks 2012 x64 Edition SP02
"WinLiveSuite" = Windows Live 程式集
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/2/2014 2:47:06 PM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =

Error - 4/2/2014 7:03:35 PM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =

Error - 4/3/2014 8:01:00 AM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =

Error - 4/3/2014 2:52:08 PM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =

Error - 4/3/2014 5:47:05 PM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =

Error - 4/4/2014 5:08:45 AM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =

Error - 4/5/2014 7:11:42 AM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =

Error - 4/5/2014 11:43:27 AM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =

Error - 4/5/2014 3:15:06 PM | Computer Name = user-PC | Source = Google Update | ID = 20
Description =

Error - 4/6/2014 5:48:34 AM | Computer Name = user-PC | Source = Application Virtualization Client | ID = 2005
Description = The Application Virtualization Core Service could not contact the
Service Control Dispatcher.

[ Media Center Events ]
Error - 9/12/2013 4:46:23 PM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 21:46:23 - Error connecting to the internet. 21:46:23 - Unable
to contact server..

Error - 9/12/2013 4:46:30 PM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 21:46:29 - Error connecting to the internet. 21:46:29 - Unable
to contact server..

Error - 9/27/2013 7:43:06 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 12:43:06 - Error connecting to the internet. 12:43:06 - Unable
to contact server..

Error - 9/27/2013 7:44:27 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 12:43:15 - Error connecting to the internet. 12:43:15 - Unable
to contact server..

Error - 10/8/2013 8:41:39 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 13:41:39 - Error connecting to the internet. 13:41:39 - Unable
to contact server..

Error - 10/8/2013 8:41:50 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 13:41:44 - Error connecting to the internet. 13:41:44 - Unable
to contact server..

Error - 10/8/2013 9:41:55 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 14:41:55 - Error connecting to the internet. 14:41:55 - Unable
to contact server..

Error - 10/8/2013 9:42:01 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 14:42:00 - Error connecting to the internet. 14:42:00 - Unable
to contact server..

Error - 10/8/2013 10:42:06 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 15:42:06 - Error connecting to the internet. 15:42:06 - Unable
to contact server..

Error - 10/8/2013 10:42:12 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 15:42:11 - Error connecting to the internet. 15:42:11 - Unable
to contact server..

[ System Events ]
Error - 4/5/2014 7:12:33 AM | Computer Name = user-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.100
with the system having network hardware address 84-7A-88-1D-09-3D. Network operations
on this system may be disrupted as a result.

Error - 4/5/2014 8:13:09 PM | Computer Name = user-PC | Source = DCOM | ID = 10010
Description =

Error - 4/5/2014 8:15:41 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the CTService
service to connect.

Error - 4/5/2014 8:15:41 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The CTService service failed to start due to the following error:
%%1053

Error - 4/6/2014 5:47:34 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the RealPlayer
Update Service service to connect.

Error - 4/6/2014 5:48:07 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 4/6/2014 5:48:20 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Client Virtualization Handler service depends on the Application
Virtualization Client service which failed to start because of the following error:
%%0

Error - 4/6/2014 5:48:23 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PxHlpa64

Error - 4/6/2014 5:53:08 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.

Error - 4/6/2014 5:55:51 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

< End of report >

The Bogman · 06-04-2014 11:16am

OTL logfile created on: 4/6/2014 10:57:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.93 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 65.65% Memory free
7.87 Gb Paging File | 6.29 Gb Available in Paging File | 80.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 101.56 Gb Free Space | 56.74% Space Free | Partition Type: NTFS
Drive

| 266.10 Gb Total Space | 69.53 Gb Free Space | 26.13% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/06 10:55:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2014/03/30 16:45:30 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
PRC - [2014/02/18 15:56:51 | 000,727,040 | ---- | M] () -- C:\Users\user\.thinkbuzan\imindmap7\preload\iMindMap7_Preloader.exe
PRC - [2014/02/06 18:17:53 | 001,141,336 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
PRC - [2014/02/06 18:17:45 | 000,296,008 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2014/01/28 17:13:54 | 000,418,808 | ---- | M] (PC Utilities Software Limited) -- C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
PRC - [2014/01/19 00:50:34 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/12/16 20:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
PRC - [2013/12/14 16:48:22 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2012/06/16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
PRC - [2012/02/03 13:34:58 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012/02/03 13:34:56 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2011/03/08 15:23:54 | 000,585,728 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011/02/07 10:55:24 | 001,757,264 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/08/27 02:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010/08/09 10:22:24 | 000,862,064 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/07/27 06:28:38 | 004,382,312 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2014/03/13 13:11:57 | 001,180,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll
MOD - [2014/03/13 13:11:33 | 012,894,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/03/13 13:11:20 | 001,644,544 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/03/13 13:11:04 | 001,947,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\a627e2bfb55b5f583da237b214097f34\Microsoft.VisualBasic.ni.dll
MOD - [2014/03/13 13:10:52 | 006,990,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/03/13 13:10:41 | 010,060,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/03/13 13:10:30 | 016,953,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/18 15:56:51 | 000,727,040 | ---- | M] () -- C:\Users\user\.thinkbuzan\imindmap7\preload\iMindMap7_Preloader.exe
MOD - [2012/05/25 05:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/03/08 15:23:54 | 000,585,728 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/03/08 15:23:54 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/03/08 15:23:52 | 000,352,256 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/03/08 15:23:52 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/03/08 15:23:52 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/03/08 15:23:52 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2010/05/07 15:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/03/01 05:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/16 01:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/12/08 02:04:20 | 000,062,976 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Cold Turkey\CTService.exe -- (CTService)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/08 23:18:41 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/12/27 14:59:14 | 000,123,392 | ---- | M] (Dassault Systèmes) [Auto | Running] -- C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe -- (DraftSight API Service)
SRV:64bit: - [2012/01/20 05:00:10 | 000,089,160 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV:64bit: - [2010/09/22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/09 20:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2009/07/14 02:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\rundll32.exe -- (70e6ca8c)
SRV - [2014/03/13 13:44:40 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/06 18:17:53 | 001,141,336 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe -- (RealPlayer Cloud Service)
SRV - [2013/12/16 20:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/12/16 20:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/12/16 18:44:52 | 000,023,552 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)
SRV - [2013/12/14 16:48:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/03/08 23:14:55 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2013/03/08 23:14:54 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/06/16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2012/02/03 13:34:58 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/06/01 07:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/07/06 03:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/06 03:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/07 05:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/22 02:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/18 03:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/18 02:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/04/06 10:24:28 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/05 12:03:48 | 002,768,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/07/25 19:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 20:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/10 03:01:56 | 000,111,616 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/07/08 09:28:46 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/04/27 08:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/08 21:08:36 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcVComV64.sys -- (HtcVCom32)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV - [2012/05/05 15:50:28 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120504.033\ex64.sys -- (NAVEX15)
DRV - [2012/05/05 15:50:28 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120504.033\eng64.sys -- (NAVENG)
DRV - [2012/04/28 01:18:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120505.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/04/05 20:16:18 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/04/05 20:16:18 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/04/03 00:38:04 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/08/26 08:47:41 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/09/23 02:03:00 | 000,026,720 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\PxHlpa64.sys -- (PxHlpa64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_en-GBIE464
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.4.61: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.7.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.7.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.7.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.4.61: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/04/06 09:42:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2014/04/06 10:48:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{10E4285F-D79B-4147-9447-81DFF109A394}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/02/06 18:19:29 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2014/03/26 18:30:46 | 000,001,273 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
O2:64bit: - BHO: (savinshoP) - {36A4A454-904F-B5FF-EBCA-88EA8E98CA1A} - C:\ProgramData\savinshoP\I1cfSLC.x64.dll ()
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (ExtraShouppEr) - {B431C372-C536-F46E-C08B-D6750754D1B7} - C:\ProgramData\ExtraShouppEr\XhyGBA.x64.dll ()
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (savinshoP) - {36A4A454-904F-B5FF-EBCA-88EA8E98CA1A} - C:\ProgramData\savinshoP\I1cfSLC.dll ()
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (W2PBrowser Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O2 - BHO: (ExtraShouppEr) - {B431C372-C536-F46E-C08B-D6750754D1B7} - C:\ProgramData\ExtraShouppEr\XhyGBA.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [{532802A1-6DD5-4D70-ACBD-CDF88AFFAE88}] C:\Users\user\Downloads\imindmap7_windows_7.0.2.exe (ThinkBuzan)
O4 - HKCU..\Run: [Facebook Update] C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Software Limited)
O4 - HKCU..\Run: [Spotify] C:\Users\user\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iMindMap7 Preloader.lnk = C:\Users\user\.thinkbuzan\imindmap7\preload\iMindMap7_Preloader.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1106A272-521F-470E-9981-77C73794F130}: DhcpNameServer = 10.220.1.10 10.220.1.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D64DDFE7-E070-425E-B87A-025EF1D5EAB4}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Optimizer Pro\OptProCrash_x64.dll) - C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll ()
O20 - AppInit_DLLs: (c:\progra~2\optimizer pro\optprocrash.dll) - c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/06 10:55:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2014/04/05 00:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\savinshoP
[2014/04/04 23:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\977078e4f2aec587
[2014/04/04 23:30:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Packages
[2014/04/04 23:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ExtraShouppEr
[2014/03/30 11:42:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/03/27 21:31:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Windows Live
[2014/03/27 21:30:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DDDC42E4-D929-4D6A-B277-6CA4B6D2807D}
[2014/03/25 20:46:50 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\FYPFYPFYP
[2014/03/25 20:24:42 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\****
[2014/03/19 19:55:34 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\FYP Done
[2014/03/11 13:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2014/03/09 20:11:36 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Optimizer Pro
[2014/03/09 20:11:31 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Optimizer Pro
[2014/03/09 20:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/03/09 20:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[1 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/04/06 11:01:21 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/06 11:01:21 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/06 10:55:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2014/04/06 10:54:47 | 000,783,464 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/04/06 10:54:47 | 000,667,564 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/04/06 10:54:47 | 000,126,950 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/04/06 10:51:51 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/06 10:48:38 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1964744218-1090075281-1278556077-1001UA.job
[2014/04/06 10:48:23 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/04/06 10:47:50 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1964744218-1090075281-1278556077-1001UA.job
[2014/04/06 10:47:42 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/04/06 01:15:31 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/06 01:14:41 | 4224,303,104 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/05 19:13:11 | 000,000,284 | ---- | M] () -- C:\windows\tasks\RMSchedule.job
[2014/04/05 16:47:00 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1964744218-1090075281-1278556077-1001Core.job
[2014/04/05 12:11:39 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1964744218-1090075281-1278556077-1001Core.job
[2014/04/01 23:24:08 | 000,000,000 | ---- | M] () -- C:\Users\user\Desktop\1396391048115.jpg
[2014/03/30 11:44:18 | 000,002,155 | ---- | M] () -- C:\windows\epplauncher.mif
[2014/03/20 23:20:40 | 000,434,096 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/03/15 10:57:56 | 000,002,362 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2014/03/13 13:02:21 | 000,767,774 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014/03/11 13:08:42 | 000,002,178 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[1 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/04/02 11:09:46 | 000,000,000 | ---- | C] () -- C:\Users\user\Desktop\1396391048115.jpg
[2014/03/25 11:41:46 | 003,500,720 | ---- | C] () -- C:\Users\user\Desktop\FYP Eoghan O Connor.pdf
[2014/03/11 13:08:42 | 000,002,178 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/03/10 13:46:01 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\Temptable.xml
[2013/03/08 23:28:34 | 000,000,000 | ---- | C] () -- C:\windows\eDrawingOfficeAutomator.INI
[2012/04/19 19:02:20 | 001,384,448 | ---- | C] () -- C:\Users\user\s-1-5-21-1964744218-1090075281-1278556077-1001.rrr
[2012/04/05 19:48:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/08 23:26:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DassaultSystemes
[2013/03/10 21:38:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DraftSight
[2013/03/10 13:09:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EDrawings
[2012/01/11 00:41:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FloodLightGames
[2012/07/03 20:32:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HTC
[2012/07/03 20:32:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2014/03/09 20:11:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Optimizer Pro
[2012/02/24 23:07:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PlayFirst
[2012/04/17 19:01:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Registry Mechanic
[2011/12/28 15:58:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Samsung
[2013/10/02 21:02:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SoftGrid Client
[2014/04/06 10:52:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Spotify
[2014/02/18 15:52:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ThinkBuzan
[2011/12/28 18:29:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TP
[2012/06/01 08:58:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangent

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

jsa112 · 06-04-2014 11:28am

this should help. go to add/remove programs and uninstall these

"{7BCAC0EB-3993-2416-0531-848C39DF8B65}" = ExtraShouppEr
"{70BD2558-27DA-8B02-02D0-D8704ECD2EDF}" = savinshoP

open OTL copy this into the box

:OTL
O2:64bit: - BHO: (savinshoP) - {36A4A454-904F-B5FF-EBCA-88EA8E98CA1A} - C:\ProgramData\savinshoP\I1cfSLC.x64.dll ()
O2:64bit: - BHO: (ExtraShouppEr) - {B431C372-C536-F46E-C08B-D6750754D1B7} - C:\ProgramData\ExtraShouppEr\XhyGBA.x64.dll ()
O2 - BHO: (savinshoP) - {36A4A454-904F-B5FF-EBCA-88EA8E98CA1A} - C:\ProgramData\savinshoP\I1cfSLC.dll ()
O2 - BHO: (ExtraShouppEr) - {B431C372-C536-F46E-C08B-D6750754D1B7} - C:\ProgramData\ExtraShouppEr\XhyGBA.dll ()
[2014/04/05 00:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\savinshoP
[2014/04/04 23:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ExtraShouppEr
[2014/04/04 23:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\977078e4f2aec587
[2014/04/04 23:30:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Packages

:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[EMPTYJAVA]
[CREATERESTOREPOINT]
[Reboot]
:Files
ipconfig /flushdns /c

click run fix post the log it gives

The Bogman · 06-04-2014 12:00pm

This might be a silly question, but how do I find add/remove programs to uninstall?

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36A4A454-904F-B5FF-EBCA-88EA8E98CA1A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36A4A454-904F-B5FF-EBCA-88EA8E98CA1A}\ deleted successfully.
C:\ProgramData\savinshoP\I1cfSLC.x64.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B431C372-C536-F46E-C08B-D6750754D1B7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B431C372-C536-F46E-C08B-D6750754D1B7}\ deleted successfully.
C:\ProgramData\ExtraShouppEr\XhyGBA.x64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36A4A454-904F-B5FF-EBCA-88EA8E98CA1A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36A4A454-904F-B5FF-EBCA-88EA8E98CA1A}\ deleted successfully.
C:\ProgramData\savinshoP\I1cfSLC.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B431C372-C536-F46E-C08B-D6750754D1B7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B431C372-C536-F46E-C08B-D6750754D1B7}\ deleted successfully.
C:\ProgramData\ExtraShouppEr\XhyGBA.dll moved successfully.
C:\ProgramData\savinshoP folder moved successfully.
C:\ProgramData\ExtraShouppEr folder moved successfully.
C:\ProgramData\977078e4f2aec587 folder moved successfully.
C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\{B431C372-C536-F46E-C08B-D6750754D1B7} folder moved successfully.
C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\{36A4A454-904F-B5FF-EBCA-88EA8E98CA1A} folder moved successfully.
C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC folder moved successfully.
C:\Users\user\AppData\Local\Packages\windows_ie_ac_001 folder moved successfully.
C:\Users\user\AppData\Local\Packages folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: user
->Temp folder emptied: 563292 bytes
->Temporary Internet Files folder emptied: 115874277 bytes
->Flash cache emptied: 58570 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25506 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 17884493 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42303946 bytes
RecycleBin emptied: 832512 bytes

Total Files Cleaned = 169.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: user
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: user

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 04062014_114652

Files\Folders moved on Reboot...
C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

jsa112 · 06-04-2014 12:19pm

i'm not too familiar with your operating system, don't worry if you cant find it

are you still getting the pop ups ?

The Bogman · 06-04-2014 12:23pm

I actually fond it and when I clicked on the two programs it told me they had already been deleted. Yep, still happening. Havent had any new tabs pop up or change, but I still have the ones like in the image attached above, aswell as a couple of others. Like when I open adverts.ie I get two different pop-ups for ebay.

jsa112 · 06-04-2014 12:43pm

run adwcleaner, delete what it finds, and post the log here

http://www.bleepingcomputer.com/download/adwcleaner/

The Bogman · 06-04-2014 12:56pm

# AdwCleaner v3.023 - Report created 06/04/2014 at 12:48:36
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : user - USER-PC
# Running from : C:\Users\user\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : 70e6ca8c

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\users\user\AppData\Local\CrashRpt
Folder Deleted : C:\users\user\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\users\user\AppData\Roaming\registry mechanic
Folder Deleted : C:\users\user\Documents\Optimizer Pro

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_draftsight_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_draftsight_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - pro\optprocrash.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - Pro\OptProCrash_x64.dll

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

*************************

AdwCleaner[R0].txt - [4376 octets] - [06/04/2014 12:47:26]
AdwCleaner[S0].txt - [4253 octets] - [06/04/2014 12:48:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4313 octets] ##########

jsa112 · 06-04-2014 1:23pm

hows it running, issue still there ? if so, download malwarebytes, update it and run a quick scan

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

The Bogman · 06-04-2014 1:55pm

Issues are still there. Updated and ran the scan. Gives me the option to quarantine, add exclusion, or ignore 4 detected items

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 06/04/2014
Scan Time: 13:53:07
Logfile: a.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.06.05
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: user

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 258236
Time Elapsed: 14 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.Installcore, C:\Users\user\Downloads\google-sketchup.exe, , [da43bd6a7b007abcc94fe70ab84b6f91],
PUP.Optional.Topmedia, C:\Users\user\Downloads\Star_Trek_Into_Darkness_2013_HDCAM_Version_2_Pimp4003_(PimpRG)_secure.exe, , [3ae3fe290c6f8caa0b688d55ab5837c9],
Adware.IBryte, C:\Users\user\Downloads\mplayer_Setup.exe, , [6cb16cbb314ada5c051c348e2ad68080],
PUP.Optional.Softonic, C:\Users\user\Downloads\SoftonicDownloader_for_draftsight.exe, , [b96458cfb2c9072f68dadf1ee818ff01],

Physical Sectors: 0
(No malicious items detected)

(end)

jsa112 · 06-04-2014 1:57pm

you can quarantine those

then open OTL click quickscan and post that log

The Bogman · 06-04-2014 2:20pm

OTL logfile created on: 4/6/2014 2:05:06 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.93 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 48.99% Memory free
7.87 Gb Paging File | 5.59 Gb Available in Paging File | 71.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 103.96 Gb Free Space | 58.08% Space Free | Partition Type: NTFS
Drive

| 266.10 Gb Total Space | 69.53 Gb Free Space | 26.13% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/06 10:55:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/03/30 16:45:30 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
PRC - [2014/02/18 15:56:51 | 000,727,040 | ---- | M] () -- C:\Users\user\.thinkbuzan\imindmap7\preload\iMindMap7_Preloader.exe
PRC - [2014/02/06 18:17:53 | 001,141,336 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
PRC - [2014/02/06 18:17:45 | 000,296,008 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2014/01/19 00:50:34 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/12/16 20:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
PRC - [2013/12/16 18:44:52 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
PRC - [2013/12/14 16:48:22 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/10/27 11:04:40 | 000,557,056 | ---- | M] () -- C:\Program Files\Cold Turkey\CTConfigServer.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/06/16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
PRC - [2012/02/03 13:34:58 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012/02/03 13:34:56 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2011/03/08 15:23:54 | 000,585,728 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011/02/07 10:55:24 | 001,757,264 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/08/09 10:22:24 | 000,862,064 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/07/27 06:28:38 | 004,382,312 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2010/02/10 15:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2014/03/15 01:50:40 | 013,637,448 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
MOD - [2014/03/15 01:50:40 | 000,394,568 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
MOD - [2014/03/15 01:50:38 | 004,061,000 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll
MOD - [2014/03/15 01:50:35 | 000,716,616 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
MOD - [2014/03/15 01:50:34 | 000,100,168 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\33.0.1750.154\libegl.dll
MOD - [2014/03/15 01:50:32 | 001,647,432 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
MOD - [2014/03/15 01:50:30 | 000,051,016 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
MOD - [2014/03/13 13:11:57 | 001,180,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll
MOD - [2014/03/13 13:11:33 | 012,894,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/03/13 13:11:20 | 001,644,544 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/03/13 13:11:04 | 001,947,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\a627e2bfb55b5f583da237b214097f34\Microsoft.VisualBasic.ni.dll
MOD - [2014/03/13 13:10:52 | 006,990,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/03/13 13:10:41 | 010,060,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/03/13 13:10:30 | 016,953,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/18 15:56:51 | 000,727,040 | ---- | M] () -- C:\Users\user\.thinkbuzan\imindmap7\preload\iMindMap7_Preloader.exe
MOD - [2012/05/25 05:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/03/08 15:23:54 | 000,585,728 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/03/08 15:23:54 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/03/08 15:23:52 | 000,352,256 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/03/08 15:23:52 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/03/08 15:23:52 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/03/08 15:23:52 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2010/05/07 15:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/03/01 05:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/16 01:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/12/08 02:04:20 | 000,062,976 | ---- | M] () [Auto | Running] -- C:\Program Files\Cold Turkey\CTService.exe -- (CTService)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/08 23:18:41 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/12/27 14:59:14 | 000,123,392 | ---- | M] (Dassault Systèmes) [Auto | Running] -- C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe -- (DraftSight API Service)
SRV:64bit: - [2012/01/20 05:00:10 | 000,089,160 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV:64bit: - [2010/09/22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/09 20:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/13 13:44:40 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/06 18:17:53 | 001,141,336 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe -- (RealPlayer Cloud Service)
SRV - [2013/12/16 20:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/12/16 20:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/12/16 18:44:52 | 000,023,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)
SRV - [2013/12/14 16:48:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/03/08 23:14:55 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2013/03/08 23:14:54 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/06/16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2012/02/03 13:34:58 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/06/01 07:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/04/06 14:01:36 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/07/06 03:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/06 03:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/07 05:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/22 02:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/18 03:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/18 02:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/04/06 10:24:28 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/05 12:03:48 | 002,768,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/07/25 19:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 20:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/10 03:01:56 | 000,111,616 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/07/08 09:28:46 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/04/27 08:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/08 21:08:36 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcVComV64.sys -- (HtcVCom32)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV - [2012/05/05 15:50:28 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120504.033\ex64.sys -- (NAVEX15)
DRV - [2012/05/05 15:50:28 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120504.033\eng64.sys -- (NAVENG)
DRV - [2012/04/28 01:18:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120505.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/04/05 20:16:18 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/04/05 20:16:18 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/04/03 00:38:04 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/08/26 08:47:41 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/09/23 02:03:00 | 000,026,720 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\PxHlpa64.sys -- (PxHlpa64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_en-GBIE464
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.4.61: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.7.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.7.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.7.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.4.61: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/04/06 09:42:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2014/04/06 14:03:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{10E4285F-D79B-4147-9447-81DFF109A394}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/02/06 18:19:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/02/06 18:19:29 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2014/04/06 11:48:00 | 000,000,098 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (W2PBrowser Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [{532802A1-6DD5-4D70-ACBD-CDF88AFFAE88}] C:\Users\user\Downloads\imindmap7_windows_7.0.2.exe (ThinkBuzan)
O4 - HKCU..\Run: [Facebook Update] C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\user\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iMindMap7 Preloader.lnk = C:\Users\user\.thinkbuzan\imindmap7\preload\iMindMap7_Preloader.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1106A272-521F-470E-9981-77C73794F130}: DhcpNameServer = 10.220.1.10 10.220.1.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D64DDFE7-E070-425E-B87A-025EF1D5EAB4}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Optimizer) - File not found
O20 - AppInit_DLLs: (c:\progra~2\optimizer) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/06 13:35:11 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/06 13:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/06 13:34:24 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/04/06 13:34:23 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/04/06 13:34:23 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/04/06 13:34:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/06 13:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/06 12:47:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/06 11:46:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/06 10:55:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2014/03/30 11:42:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/03/27 21:31:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Windows Live
[2014/03/27 21:30:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DDDC42E4-D929-4D6A-B277-6CA4B6D2807D}
[2014/03/25 20:46:50 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\FYPFYPFYP
[2014/03/25 20:24:42 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\****
[2014/03/19 19:55:34 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\FYP Done
[2014/03/11 13:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[1 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/04/06 14:08:55 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/06 14:08:55 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/06 14:03:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1964744218-1090075281-1278556077-1001UA.job
[2014/04/06 14:01:36 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/06 14:00:18 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/06 14:00:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/04/06 13:59:58 | 4224,303,104 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/06 13:51:13 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/06 13:47:05 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1964744218-1090075281-1278556077-1001UA.job
[2014/04/06 13:44:02 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/04/06 13:37:59 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/06 11:48:00 | 000,000,098 | R--- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2014/04/06 11:03:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1964744218-1090075281-1278556077-1001Core.job
[2014/04/06 10:55:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2014/04/06 10:54:47 | 000,783,464 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/04/06 10:54:47 | 000,667,564 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/04/06 10:54:47 | 000,126,950 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/04/05 19:13:11 | 000,000,284 | ---- | M] () -- C:\windows\tasks\RMSchedule.job
[2014/04/05 16:47:00 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1964744218-1090075281-1278556077-1001Core.job
[2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/04/01 23:24:08 | 000,000,000 | ---- | M] () -- C:\Users\user\Desktop\1396391048115.jpg
[2014/03/30 11:44:18 | 000,002,155 | ---- | M] () -- C:\windows\epplauncher.mif
[2014/03/20 23:20:40 | 000,434,096 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/03/15 10:57:56 | 000,002,362 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2014/03/13 13:02:21 | 000,767,774 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014/03/11 13:08:42 | 000,002,178 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[1 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/04/06 13:34:36 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/02 11:09:46 | 000,000,000 | ---- | C] () -- C:\Users\user\Desktop\1396391048115.jpg
[2014/03/25 11:41:46 | 003,500,720 | ---- | C] () -- C:\Users\user\Desktop\FYP Eoghan O Connor.pdf
[2014/03/11 13:08:42 | 000,002,178 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/03/10 13:46:01 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\Temptable.xml
[2013/03/08 23:28:34 | 000,000,000 | ---- | C] () -- C:\windows\eDrawingOfficeAutomator.INI
[2012/04/19 19:02:20 | 001,384,448 | ---- | C] () -- C:\Users\user\s-1-5-21-1964744218-1090075281-1278556077-1001.rrr
[2012/04/05 19:48:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/08 23:26:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DassaultSystemes
[2013/03/10 21:38:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DraftSight
[2013/03/10 13:09:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EDrawings
[2012/01/11 00:41:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FloodLightGames
[2012/07/03 20:32:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HTC
[2012/07/03 20:32:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012/02/24 23:07:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PlayFirst
[2011/12/28 15:58:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Samsung
[2013/10/02 21:02:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SoftGrid Client
[2014/04/06 14:03:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Spotify
[2014/02/18 15:52:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ThinkBuzan
[2011/12/28 18:29:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TP
[2012/06/01 08:58:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangent

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

jsa112 · 06-04-2014 2:36pm

can you go into the extension and add-on part of firefox and see if you can find anything relating to

savinshoP
ExtraShouppEr

remove them if they are there

The Bogman · 06-04-2014 2:40pm

Yep. Both were enabled as extensions. Deleted them and all seems to be running smoothly again. Thanks for all your help!

Help! Am being plagued by adware.

Comments