Page 1 of 5 123 ... LastLast
Results 1 to 10 of 47
  1. #1
    Member
    Join Date
    Dec 2008
    Location
    Austin, Texas
    Posts
    102
    Points
    4
    Blog Entries
    1

    Angry My Browser was hacked with a re-director or hijacker.....

    I have recently detected when I reboot my laptop and start my IE browser my home page is redirected to "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome". I am able to change the home page in Internet options but when I reboot my preference is deleted and replaced by the above.
    I am running IE 9, Windows Vista Home premium, Inspiron I720 with 3gb RAM. When running, almost immediatly, HiJack this, an alert pops up (see attached Hijack this log JPEG) "for some reason your system denied write access to hosts files. If any hijacker domain is included in this file, Hijack This may not be able to fix this file". I attached the HiJack Log which continued to run after I clicked ok.
    SuperAntispyware will locate several tracking cookies but no redirector or malicious software.

    Thank you.


    Hijack This log file.jpg


    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 12:42:52 PM, on 12/10/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16520)


    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\MyMorph\MyMorph.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_152_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\capndavid2001\Downloads\HijackThis.exe
    C:\Windows\System32\mspaint.exe
    C:\Windows\system32\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.duckduckgo
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [Genie TimeLine Tray] C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe -auto
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [LaCie Desktop Manager Startup] "C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: Fox News - Breaking News Updates | Latest News Headlines | Photos & News Videos
    O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} (Cisco NAC Web Agent Control) - https://172.25.75.24/auth/taweb.cab
    O16 - DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} (CCAWebLogin Control) - https://172.25.75.24/auth/CCALogin.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
    O23 - Service: Genie Timeline Service (GenieTimelineService) - Genie-Soft - C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LaCieDesktopManagerService - Unknown owner - C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe
    O23 - Service: AT&T Network Configuration Service (netcfgsvr) - AT&T - C:\Program Files\AT&T Global Network Client\netcfgsvr.exe
    O23 - Service: AT&T Global Network Client Service (NetClientSvc) - AT&T - C:\Program Files\AT&T Global Network Client\NetClientSvc.exe
    O23 - Service: AT&T Global Network Client Logging Service (NetLogSvc) - AT&T - C:\Program Files\AT&T Global Network Client\NetLogSvc.exe
    O23 - Service: PCTV Service (pctvsvc) - Pinnacle Systems Inc. - C:\Program Files\Pinnacle\PCTV To Go Setup Wizard\..\Drivers\pctvsvc.exe
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 12349 bytes

  2. The Following User Says Thank You to capndavid For This Useful Post:


  3. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,175
    Points
    1308

    Default

    Hello capndavid,

    Hi! My name is zep516 and Welcome to help2go
    I'll do the best I can to resolve your computer issue
    Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue. Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

    First

    Please uninstall C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    It will interfere with fixes, because Teatimer watches for registry key changes.

    NOTE
    All tools should be right clicked an ran as Administrator
    That's why you're getting that error with Hijackthis, because your not running it as Administrator

    Next

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double-click AdwCleaner.exe to run the tool.
      Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • Click the Scan button.
    • AdwCleaner will begin. Be patient as the scan may take some time to complete.
    • After the scan has finished, click the Report button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, please let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

    Do not clean anything yet

    Next

    Please download OTL to your Desktop
    • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox
      and
    • Check the option for All under the Extra Registry section
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

    Please post the contents of both OTL.txt and Extras.txt files in your next reply.

    Next

    Download Security Check by screen317 from Here or Here
    Save it to your Desktop.
    Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    In your next reply post:
    • AdwCleaner[R0].txt
    • Extras.txt
    • OTL.txt
    • checkup.txt
    )

    Thanks
    Joe
    Last edited by zep516; 12-10-2013 at 08:20 PM.

  4. The Following User Says Thank You to zep516 For This Useful Post:


  5. #3
    Member
    Join Date
    Dec 2008
    Location
    Austin, Texas
    Posts
    102
    Points
    4
    Blog Entries
    1

    Default

    Thank you Joe for the help. Attached are the files you requested....checkup.txt,OTL.Txt,Extras.Txt,

  6. The Following User Says Thank You to capndavid For This Useful Post:


  7. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,175
    Points
    1308

    Default

    Hi capndavid,

    Thanks for the log reports. There's no need to attach them. Just paste them into the forum. I'll do that now for you.

    I'll need time to review them, and speak with my instructor.

    Posting log reports

    OTL 12 11 13..
    OTL logfile created on: 12/10/2013 8:35:14 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\capndavid2001\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 27.07% Memory free
    6.18 Gb Paging File | 3.34 Gb Available in Paging File | 54.05% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 136.47 Gb Total Space | 20.57 Gb Free Space | 15.08% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 5.49 Gb Free Space | 54.93% Space Free | Partition Type: NTFS

    Computer Name: CAPNDAVID200-PC | User Name: capndavid2001 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/12/10 20:34:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\capndavid2001\Downloads\OTL.exe
    PRC - [2013/12/10 20:33:07 | 001,599,056 | ---- | M] (InstallX, LLC) -- C:\Users\capndavid2001\Downloads\7zip_14315_2210.exe
    PRC - [2013/12/07 11:31:31 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
    PRC - [2013/11/14 21:53:30 | 000,830,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_152_ActiveX.exe
    PRC - [2013/11/14 21:38:00 | 005,717,272 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2013/09/13 16:19:40 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2013/07/18 15:49:42 | 000,295,376 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
    PRC - [2013/07/18 15:49:42 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2013/07/18 15:49:24 | 000,995,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2013/04/21 20:43:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    PRC - [2013/04/05 11:59:08 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    PRC - [2013/04/05 11:58:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    PRC - [2013/04/05 11:58:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    PRC - [2012/09/07 15:25:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    PRC - [2011/07/29 09:36:14 | 002,456,576 | ---- | M] () -- C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe
    PRC - [2011/07/29 09:36:14 | 000,822,272 | ---- | M] () -- C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe
    PRC - [2011/02/02 08:25:04 | 001,051,264 | ---- | M] (Genie-soft) -- C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe
    PRC - [2011/02/02 08:25:02 | 000,362,624 | ---- | M] (Genie-Soft) -- C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe
    PRC - [2010/07/04 19:13:56 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    PRC - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
    PRC - [2010/06/14 19:55:52 | 000,039,936 | ---- | M] (The PHP Group) -- C:\Program Files\Genie-Soft\Genie Timeline\WebServer\PHP\php-cgi.exe
    PRC - [2010/06/14 19:53:48 | 001,417,216 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe
    PRC - [2010/06/10 14:26:12 | 000,079,200 | ---- | M] (AT&T) -- C:\Program Files\AT&T Global Network Client\NetLogSvc.exe
    PRC - [2010/06/10 14:26:00 | 000,476,000 | ---- | M] (AT&T) -- C:\Program Files\AT&T Global Network Client\netcfgsvr.exe
    PRC - [2010/06/10 14:25:40 | 000,349,536 | ---- | M] (AT&T) -- C:\Program Files\AT&T Global Network Client\NetClientSvc.exe
    PRC - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/03/06 11:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2007/09/27 22:54:54 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    PRC - [2007/09/27 22:54:48 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
    PRC - [2007/09/27 22:54:44 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
    PRC - [2007/09/24 03:27:38 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2007/09/24 03:27:30 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2007/09/24 03:27:28 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2007/09/24 03:27:28 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
    PRC - [2007/07/20 18:13:26 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
    PRC - [2007/07/11 08:15:58 | 000,202,800 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2007/07/11 08:15:38 | 000,198,704 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    PRC - [2007/06/27 17:03:18 | 000,125,952 | ---- | M] (Pinnacle Systems Inc.) -- C:\Program Files\Pinnacle\Drivers\pctvsvc.exe
    PRC - [2007/05/11 03:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    PRC - [2007/04/16 16:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
    PRC - [2007/03/15 12:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
    PRC - [1999/02/01 17:53:24 | 000,405,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2013/08/21 21:37:24 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
    MOD - [2013/08/21 21:37:03 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
    MOD - [2013/08/21 19:35:58 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
    MOD - [2013/07/11 03:06:38 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
    MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/07/29 09:36:14 | 002,456,576 | ---- | M] () -- C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe
    MOD - [2011/02/02 06:43:02 | 000,342,528 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSIndexDB.dll
    MOD - [2011/02/02 06:43:02 | 000,051,712 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\QueueManager.dll
    MOD - [2011/02/02 06:43:00 | 000,144,384 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\Settings.dll
    MOD - [2010/12/29 07:54:38 | 000,038,400 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSLogging.dll
    MOD - [2010/09/06 05:50:38 | 000,080,384 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSEncryption.dll
    MOD - [2010/09/06 05:50:38 | 000,072,192 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSCurl.dll
    MOD - [2010/08/30 21:42:12 | 000,023,040 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\WebServer\PHP\ext\php_gstl_interface.dll
    MOD - [2010/06/14 19:53:48 | 001,417,216 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe
    MOD - [2010/04/27 06:57:20 | 000,921,088 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\sqlite3.dll
    MOD - [2007/09/26 04:47:30 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
    MOD - [2007/03/21 13:33:40 | 000,065,536 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
    MOD - [2007/01/13 03:01:28 | 000,475,136 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll
    MOD - [2007/01/13 03:01:28 | 000,397,312 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll


    ========== Services (SafeList) ==========

    SRV - [2013/11/14 21:53:32 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2013/07/18 15:49:42 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2013/07/18 15:49:42 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2012/09/07 15:25:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2011/07/29 09:36:14 | 000,822,272 | ---- | M] () [Auto | Running] -- C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe -- (LaCieDesktopManagerService)
    SRV - [2011/02/02 08:25:02 | 000,362,624 | ---- | M] (Genie-Soft) [Auto | Running] -- C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe -- (GenieTimelineService)
    SRV - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
    SRV - [2010/06/10 14:26:12 | 000,079,200 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Global Network Client\NetLogSvc.exe -- (NetLogSvc)
    SRV - [2010/06/10 14:26:00 | 000,476,000 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Global Network Client\netcfgsvr.exe -- (netcfgsvr)
    SRV - [2010/06/10 14:25:40 | 000,349,536 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Global Network Client\NetClientSvc.exe -- (NetClientSvc)
    SRV - [2009/03/06 11:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
    SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/09/27 22:54:48 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
    SRV - [2007/09/27 22:54:44 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
    SRV - [2007/07/11 08:15:58 | 000,202,800 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
    SRV - [2007/06/27 17:03:18 | 000,125,952 | ---- | M] () [Auto | Running] -- C:\Program Files\Pinnacle\PCTV To Go Setup Wizard\..\Drivers\pctvsvc.exe -- (pctvsvc)
    SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\pnarp.sys -- (pnarp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\CAPNDA~1\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2013/06/18 20:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/05/16 10:44:17 | 000,083,968 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swiwdmbx.sys -- (swiwdmbx)
    DRV - [2011/05/13 12:53:00 | 000,215,552 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swg3kser00.sys -- (swg3kser00)
    DRV - [2011/03/03 13:40:22 | 000,208,128 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8ua3.sys -- (SWNC8UA3)
    DRV - [2011/01/17 11:24:58 | 000,275,088 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3)
    DRV - [2010/09/07 00:27:22 | 000,028,672 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PcaSp60.sys -- (PcaSp60)
    DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2010/06/10 14:08:20 | 000,166,912 | ---- | M] (AT&T) [Kernel | System | Running] -- C:\Windows\System32\drivers\agnfilt.sys -- (agnfilt)
    DRV - [2010/04/26 20:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
    DRV - [2010/04/26 20:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus)
    DRV - [2010/04/26 20:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
    DRV - [2010/02/25 12:48:16 | 000,011,392 | ---- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avpnnic.sys -- (avpnnic)
    DRV - [2009/09/28 08:55:38 | 000,052,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OXSDIDRV_x32.sys -- (OXSDIDRV_x32)
    DRV - [2008/08/22 09:05:42 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
    DRV - [2007/09/27 22:54:56 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/09/24 03:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2007/06/27 17:03:18 | 000,347,904 | ---- | M] (Pinnacle Sytems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PCTV_10.sys -- (HavaTV_10)
    DRV - [2007/06/27 17:03:18 | 000,347,904 | ---- | M] (Pinnacle Sytems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PCTV.sys -- (HAVATV)
    DRV - [2007/06/27 17:03:18 | 000,025,088 | ---- | M] (Pinnacle Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctvbus.sys -- (pctvbus)
    DRV - [2007/06/27 17:03:18 | 000,016,384 | ---- | M] (Pinnacle Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctvkey.sys -- (BoosterKey)
    DRV - [2007/06/27 17:03:18 | 000,014,848 | ---- | M] (Pinnacle Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctvnet.sys -- (havanet)
    DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/11/27 01:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2006/11/27 01:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/11/27 01:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2006/11/21 06:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2006/11/02 01:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
    DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
    IE - HKLM\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^YK^xdm002^S02465^us&si=CILu2L39nLICFedNTAodHHgAUw&ptb=4CB4AC84-E316-457B-A5FE-B4F5CB61470D&psa=&ind=2012090418&st=sb&n=77ee1032&searchfor={searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.duckduckgo
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 62 F4 31 9C 9C E7 CE 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {7CCA6552-433F-49F0-BC32-E896736B4338}
    IE - HKCU\..\SearchScopes\{7CCA6552-433F-49F0-BC32-E896736B4338}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20131250,20028,0,18,0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/13 16:21:51 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/13 16:21:51 | 000,000,000 | ---D | M]

    [2013/12/10 20:39:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\capndavid2001\AppData\Roaming\Mozilla\Extensions

    ========== Chrome ==========


    O1 HOSTS File: ([2013/07/18 19:27:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (ArcadeParlor Games) - {39AD0726-986D-40F9-972B-E3BFA24B7745} - C:\Users\capndavid2001\AppData\Local\ArcadeParlor\Arcadeparlor.dll ()
    O2 - BHO: (Fast Search) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
    O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
    O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
    O4 - HKLM..\Run: [Genie TimeLine Tray] C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe (Genie-soft)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
    O4 - HKLM..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck File not found
    O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
    O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
    O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
    O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
    O4 - HKCU..\Run: [LaCie Desktop Manager Startup] C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe ()
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
    O4 - HKLM..\RunOnce: [YTBChrInst] C:\Users\capndavid2001\AppData\Local\temp\1386729525\ChromeHelperProc.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: foxnews.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
    O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} https://172.25.75.24/auth/taweb.cab (Cisco NAC Web Agent Control)
    O16 - DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} https://172.25.75.24/auth/CCALogin.CAB (CCAWebLogin Control)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25CCCF37-120D-4D4A-8F10-CFEA457F0E33}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CAA0F40-D16B-4DC4-A6CB-077BD9F28F0F}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{862AA2AE-2419-4156-A2FC-BE9019C79955}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O20 - AppInit_DLLs: (IESearchPlugin32.dll) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
    O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
    O24 - Desktop WallPaper: C:\Users\capndavid2001\Pictures\Vic and Me\Photo046.jpg
    O24 - Desktop BackupWallPaper: C:\Users\capndavid2001\Pictures\Vic and Me\Photo046.jpg
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/12/10 20:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
    [2013/12/10 20:41:14 | 000,000,000 | ---D | C] -- C:\Users\capndavid2001\AppData\Roaming\Fighters
    [2013/12/10 20:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
    [2013/12/10 20:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
    [2013/12/10 20:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\Fighters
    [2013/12/10 20:39:45 | 000,000,000 | ---D | C] -- C:\Users\capndavid2001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
    [2013/12/10 20:39:42 | 000,000,000 | ---D | C] -- C:\Users\capndavid2001\AppData\Roaming\Mozilla
    [2013/12/10 20:39:32 | 000,000,000 | ---D | C] -- C:\Users\capndavid2001\AppData\Local\ArcadeParlor
    [2013/12/10 20:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
    [2013/12/10 20:37:30 | 000,000,000 | ---D | C] -- C:\Users\capndavid2001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2013/12/10 20:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2013/12/10 20:37:08 | 000,000,000 | ---D | C] -- C:\Users\capndavid2001\AppData\Roaming\Yahoo!
    [2013/12/10 20:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
    [2013/12/10 20:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\Surf Canyon
    [2013/12/10 11:36:09 | 000,000,000 | ---D | C] -- C:\Users\capndavid2001\AppData\Roaming\MyMorph
    [2013/12/10 11:36:03 | 000,000,000 | ---D | C] -- C:\Binaries
    [2013/12/10 11:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\MyMorph
    [2013/12/10 11:32:39 | 000,000,000 | ---D | C] -- C:\Users\capndavid2001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
    [2013/12/10 11:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Association Manager
    [2013/12/10 11:30:49 | 000,000,000 | ---D | C] -- C:\Users\capndavid2001\AppData\Roaming\FileAssociationManager
    [2013/12/10 11:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\FileAssociationManager
    [2013/12/10 11:30:31 | 000,000,000 | ---D | C] -- C:\Users\capndavid2001\AppData\Roaming\ConverterLite
    [2013/12/10 11:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
    [2013/12/10 11:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
    [2013/12/10 11:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
    [2013/12/10 09:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2013/12/06 08:55:14 | 000,000,000 | ---D | C] -- C:\Windows\Temp1D9C9B91-9A7C-ABC0-99A2-2E9C886CB19E-Signatures
    [2013/12/06 08:09:34 | 000,000,000 | ---D | C] -- C:\Windows\Migration
    [2013/12/06 08:05:19 | 000,000,000 | ---D | C] -- C:\Windows\TempA8E6C37B-0B41-17B5-6D96-F067604F0B0D-Signatures
    [2013/12/05 22:05:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2013/12/05 22:05:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2013/12/05 22:05:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2013/12/05 22:05:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2013/12/05 22:05:54 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2013/12/05 22:05:51 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2013/12/05 22:05:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2013/12/05 22:05:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2013/12/05 22:04:36 | 000,000,000 | ---D | C] -- C:\Windows\Temp20E73372-CC9E-78BE-AF21-0286D41F5870-Signatures
    [2013/12/05 22:00:39 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
    [2013/12/05 12:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
    [2013/12/05 12:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\REGSERVO
    [2013/11/23 13:19:52 | 000,041,280 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\drivers\PCASp50a64.sys
    [2013/11/23 13:19:51 | 000,061,440 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\ASIW32N50.dll
    [2013/11/23 13:19:51 | 000,052,800 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\drivers\PCASp50.sys
    [2013/11/23 13:19:51 | 000,016,302 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\ASINDIS5.sys
    [2013/11/23 13:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
    [2013/11/23 13:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
    [2013/11/23 12:55:44 | 000,028,672 | R--- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\drivers\PcaSp60.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/12/10 20:41:18 | 000,001,560 | ---- | M] () -- C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
    [2013/12/10 20:41:15 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-capndavid2001-Startup.job
    [2013/12/10 20:41:14 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-capndavid2001-Notification.job
    [2013/12/10 20:40:55 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\SLOW-PCfighter.lnk
    [2013/12/10 20:39:45 | 000,000,099 | ---- | M] () -- C:\Windows\Reimage.ini
    [2013/12/10 20:39:32 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\ArcadeParlor.job
    [2013/12/10 20:37:28 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/12/10 19:52:05 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/12/10 19:52:05 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/12/10 19:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/12/10 18:00:00 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
    [2013/12/10 12:27:19 | 000,200,460 | ---- | M] () -- C:\Users\capndavid2001\Desktop\Hijack This log file.jpg
    [2013/12/10 12:01:17 | 000,000,488 | ---- | M] () -- C:\Users\capndavid2001\Documents\David Zweigle Rentals.pdf
    [2013/12/10 11:58:44 | 000,642,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/12/10 11:58:44 | 000,120,150 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/12/10 11:54:25 | 000,000,486 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3 Startup Task.job
    [2013/12/10 11:52:40 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/12/10 11:51:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/12/10 11:51:45 | 3210,784,768 | -HS- | M] () -- C:\hiberfil.sys
    [2013/12/10 11:50:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2013/12/10 11:36:03 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\MyMorph.lnk
    [2013/12/10 11:30:33 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\ConverterLite.lnk
    [2013/12/10 09:41:37 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2013/12/08 17:48:57 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
    [2013/12/08 17:48:56 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\RegCure Pro.job
    [2013/12/06 08:56:08 | 000,002,113 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2013/11/19 04:21:30 | 000,230,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
    [2013/11/14 21:53:31 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/11/14 21:53:31 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/12/10 20:41:15 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\SLOW-PCfighter-capndavid2001-Startup.job
    [2013/12/10 20:41:14 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\SLOW-PCfighter-capndavid2001-Notification.job
    [2013/12/10 20:40:55 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\SLOW-PCfighter.lnk
    [2013/12/10 20:40:40 | 000,001,560 | ---- | C] () -- C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
    [2013/12/10 20:39:45 | 000,000,099 | ---- | C] () -- C:\Windows\Reimage.ini
    [2013/12/10 20:39:32 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\ArcadeParlor.job
    [2013/12/10 12:27:17 | 000,200,460 | ---- | C] () -- C:\Users\capndavid2001\Desktop\Hijack This log file.jpg
    [2013/12/10 12:01:17 | 000,000,488 | ---- | C] () -- C:\Users\capndavid2001\Documents\David Zweigle Rentals.pdf
    [2013/12/10 11:36:03 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\MyMorph.lnk
    [2013/12/10 11:36:03 | 000,001,814 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyMorph.lnk
    [2013/12/10 09:41:37 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2013/12/05 22:00:40 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
    [2013/11/23 13:19:50 | 000,015,577 | ---- | C] () -- C:\Windows\System32\ASINDIS3.vxd
    [2013/07/18 19:11:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/07/18 19:11:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/07/18 19:11:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/07/18 19:11:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/07/18 19:11:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/01/08 22:05:13 | 000,148,870 | ---- | C] () -- C:\Windows\hpoins19.dat
    [2013/01/08 22:04:51 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
    [2012/12/10 13:19:37 | 000,003,993 | ---- | C] () -- C:\Windows\checkip.dat
    [2012/11/11 09:23:17 | 000,798,720 | ---- | C] () -- C:\Windows\System32\FCPlayer.dll
    [2012/11/11 09:23:17 | 000,303,104 | ---- | C] () -- C:\Windows\System32\FCPlayer.exe
    [2012/11/11 09:23:17 | 000,180,224 | ---- | C] () -- C:\Windows\System32\FCNetLib.dll
    [2012/11/11 09:23:17 | 000,073,728 | ---- | C] () -- C:\Windows\System32\SearchLib.dll
    [2012/11/11 09:23:17 | 000,069,632 | ---- | C] () -- C:\Windows\System32\IPCamera.exe
    [2012/11/11 09:23:17 | 000,053,248 | ---- | C] () -- C:\Windows\System32\FCSDK.dll
    [2012/03/28 14:07:43 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
    [2012/03/27 19:43:30 | 000,005,864 | ---- | C] () -- C:\Users\capndavid2001\AppData\Local\d3d9caps.dat
    [2012/03/21 08:28:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2012/03/21 08:28:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2012/03/21 02:10:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2012/03/10 11:02:38 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2012/03/09 09:55:51 | 000,870,128 | ---- | C] () -- C:\Users\capndavid2001\AppData\Roaming\mcs.rma
    [2012/03/08 18:13:29 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
    [2012/03/08 18:13:29 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
    [2012/03/08 11:41:00 | 000,057,344 | ---- | C] () -- C:\Users\capndavid2001\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/02/25 12:23:40 | 000,217,942 | ---- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

    ========== ZeroAccess Check ==========

    [2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >


    Extra's .txt

    OTL Extras logfile created on: 12/10/2013 8:35:14 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\capndavid2001\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 27.07% Memory free
    6.18 Gb Paging File | 3.34 Gb Available in Paging File | 54.05% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 136.47 Gb Total Space | 20.57 Gb Free Space | 15.08% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 5.49 Gb Free Space | 54.93% Space Free | Partition Type: NTFS

    Computer Name: CAPNDAVID200-PC | User Name: capndavid2001 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00F49B2E-21F2-4C5A-A9C1-59ABD36EA66D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{1559BB74-62AE-4991-87CB-6DBA6759F08C}" = lport=445 | protocol=6 | dir=in | app=system |
    "{1D5D6AED-0CC0-4580-97F5-6302A5B3124D}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{1FE7A8FF-005B-4647-A53D-2B0CAA73F79D}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{1FFD85CD-9D68-4B0A-A72B-D71A0FEC8AB1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{2FE92060-96E7-4E77-A623-A7881DA731F1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{3F3C723D-09F7-45E8-A715-C329A37C11D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{3F91E591-1581-43E6-BF1A-12A75ED43EA5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{41F56659-25CB-4CE3-B984-C60F6900D1BB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4244CC59-0E7F-4C93-A4F0-4FF8F18E4C37}" = lport=1778 | protocol=17 | dir=in | name=pctv service |
    "{4B461AF4-AE5E-4B75-8BE1-815B7E594621}" = lport=1778 | protocol=17 | dir=in | name=pctv service |
    "{63097867-DC89-456B-96EB-CE31F14D506D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{7F5267D9-1084-4E2C-A420-63E8DCDB1895}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{806F6546-279B-4780-A90F-6F3CA35FB517}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{83004F41-C9C4-4661-86B7-B111EB0949AD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{8FC4BA35-FCA2-4F42-AA83-A6C2458BEE80}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{969D7BFF-5AF4-47A7-864F-EC2810BCA9E9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{A2A89208-28B3-4CB2-8112-9130DE0759F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{AF0474CE-5CB1-47BD-A97D-8D547CDAAC8D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C9CF6235-F6EA-47C0-8234-669329398B10}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D4854E8F-72CA-49B8-8542-1C39C0EAF978}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{E76D705A-6B06-4DE8-ABDA-B52B0B42E337}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EF877196-1745-4F55-9D9B-CD21E255AB86}" = lport=10243 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02B7C55F-704B-4B4F-A442-650B07E82A81}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{04A971EE-6069-49B3-BD85-B10B89C7E24B}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "{05A28FED-720D-423A-B2A5-F5DC8CA6CF56}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{0899D5FC-9E8E-4C59-9EB9-DA8C37385FAF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{0A1E8647-9088-4BE0-8187-4A6D8FF2D805}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
    "{0CA0F5DB-C5A8-4505-9948-35BA854BA849}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{10F1F1C8-DADF-4FC6-9366-0F44267D67AE}" = protocol=6 | dir=out | app=system |
    "{166158B2-626D-4D36-865E-31B06ABCE650}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{27B16B12-15EE-49A2-B119-B777BD99455E}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
    "{3443AF16-82CB-4D17-864C-E741B2D169D3}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
    "{349C65B7-CF62-4B6E-9E84-B480400FF43D}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
    "{3587AF70-726A-4DC2-9278-2A23F16E40E9}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
    "{38B4474C-38D3-4BBA-B4A3-A0307B52FB47}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
    "{49DDA028-4557-448F-A0D3-5A3AAF210F29}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{4A11D219-93A3-4EB7-BE07-61EC4B317F0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{54B2061D-5E17-4106-871B-11350992582F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{5DF6FF92-3BDF-4245-83ED-220A6CFE3001}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
    "{61506E02-7A3F-456F-9520-6B1E5880A39D}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
    "{62676F7E-5871-41DD-934D-A7C9F52CCE69}" = protocol=17 | dir=in | app=c:\program files\asus\rt-n66r wireless router utilities\qiswizard.exe |
    "{66125539-2602-470D-A56C-F2FBBA865960}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{6823EA88-64C7-42D0-9933-7BD91FF32A14}" = protocol=6 | dir=in | app=e:\routersetup\qiswizard.exe |
    "{6962F3C6-3E75-43AC-9D91-6575AA5DDC87}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
    "{72032D1F-64B3-4351-B977-B4B33078F0EA}" = protocol=6 | dir=in | app=c:\program files\asus\rt-n66r wireless router utilities\discovery.exe |
    "{746215A5-DAFB-4E29-9185-1DBFF5C541C4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{757CCDEF-3324-4D46-B4D1-4A9D8CC9C51B}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "{7938BDFC-A3B3-4622-876C-CB78BEA948F4}" = protocol=17 | dir=in | app=c:\program files\asus\rt-n66r wireless router utilities\discovery.exe |
    "{7B765400-D2D3-4ABF-AA5B-5AAFD7FAB5F7}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
    "{7F40835E-D464-440D-B46A-6328FF1EB57B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{976828FB-F910-4E35-92D9-2F42B647F32F}" = protocol=6 | dir=in | app=c:\program files\asus\rt-n66r wireless router utilities\qiswizard.exe |
    "{9BAF7144-1EBE-4E8C-820C-F7A8169F185E}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
    "{A0037EB3-234A-4050-A634-589340ED0AA8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{AE5A51FC-CFE8-4978-987E-DDB37E29F764}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
    "{AE98A09B-4392-461C-9E00-A90E892331E1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{B17E28E0-3A78-47F4-BB40-A407EBA33963}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{C651FE76-5F42-48AD-B661-62F75C9DFF92}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{C9E3ECD9-0B99-4EB3-8702-AA6990CE97B7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{CDFEF342-B886-428D-BD89-5DE475D2F593}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
    "{D9C88C48-E02F-4E08-B8C7-ABC2F05B0839}" = protocol=17 | dir=in | app=c:\program files\asus\rt-n66r wireless router utilities\rescue.exe |
    "{DF8A33EF-F202-46A6-ABEF-0498F18C22CA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{E23BCBC9-0AD9-4BAF-9569-ADDF0BAE2DED}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{E2D96D9A-E475-47C3-B2F1-F899B6FBBBB4}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
    "{E8BD7F61-D996-4268-9F3F-5C49D42BA03B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{F0A6D2FA-0B55-4AA2-9F8F-A5DEFB09137C}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
    "{F13066B1-DD11-4C02-AE44-BFD517F80B0B}" = protocol=6 | dir=in | app=c:\program files\asus\rt-n66r wireless router utilities\rescue.exe |
    "{FA6B29EB-A5DF-445A-A680-31A5F04C6037}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{FCB1A46D-283C-4981-86B0-36D658EDE0D9}" = protocol=6 | dir=out | app=system |
    "{FE9E6389-612F-4F34-86C0-0F714FEC3B10}" = protocol=17 | dir=in | app=e:\routersetup\qiswizard.exe |
    "TCP Query User{2B3ACD0C-15AA-49E0-B61F-38D13C6FDCCA}C:\windows\system32\ipcamera.exe" = protocol=6 | dir=in | app=c:\windows\system32\ipcamera.exe |
    "TCP Query User{7E0072B4-2BE2-4349-98DF-BEDF1521E740}C:\windows\system32\ipcamera.exe" = protocol=6 | dir=in | app=c:\windows\system32\ipcamera.exe |
    "TCP Query User{B5715681-0BB1-420E-A7E4-94C07A85303D}C:\program files\asus\rt-n66r wireless router utilities\discovery.exe" = protocol=6 | dir=in | app=c:\program files\asus\rt-n66r wireless router utilities\discovery.exe |
    "UDP Query User{07DE54B0-2A8B-4E4B-9376-90614A3836A8}C:\windows\system32\ipcamera.exe" = protocol=17 | dir=in | app=c:\windows\system32\ipcamera.exe |
    "UDP Query User{402288E3-8BBC-4CF6-B034-E49907DBECFE}C:\windows\system32\ipcamera.exe" = protocol=17 | dir=in | app=c:\windows\system32\ipcamera.exe |
    "UDP Query User{6C519BAF-E215-4C03-A704-A6817B275FCD}C:\program files\asus\rt-n66r wireless router utilities\discovery.exe" = protocol=17 | dir=in | app=c:\program files\asus\rt-n66r wireless router utilities\discovery.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
    "{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
    "{0228288D-975E-42F7-9993-E91A82E6BBD9}" = CWA Reminder by We-Care.com v4.1.24.3
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
    "{0BFCE729-2C99-4D94-944E-4B57878D3576}" = MyMorph
    "{0C141E39-BFED-40B3-ADA2-C58A6DC055E5}" = IP Camera Tool
    "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = QualxServ Service Agreement
    "{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}" = QuickSet
    "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
    "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1E06D48E-5448-4BCC-9F87-9FB4EBD59898}" = SA30xx Media Converter
    "{21AED9AC-929B-446B-8DE9-6D808CC38783}" = PD Media Converter
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
    "{289CDCBA-1E82-460A-9DCA-E9FB6BAC1A42}" = SA30xx Device Manager
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{3845209F-142E-4F48-B61A-AA34D2DB54BB}_is1" = LaCie Desktop Manager 1.4.1.84
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{405ABBEB-8DF1-4174-86C0-DCB5E1C78F14}" = NetDeviceManager
    "{43BEEE26-01A8-4EEE-8632-2353261E3B55}" = RemoteComms driver
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
    "{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
    "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
    "{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
    "{59D268DF-CCA9-44C5-8F96-2E51BB34C829}" = Microsoft Security Client
    "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7648D847-AEBC-4DEF-ADA2-F93314A5F4F2}" = SLOW-PCfighter
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
    "{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
    "{8307E622-89E1-435A-BC8A-678C678F6A43}" = SA30xx Media Converter
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
    "{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
    "{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
    "{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
    "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
    "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
    "{9C767081-9DB1-4C02-AB02-0E692CFEDA41}" = ASUS RT-N66R Wireless Router Utilities
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
    "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
    "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
    "{C547F361-5750-4CD1-9FB6-BC93827CB6C1}" = RegCure Pro
    "{C716522C-3731-4667-8579-40B098294500}" = Toolbox
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
    "{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
    "{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
    "{CC38C3D1-0359-4308-9DB8-194F8D92B2B6}" = PD Media Converter
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
    "{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
    "{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}" = iTunes
    "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
    "{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
    "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
    "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
    "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
    "{EFDD7E37-19B9-42BC-8200-4680F52ED786}" = AT&T Global Network Client LaptopConnect Edition
    "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
    "{F7226FD8-04F4-45E8-B742-2F2C68B545BF}" = AT&T Global Network Client LaptopConnect Edition
    "{F804CAE5-50B2-4646-803A-A428325237CA}" = Driver Installer
    "{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
    "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
    "7-Zip 9.20" = 7-Zip 9.20
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
    "ConverterLite" = ConverterLite 1.6.6.0
    "FileAssociationManager" = File Association Manager
    "Genie Timeline" = LaCie Genie Timeline 2.1
    "HP Imaging Device Functions" = HP Imaging Device Functions 8.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
    "HPExtendedCapabilities" = HP Customer Participation Program 8.0
    "HPOCR" = HP OCR Software 8.0
    "InstallShield_{0BFCE729-2C99-4D94-944E-4B57878D3576}" = MyMorph
    "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "MediaMonkey_is1" = MediaMonkey 3.2
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Security Client" = Microsoft Security Essentials
    "Network MagicUninstall" = Network Magic
    "NoIPDUC" = No-IP DUC
    "PCTV To Go Player_is1" = PCTV To Go Player 1.7.0.231
    "PCTV To Go_is1" = PCTV To Go Setup Wizard 1.7.0.249
    "RealPlayer 16.0" = RealPlayer
    "Reimage Repair" = Reimage Repair
    "Rhapsody" = Rhapsody
    "SLOW-PCfighter" = SLOW-PCfighter
    "Surf Canyon" = Search Manager Service
    "VLC media player" = VLC media player 2.0.6
    "Wuala CBFS" = Wuala CBFS
    "Wuala OverlayIcons" = Wuala OverlayIcons

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{B74443DB-5A88-4583-860A-F0D06EF399E3}" = ArcadeParlor
    "Wuala" = Wuala

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 12/3/2013 3:07:25 PM | Computer Name = capndavid200-PC | Source = Windows Search Service | ID = 3029
    Description =

    Error - 12/3/2013 3:07:25 PM | Computer Name = capndavid200-PC | Source = Windows Search Service | ID = 3028
    Description =

    Error - 12/3/2013 3:07:25 PM | Computer Name = capndavid200-PC | Source = Windows Search Service | ID = 3058
    Description =

    Error - 12/3/2013 3:12:16 PM | Computer Name = capndavid200-PC | Source = Perflib | ID = 1010
    Description =

    Error - 12/3/2013 3:12:16 PM | Computer Name = capndavid200-PC | Source = Perflib | ID = 1008
    Description =

    Error - 12/4/2013 10:56:54 AM | Computer Name = capndavid200-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
    Dependent
    Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 12/4/2013 11:20:47 AM | Computer Name = capndavid200-PC | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 9.0.8112.16514, time stamp
    0x523ec269, faulting module jscript9.dll, version 9.0.8112.16514, time stamp 0x523ec4c9,
    exception code 0xc0000005, fault offset 0x00006af7, process id 0x1360, application
    start time 0x01cef1013eb574e0.

    Error - 12/5/2013 2:32:05 PM | Computer Name = capndavid200-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16514 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 63c Start Time: 01cef14554ec9f90 Termination Time: 32

    Error - 12/6/2013 12:05:20 AM | Computer Name = capndavid200-PC | Source = MsiInstaller | ID = 11921
    Description =

    Error - 12/6/2013 12:05:25 AM | Computer Name = capndavid200-PC | Source = Microsoft Security Client Setup | ID = 100
    Description = HRESULT:0x8004FF80 Description:Cannot complete the Security Essentials
    Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing.
    The previous version of Security Essentials was restored. Error code:0x8004FF80.

    [ Broadcom Wireless LAN Events ]
    Error - 6/25/2013 11:25:50 PM | Computer Name = capndavid200-PC | Source = WLAN-Tray | ID = 0
    Description = 22:25:50, Tue, Jun 25, 13 Error - Unable to gain access to user store


    Error - 7/21/2013 8:41:50 PM | Computer Name = capndavid200-PC | Source = WLAN-Tray | ID = 0
    Description = 19:41:50, Sun, Jul 21, 13 Error - Unable to gain access to user store


    Error - 8/21/2013 9:28:46 PM | Computer Name = capndavid200-PC | Source = WLAN-Tray | ID = 0
    Description = 20:28:43, Wed, Aug 21, 13 Error - Unable to gain access to user store


    Error - 9/8/2013 7:18:25 AM | Computer Name = capndavid200-PC | Source = WLAN-Tray | ID = 0
    Description = 06:18:24, Sun, Sep 08, 13 Error - Unable to gain access to user store


    Error - 9/25/2013 9:39:19 AM | Computer Name = capndavid200-PC | Source = WLAN-Tray | ID = 0
    Description = 08:39:15, Wed, Sep 25, 13 Error - Unable to gain access to user store


    Error - 11/9/2013 12:31:16 PM | Computer Name = capndavid200-PC | Source = WLAN-Tray | ID = 0
    Description = 10:31:15, Sat, Nov 09, 13 Error - Unable to gain access to user store


    Error - 11/11/2013 4:50:27 PM | Computer Name = capndavid200-PC | Source = WLAN-Tray | ID = 0
    Description = 14:50:26, Mon, Nov 11, 13 Error - Unable to gain access to user store


    Error - 11/13/2013 12:09:46 PM | Computer Name = capndavid200-PC | Source = WLAN-Tray | ID = 0
    Description = 10:09:44, Wed, Nov 13, 13 Error - Unable to gain access to user store


    Error - 11/23/2013 4:17:43 PM | Computer Name = capndavid200-PC | Source = WLAN-Tray | ID = 0
    Description = 14:17:34, Sat, Nov 23, 13 Error - Unable to gain access to user store


    Error - 12/3/2013 3:07:11 PM | Computer Name = capndavid200-PC | Source = WLAN-Tray | ID = 0
    Description = 13:07:09, Tue, Dec 03, 13 Error - Unable to gain access to user store


    [ System Events ]
    Error - 12/10/2013 3:27:37 PM | Computer Name = capndavid200-PC | Source = Service Control Manager | ID = 7031
    Description =

    Error - 12/10/2013 3:27:37 PM | Computer Name = capndavid200-PC | Source = Service Control Manager | ID = 7031
    Description =

    Error - 12/10/2013 3:27:37 PM | Computer Name = capndavid200-PC | Source = Service Control Manager | ID = 7031
    Description =

    Error - 12/10/2013 3:27:37 PM | Computer Name = capndavid200-PC | Source = Service Control Manager | ID = 7031
    Description =

    Error - 12/10/2013 3:27:37 PM | Computer Name = capndavid200-PC | Source = Service Control Manager | ID = 7031
    Description =

    Error - 12/10/2013 3:27:37 PM | Computer Name = capndavid200-PC | Source = Service Control Manager | ID = 7031
    Description =

    Error - 12/10/2013 3:27:37 PM | Computer Name = capndavid200-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 12/10/2013 3:27:37 PM | Computer Name = capndavid200-PC | Source = Service Control Manager | ID = 7031
    Description =

    Error - 12/10/2013 3:27:37 PM | Computer Name = capndavid200-PC | Source = Service Control Manager | ID = 7031
    Description =

    Error - 12/10/2013 3:27:37 PM | Computer Name = capndavid200-PC | Source = Service Control Manager | ID = 7031
    Description =


    < End of report >

    Check up.txt

    Results of screen317's Security Check version 0.99.77
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    SUPERAntiSpyware
    Malwarebytes Anti-Malware version 1.75.0.1300
    Java 7 Update 9
    Java version out of Date!
    Adobe Reader 8 Adobe Reader out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````

  8. The Following User Says Thank You to zep516 For This Useful Post:


  9. #5
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,175
    Points
    1308

    Default

    Hi,
    I'm missing the Adwcleaner log report, would you please provide that.

    First
    Please remove these programs from your Programs an features list:
    Lets remove all of those programs listed below:
    ==> Click > Start > Control Panel > Programs & Features.

    • SLOW-PCfighter
      Slow PCFighter is a program, which we can categorize as fake system optimizer
    • RegCure Pro
    • Java 7 Update 9
    Old versions of Java can be an infection risk.

    The problem that registry cleaners can create, however, is when they are too aggressive in cleaning out your registry. And since there is so much competition in this category of software utility, the software makers promise better results by being more aggressive. They improperly delete keys and values, so that when a software program goes looking for the information, it is no longer there.
    And other Windows experts agree: Why I don’t use registry cleaners | Ed Bott
    Next

    Your Adobe Reader is out of date
    Please up-Date Adobe from Here.
    Pay attention and un-check any Pre[checked software offers before downloading, Adobe tries to install McAfee Scanner.

    Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
    http://www.java.com/en/download/help/plugin_cache.xml
    Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
    Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. If that is the case then you should go in to Control panels, Java, Security and set the slider to the highest level.

    Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

    In your next reply post the
    AdwCleaner log, as outlined in post #2

    Thanks
    Joe

  10. The Following User Says Thank You to zep516 For This Useful Post:


  11. #6
    Member
    Join Date
    Dec 2008
    Location
    Austin, Texas
    Posts
    102
    Points
    4
    Blog Entries
    1

    Default

    While downloading the newest adobe reader version an alert requires me to close the adobe 8 application but when I try to uninstall the previous version 8 I again am restricted by no admin rights. I don't understand why the restriction and how do I close the adobe 8 reader without uninstalling the applacation?
    Last edited by capndavid; 12-13-2013 at 08:24 PM. Reason: updates

  12. The Following User Says Thank You to capndavid For This Useful Post:


  13. #7
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,175
    Points
    1308

    Default

    Can you just install the new adobe, you don't need to uninstall the old one.

    requires me to close the adobe 8 application
    If you still get That message

    Open Task manager, click Application tab right click on Adobe if you see it and end task. You will get a warning go ahead an do it if you can.

    Joe

  14. The Following 2 Users Say Thank You to zep516 For This Useful Post:


  15. #8
    Member
    Join Date
    Dec 2008
    Location
    Austin, Texas
    Posts
    102
    Points
    4
    Blog Entries
    1

    Default

    Hello Joe,
    I was able to download the Adobe upgrade with the help of a technician from Adobe online. i hope its correct anyway. For clarity, i reran the entire list of analyst scan tools you requested so please review the latest scans. i also noticed the first scan i didn't follow your suggestions as requested. Thats my bad, a problem all my life. so you may see more information with this update. thanks for helping. BTW i still am not able to delete Java Vers 9.

    # AdwCleaner v3.015 - Report created 13/12/2013 at 15:46:20
    # Updated 10/12/2013 by Xplode
    # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Username : capndavid2001 - CAPNDAVID200-PC
    # Running from : C:\Users\capndavid2001\Desktop\PC Maintenance\AdwCleaner (1).exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\Users\CAPNDA~1\AppData\Local\Temp\Uninstall.exe
    File Found : C:\Windows\System32\Tasks\NCH Software
    Folder Found C:\Program Files\NCH Software
    Folder Found C:\Program Files\ParetoLogic
    Folder Found C:\Program Files\Surf Canyon
    Folder Found C:\ProgramData\apn
    Folder Found C:\ProgramData\NCH Software
    Folder Found C:\ProgramData\ParetoLogic
    Folder Found C:\ProgramData\WeCareReminder
    Folder Found C:\Users\capndavid2001\AppData\LocalLow\iac
    Folder Found C:\Users\capndavid2001\AppData\Roaming\DriverCure
    Folder Found C:\Users\capndavid2001\AppData\Roaming\ParetoLogic
    Folder Found C:\Users\capndavid2001\AppData\Roaming\pccustubinstaller

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\AppDataLow\Software\Surf Canyon
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Surf Canyon
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Found : HKCU\Software\NCH Software
    Key Found : HKCU\Software\ParetoLogic
    Key Found : HKCU\Software\Surf Canyon
    Key Found : HKCU\Software\wecarereminder
    Key Found : HKCU\Software\YahooPartnerToolbar
    Key Found : HKLM\SOFTWARE\Classes\.bdc
    Key Found : HKLM\SOFTWARE\Classes\.bgl
    Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
    Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLL
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
    Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
    Key Found : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Found : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite
    Key Found : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5}
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\InstallIQ
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf Canyon
    Key Found : HKLM\Software\NCH Software
    Key Found : HKLM\Software\ParetoLogic
    Key Found : HKLM\Software\Surf Canyon

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16520


    -\\ Google Chrome v

    [ File : C:\Users\capndavid2001\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [6554 octets] - [11/12/2013 11:57:30]
    AdwCleaner[R1].txt - [5307 octets] - [13/12/2013 15:46:20]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [5367 octets] ##########

    OTL Extras logfile created on: 12/13/2013 3:28:59 PM - Run 3
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\capndavid2001\Desktop\PC Maintenance
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 52.87% Memory free
    6.18 Gb Paging File | 4.64 Gb Available in Paging File | 75.08% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 136.47 Gb Total Space | 20.75 Gb Free Space | 15.21% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 5.49 Gb Free Space | 54.93% Space Free | Partition Type: NTFS

    Computer Name: CAPNDAVID200-PC | User Name: capndavid2001 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = ComFile] -- "%1" %*
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00F49B2E-21F2-4C5A-A9C1-59ABD36EA66D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{1559BB74-62AE-4991-87CB-6DBA6759F08C}" = lport=445 | protocol=6 | dir=in | app=system |
    "{1D5D6AED-0CC0-4580-97F5-6302A5B3124D}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{1FE7A8FF-005B-4647-A53D-2B0CAA73F79D}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{1FFD85CD-9D68-4B0A-A72B-D71A0FEC8AB1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{2FE92060-96E7-4E77-A623-A7881DA731F1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{3F3C723D-09F7-45E8-A715-C329A37C11D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{3F91E591-1581-43E6-BF1A-12A75ED43EA5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{41F56659-25CB-4CE3-B984-C60F6900D1BB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4244CC59-0E7F-4C93-A4F0-4FF8F18E4C37}" = lport=1778 | protocol=17 | dir=in | name=pctv service |
    "{4B461AF4-AE5E-4B75-8BE1-815B7E594621}" = lport=1778 | protocol=17 | dir=in | name=pctv service |
    "{63097867-DC89-456B-96EB-CE31F14D506D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{7F5267D9-1084-4E2C-A420-63E8DCDB1895}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{806F6546-279B-4780-A90F-6F3CA35FB517}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{83004F41-C9C4-4661-86B7-B111EB0949AD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{8FC4BA35-FCA2-4F42-AA83-A6C2458BEE80}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{969D7BFF-5AF4-47A7-864F-EC2810BCA9E9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{A2A89208-28B3-4CB2-8112-9130DE0759F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{AF0474CE-5CB1-47BD-A97D-8D547CDAAC8D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C9CF6235-F6EA-47C0-8234-669329398B10}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D4854E8F-72CA-49B8-8542-1C39C0EAF978}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{E76D705A-6B06-4DE8-ABDA-B52B0B42E337}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EF877196-1745-4F55-9D9B-CD21E255AB86}" = lport=10243 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02B7C55F-704B-4B4F-A442-650B07E82A81}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{04A971EE-6069-49B3-BD85-B10B89C7E24B}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "{05A28FED-720D-423A-B2A5-F5DC8CA6CF56}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{0899D5FC-9E8E-4C59-9EB9-DA8C37385FAF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{0A1E8647-9088-4BE0-8187-4A6D8FF2D805}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
    "{0CA0F5DB-C5A8-4505-9948-35BA854BA849}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{10F1F1C8-DADF-4FC6-9366-0F44267D67AE}" = protocol=6 | dir=out | app=system |
    "{166158B2-626D-4D36-865E-31B06ABCE650}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{27B16B12-15EE-49A2-B119-B777BD99455E}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
    "{3443AF16-82CB-4D17-864C-E741B2D169D3}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
    "{349C65B7-CF62-4B6E-9E84-B480400FF43D}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
    "{3587AF70-726A-4DC2-9278-2A23F16E40E9}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
    "{38B4474C-38D3-4BBA-B4A3-A0307B52FB47}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
    "{49DDA028-4557-448F-A0D3-5A3AAF210F29}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{4A11D219-93A3-4EB7-BE07-61EC4B317F0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{54B2061D-5E17-4106-871B-11350992582F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{5DF6FF92-3BDF-4245-83ED-220A6CFE3001}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
    "{61506E02-7A3F-456F-9520-6B1E5880A39D}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
    "{62676F7E-5871-41DD-934D-A7C9F52CCE69}" = protocol=17 | dir=in | app=c:\program files\asus\rt-n66r wireless router utilities\qiswizard.exe |
    "{66125539-2602-470D-A56C-F2FBBA865960}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{6823EA88-64C7-42D0-9933-7BD91FF32A14}" = protocol=6 | dir=in | app=e:\routersetup\qiswizard.exe |
    "{6962F3C6-3E75-43AC-9D91-6575AA5DDC87}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
    "{72032D1F-64B3-4351-B977-B4B33078F0EA}" = protocol=6 | dir=in | app=c:\program files\asus\rt-n66r wireless router utilities\discovery.exe |
    "{746215A5-DAFB-4E29-9185-1DBFF5C541C4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{757CCDEF-3324-4D46-B4D1-4A9D8CC9C51B}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "{7938BDFC-A3B3-4622-876C-CB78BEA948F4}" = protocol=17 | dir=in | app=c:\program files\asus\rt-n66r wireless router utilities\discovery.exe |
    "{7B765400-D2D3-4ABF-AA5B-5AAFD7FAB5F7}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
    "{7F40835E-D464-440D-B46A-6328FF1EB57B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{976828FB-F910-4E35-92D9-2F42B647F32F}" = protocol=6 | dir=in | app=c:\program files\asus\rt-n66r wireless router utilities\qiswizard.exe |
    "{9BAF7144-1EBE-4E8C-820C-F7A8169F185E}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
    "{A0037EB3-234A-4050-A634-589340ED0AA8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{AE5A51FC-CFE8-4978-987E-DDB37E29F764}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
    "{AE98A09B-4392-461C-9E00-A90E892331E1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{B17E28E0-3A78-47F4-BB40-A407EBA33963}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{C651FE76-5F42-48AD-B661-62F75C9DFF92}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{C9E3ECD9-0B99-4EB3-8702-AA6990CE97B7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{CDFEF342-B886-428D-BD89-5DE475D2F593}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
    "{D9C88C48-E02F-4E08-B8C7-ABC2F05B0839}" = protocol=17 | dir=in | app=c:\program files\asus\rt-n66r wireless router utilities\rescue.exe |
    "{DF8A33EF-F202-46A6-ABEF-0498F18C22CA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{E23BCBC9-0AD9-4BAF-9569-ADDF0BAE2DED}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{E2D96D9A-E475-47C3-B2F1-F899B6FBBBB4}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
    "{E8BD7F61-D996-4268-9F3F-5C49D42BA03B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{F0A6D2FA-0B55-4AA2-9F8F-A5DEFB09137C}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
    "{F13066B1-DD11-4C02-AE44-BFD517F80B0B}" = protocol=6 | dir=in | app=c:\program files\asus\rt-n66r wireless router utilities\rescue.exe |
    "{FA6B29EB-A5DF-445A-A680-31A5F04C6037}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{FCB1A46D-283C-4981-86B0-36D658EDE0D9}" = protocol=6 | dir=out | app=system |
    "{FE9E6389-612F-4F34-86C0-0F714FEC3B10}" = protocol=17 | dir=in | app=e:\routersetup\qiswizard.exe |
    "TCP Query User{2B3ACD0C-15AA-49E0-B61F-38D13C6FDCCA}C:\windows\system32\ipcamera.exe" = protocol=6 | dir=in | app=c:\windows\system32\ipcamera.exe |
    "TCP Query User{7E0072B4-2BE2-4349-98DF-BEDF1521E740}C:\windows\system32\ipcamera.exe" = protocol=6 | dir=in | app=c:\windows\system32\ipcamera.exe |
    "TCP Query User{B5715681-0BB1-420E-A7E4-94C07A85303D}C:\program files\asus\rt-n66r wireless router utilities\discovery.exe" = protocol=6 | dir=in | app=c:\program files\asus\rt-n66r wireless router utilities\discovery.exe |
    "UDP Query User{07DE54B0-2A8B-4E4B-9376-90614A3836A8}C:\windows\system32\ipcamera.exe" = protocol=17 | dir=in | app=c:\windows\system32\ipcamera.exe |
    "UDP Query User{402288E3-8BBC-4CF6-B034-E49907DBECFE}C:\windows\system32\ipcamera.exe" = protocol=17 | dir=in | app=c:\windows\system32\ipcamera.exe |
    "UDP Query User{6C519BAF-E215-4C03-A704-A6817B275FCD}C:\program files\asus\rt-n66r wireless router utilities\discovery.exe" = protocol=17 | dir=in | app=c:\program files\asus\rt-n66r wireless router utilities\discovery.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
    "{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
    "{0228288D-975E-42F7-9993-E91A82E6BBD9}" = CWA Reminder by We-Care.com v4.1.24.3
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
    "{0BFCE729-2C99-4D94-944E-4B57878D3576}" = MyMorph
    "{0C141E39-BFED-40B3-ADA2-C58A6DC055E5}" = IP Camera Tool
    "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = QualxServ Service Agreement
    "{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}" = QuickSet
    "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
    "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1E06D48E-5448-4BCC-9F87-9FB4EBD59898}" = SA30xx Media Converter
    "{21AED9AC-929B-446B-8DE9-6D808CC38783}" = PD Media Converter
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
    "{289CDCBA-1E82-460A-9DCA-E9FB6BAC1A42}" = SA30xx Device Manager
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{3845209F-142E-4F48-B61A-AA34D2DB54BB}_is1" = LaCie Desktop Manager 1.4.1.84
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{405ABBEB-8DF1-4174-86C0-DCB5E1C78F14}" = NetDeviceManager
    "{43BEEE26-01A8-4EEE-8632-2353261E3B55}" = RemoteComms driver
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
    "{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
    "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
    "{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
    "{59D268DF-CCA9-44C5-8F96-2E51BB34C829}" = Microsoft Security Client
    "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
    "{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
    "{8307E622-89E1-435A-BC8A-678C678F6A43}" = SA30xx Media Converter
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
    "{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
    "{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
    "{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
    "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
    "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
    "{9C767081-9DB1-4C02-AB02-0E692CFEDA41}" = ASUS RT-N66R Wireless Router Utilities
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
    "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
    "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
    "{C716522C-3731-4667-8579-40B098294500}" = Toolbox
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
    "{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
    "{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
    "{CC38C3D1-0359-4308-9DB8-194F8D92B2B6}" = PD Media Converter
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
    "{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
    "{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}" = iTunes
    "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
    "{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
    "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
    "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
    "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
    "{EFDD7E37-19B9-42BC-8200-4680F52ED786}" = AT&T Global Network Client LaptopConnect Edition
    "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
    "{F7226FD8-04F4-45E8-B742-2F2C68B545BF}" = AT&T Global Network Client LaptopConnect Edition
    "{F804CAE5-50B2-4646-803A-A428325237CA}" = Driver Installer
    "{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
    "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
    "ConverterLite" = ConverterLite 1.6.6.0
    "FileAssociationManager" = File Association Manager
    "Genie Timeline" = LaCie Genie Timeline 2.1
    "HP Imaging Device Functions" = HP Imaging Device Functions 8.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
    "HPExtendedCapabilities" = HP Customer Participation Program 8.0
    "HPOCR" = HP OCR Software 8.0
    "InstallShield_{0BFCE729-2C99-4D94-944E-4B57878D3576}" = MyMorph
    "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "MediaMonkey_is1" = MediaMonkey 3.2
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Security Client" = Microsoft Security Essentials
    "Network MagicUninstall" = Network Magic
    "NoIPDUC" = No-IP DUC
    "PCTV To Go Player_is1" = PCTV To Go Player 1.7.0.231
    "PCTV To Go_is1" = PCTV To Go Setup Wizard 1.7.0.249
    "RealPlayer 16.0" = RealPlayer
    "Rhapsody" = Rhapsody
    "Surf Canyon" = Search Manager Service
    "VLC media player" = VLC media player 2.0.6
    "Wuala CBFS" = Wuala CBFS
    "Wuala OverlayIcons" = Wuala OverlayIcons

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2574564581-2394573384-1249639492-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Wuala" = Wuala

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 12/9/2013 1:53:43 PM | Computer Name = capndavid200-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 12/9/2013 1:53:43 PM | Computer Name = capndavid200-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 5881

    Error - 12/9/2013 1:53:43 PM | Computer Name = capndavid200-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 5881

    Error - 12/9/2013 1:53:44 PM | Computer Name = capndavid200-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 12/9/2013 1:53:44 PM | Computer Name = capndavid200-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 6879

    Error - 12/9/2013 1:53:44 PM | Computer Name = capndavid200-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 6879

    Error - 12/9/2013 1:53:45 PM | Computer Name = capndavid200-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 12/9/2013 1:53:45 PM | Computer Name = capndavid200-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 7893

    Error - 12/9/2013 1:53:45 PM | Computer Name = capndavid200-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 7893

    Error - 12/9/2013 2:51:15 PM | Computer Name = capndavid200-PC | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe_HPSLPSVC, version 6.0.6001.18000,
    time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
    exception code 0xc0000005, fault offset 0x00750072, process id 0x578, application
    start time 0x01cef4709c5f7ba7.

    [ Broadcom Wireless LAN Events ]
    Error - 8/21/2013 9:28:46 PM | Computer Name = capndavid200-PC | Source = WLAN-Tray | ID = 0
    Description = 20:28:43, Wed, Aug 21, 13 Error - Unable to gain access to user store


    Error - 9/8/2013 7:18:25 AM | Computer Name = capndavid200-PC | Source = WLAN-Tray | ID = 0
    Description = 06:18:24, Sun, Sep 08, 13 Error - Unable to gain access to user store


    Error - 9/25/2013 9:39:19 AM | Computer Name = capndavid200-PC | Source = WLAN-Tray | ID = 0
    Description = 08:39:15, Wed, Sep 25, 13 Error - Unable to gain access to user store


    Error - 11/9/2013 12:31:16 PM | Computer Name = capndavid200-PC | Source = WLAN-Tray | ID = 0
    Description = 10:31:15, Sat, Nov 09, 13 Error - Unable to gain access to user store


    Error - 11/11/2013 4:50:27 PM | Computer Name = capndavid200-PC | Source = WLAN-Tray | ID = 0
    Description = 14:50:26, Mon, Nov 11, 13 Error - Unable to gain access to user store


    Error - 11/13/2013 12:09:46 PM | Computer Name = capndavid200-PC | Source = WLAN-Tray | ID = 0
    Description = 10:09:44, Wed, Nov 13, 13 Error - Unable to gain access to user store


    Error - 11/23/2013 4:17:43 PM | Computer Name = capndavid200-PC | Source = WLAN-Tray | ID = 0
    Description = 14:17:34, Sat, Nov 23, 13 Error - Unable to gain access to user store


    Error - 12/3/2013 3:07:11 PM | Computer Name = capndavid200-PC | Source = WLAN-Tray | ID = 0
    Description = 13:07:09, Tue, Dec 03, 13 Error - Unable to gain access to user store


    Error - 12/12/2013 8:28:19 PM | Computer Name = capndavid200-PC | Source = WLAN-Tray | ID = 0
    Description = 18:28:18, Thu, Dec 12, 13 Error - Unable to gain access to user store


    Error - 12/13/2013 12:10:32 AM | Computer Name = capndavid200-PC | Source = WLAN-Tray | ID = 0
    Description = 22:10:31, Thu, Dec 12, 13 Error - Unable to gain access to user store


    [ System Events ]
    Error - 12/13/2013 12:10:06 AM | Computer Name = capndavid200-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 10:08:41 PM on 12/12/2013 was unexpected.

    Error - 12/13/2013 12:11:34 AM | Computer Name = capndavid200-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 12/13/2013 12:11:34 AM | Computer Name = capndavid200-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 12/13/2013 1:16:11 PM | Computer Name = capndavid200-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 12/13/2013 1:16:11 PM | Computer Name = capndavid200-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 12/13/2013 1:34:23 PM | Computer Name = capndavid200-PC | Source = DCOM | ID = 10005
    Description =

    Error - 12/13/2013 1:34:23 PM | Computer Name = capndavid200-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 12/13/2013 1:34:23 PM | Computer Name = capndavid200-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 12/13/2013 2:31:39 PM | Computer Name = capndavid200-PC | Source = Schannel | ID = 36874
    Description = An SSL connection request was received from a remote client application,
    but none of the cipher suites supported by the client application are supported
    by the server. The SSL connection request has failed.

    Error - 12/13/2013 4:39:27 PM | Computer Name = capndavid200-PC | Source = Service Control Manager | ID = 7034
    Description =


    < End of report >

    Results of screen317's Security Check version 0.99.77
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    SUPERAntiSpyware
    Malwarebytes Anti-Malware version 1.75.0.1300
    Java 7 Update 9
    Java version out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````


    OTL logfile created on: 12/13/2013 3:28:59 PM - Run 3
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\capndavid2001\Desktop\PC Maintenance
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 52.87% Memory free
    6.18 Gb Paging File | 4.64 Gb Available in Paging File | 75.08% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 136.47 Gb Total Space | 20.75 Gb Free Space | 15.21% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 5.49 Gb Free Space | 54.93% Space Free | Partition Type: NTFS

    Computer Name: CAPNDAVID200-PC | User Name: capndavid2001 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/12/13 15:05:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\capndavid2001\Desktop\PC Maintenance\OTL (1).exe
    PRC - [2013/12/07 11:31:31 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
    PRC - [2013/11/14 21:38:00 | 005,717,272 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2013/09/13 16:19:40 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2013/07/18 15:49:42 | 000,295,376 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
    PRC - [2013/07/18 15:49:42 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2013/07/18 15:49:24 | 000,995,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2013/04/21 20:43:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    PRC - [2013/04/05 11:59:08 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    PRC - [2013/04/05 11:58:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    PRC - [2013/04/05 11:58:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    PRC - [2012/09/07 15:25:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    PRC - [2011/07/29 09:36:14 | 002,456,576 | ---- | M] () -- C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe
    PRC - [2011/07/29 09:36:14 | 000,822,272 | ---- | M] () -- C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe
    PRC - [2011/02/02 08:25:04 | 001,051,264 | ---- | M] (Genie-soft) -- C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe
    PRC - [2011/02/02 08:25:02 | 000,362,624 | ---- | M] (Genie-Soft) -- C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe
    PRC - [2010/07/04 19:13:56 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    PRC - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
    PRC - [2010/06/14 19:55:52 | 000,039,936 | ---- | M] (The PHP Group) -- C:\Program Files\Genie-Soft\Genie Timeline\WebServer\PHP\php-cgi.exe
    PRC - [2010/06/14 19:53:48 | 001,417,216 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe
    PRC - [2010/06/10 14:26:12 | 000,079,200 | ---- | M] (AT&T) -- C:\Program Files\AT&T Global Network Client\NetLogSvc.exe
    PRC - [2010/06/10 14:26:00 | 000,476,000 | ---- | M] (AT&T) -- C:\Program Files\AT&T Global Network Client\netcfgsvr.exe
    PRC - [2010/06/10 14:25:40 | 000,349,536 | ---- | M] (AT&T) -- C:\Program Files\AT&T Global Network Client\NetClientSvc.exe
    PRC - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/03/06 11:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
    PRC - [2007/09/27 22:54:54 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    PRC - [2007/09/27 22:54:48 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
    PRC - [2007/09/27 22:54:44 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
    PRC - [2007/09/24 03:27:38 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2007/09/24 03:27:30 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2007/09/24 03:27:28 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2007/09/24 03:27:28 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
    PRC - [2007/07/20 18:13:26 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
    PRC - [2007/07/11 08:15:58 | 000,202,800 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2007/07/11 08:15:38 | 000,198,704 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    PRC - [2007/04/16 16:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
    PRC - [2007/03/15 12:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
    PRC - [1999/02/01 17:53:24 | 000,405,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2013/08/21 21:37:24 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
    MOD - [2013/08/21 21:37:03 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
    MOD - [2013/08/21 19:35:58 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
    MOD - [2013/07/11 03:06:38 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
    MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/07/29 09:36:14 | 002,456,576 | ---- | M] () -- C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe
    MOD - [2011/02/02 06:43:02 | 000,342,528 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSIndexDB.dll
    MOD - [2011/02/02 06:43:02 | 000,051,712 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\QueueManager.dll
    MOD - [2011/02/02 06:43:00 | 000,144,384 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\Settings.dll
    MOD - [2010/12/29 07:54:38 | 000,038,400 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSLogging.dll
    MOD - [2010/09/06 05:50:38 | 000,080,384 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSEncryption.dll
    MOD - [2010/09/06 05:50:38 | 000,072,192 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSCurl.dll
    MOD - [2010/08/30 21:42:12 | 000,023,040 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\WebServer\PHP\ext\php_gstl_interface.dll
    MOD - [2010/06/14 19:53:48 | 001,417,216 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe
    MOD - [2010/04/27 06:57:20 | 000,921,088 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\sqlite3.dll
    MOD - [2008/01/28 10:15:28 | 000,073,728 | ---- | M] () -- c:\Program Files\MyMorph\Mcmh.dll
    MOD - [2007/09/26 04:47:30 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
    MOD - [2007/03/21 13:33:40 | 000,065,536 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


    ========== Services (SafeList) ==========

    SRV - [2013/12/11 05:52:09 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2013/07/18 15:49:42 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2013/07/18 15:49:42 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2012/09/07 15:25:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2011/07/29 09:36:14 | 000,822,272 | ---- | M] () [Auto | Running] -- C:\Program Files\LaCie\Desktop Manager\lacie_dm_service.exe -- (LaCieDesktopManagerService)
    SRV - [2011/02/02 08:25:02 | 000,362,624 | ---- | M] (Genie-Soft) [Auto | Running] -- C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe -- (GenieTimelineService)
    SRV - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
    SRV - [2010/06/10 14:26:12 | 000,079,200 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Global Network Client\NetLogSvc.exe -- (NetLogSvc)
    SRV - [2010/06/10 14:26:00 | 000,476,000 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Global Network Client\netcfgsvr.exe -- (netcfgsvr)
    SRV - [2010/06/10 14:25:40 | 000,349,536 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Global Network Client\NetClientSvc.exe -- (NetClientSvc)
    SRV - [2009/03/06 11:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
    SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/09/27 22:54:48 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
    SRV - [2007/09/27 22:54:44 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
    SRV - [2007/07/11 08:15:58 | 000,202,800 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
    SRV - [2007/06/27 17:03:18 | 000,125,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Pinnacle\PCTV To Go Setup Wizard\..\Drivers\pctvsvc.exe -- (pctvsvc)
    SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2007/03/19 12:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\pnarp.sys -- (pnarp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\CAPNDA~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\CAPNDA~1\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2013/06/18 20:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/05/16 10:44:17 | 000,083,968 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swiwdmbx.sys -- (swiwdmbx)
    DRV - [2011/05/13 12:53:00 | 000,215,552 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swg3kser00.sys -- (swg3kser00)
    DRV - [2011/03/03 13:40:22 | 000,208,128 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8ua3.sys -- (SWNC8UA3)
    DRV - [2011/01/17 11:24:58 | 000,275,088 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3)
    DRV - [2010/09/07 00:27:22 | 000,028,672 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PcaSp60.sys -- (PcaSp60)
    DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2010/06/10 14:08:20 | 000,166,912 | ---- | M] (AT&T) [Kernel | System | Running] -- C:\Windows\System32\drivers\agnfilt.sys -- (agnfilt)
    DRV - [2010/04/26 20:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
    DRV - [2010/04/26 20:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus)
    DRV - [2010/04/26 20:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
    DRV - [2010/02/25 12:48:16 | 000,011,392 | ---- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avpnnic.sys -- (avpnnic)
    DRV - [2009/09/28 08:55:38 | 000,052,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OXSDIDRV_x32.sys -- (OXSDIDRV_x32)
    DRV - [2008/08/22 09:05:42 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
    DRV - [2007/09/27 22:54:56 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/09/24 03:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2007/06/27 17:03:18 | 000,347,904 | ---- | M] (Pinnacle Sytems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PCTV_10.sys -- (HavaTV_10)
    DRV - [2007/06/27 17:03:18 | 000,347,904 | ---- | M] (Pinnacle Sytems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PCTV.sys -- (HAVATV)
    DRV - [2007/06/27 17:03:18 | 000,025,088 | ---- | M] (Pinnacle Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctvbus.sys -- (pctvbus)
    DRV - [2007/06/27 17:03:18 | 000,016,384 | ---- | M] (Pinnacle Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctvkey.sys -- (BoosterKey)
    DRV - [2007/06/27 17:03:18 | 000,014,848 | ---- | M] (Pinnacle Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctvnet.sys -- (havanet)
    DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/11/27 01:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2006/11/27 01:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/11/27 01:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2006/11/21 06:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2006/11/02 01:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
    DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
    IE - HKLM\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^YK^xdm002^S02465^us&si=CILu2L39nLICFedNTAodHHgAUw&ptb=4CB4AC84-E316-457B-A5FE-B4F5CB61470D&psa=&ind=2012090418&st=sb&n=77ee1032&searchfor={searchTerms}


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

    IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

    IE - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    IE - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    IE - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.duckduckgo
    IE - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    IE - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com
    IE - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 62 F4 31 9C 9C E7 CE 01 [binary data]
    IE - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
    IE - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\..\SearchScopes\{7CCA6552-433F-49F0-BC32-E896736B4338}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20131250,20028,0,18,0
    IE - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2012/03/12 02:02:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/13 16:21:51 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/13 16:21:51 | 000,000,000 | ---D | M]

    [2013/12/10 20:39:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\capndavid2001\AppData\Roaming\Mozilla\Extensions
    [2013/12/13 11:12:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\capndavid2001\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

    ========== Chrome ==========


    O1 HOSTS File: ([2013/07/18 19:27:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (Fast Search) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
    O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
    O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
    O4 - HKLM..\Run: [Genie TimeLine Tray] C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe (Genie-soft)
    O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
    O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
    O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
    O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
    O4 - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000..\Run: [LaCie Desktop Manager Startup] C:\Program Files\LaCie\Desktop Manager\LaCieDesktopManagerStatusItem.exe ()
    O4 - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
    O4 - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O15 - HKU\S-1-5-21-2574564581-2394573384-1249639492-1000\..Trusted Domains: foxnews.com ([www] http in Trusted sites)
    O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} https://172.25.75.24/auth/taweb.cab (Cisco NAC Web Agent Control)
    O16 - DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} https://172.25.75.24/auth/CCALogin.CAB (CCAWebLogin Control)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25CCCF37-120D-4D4A-8F10-CFEA457F0E33}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CAA0F40-D16B-4DC4-A6CB-077BD9F28F0F}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{862AA2AE-2419-4156-A2FC-BE9019C79955}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O20 - AppInit_DLLs: (IESearchPlugin32.dll) - C:\Program Files\Surf Canyon\IESearchPlugin32.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\capndavid2001\Pictures\Vic and Me\Photo046.jpg
    O24 - Desktop BackupWallPaper: C:\Users\capndavid2001\Pictures\Vic and Me\Photo046.jpg
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/12/13 11:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2013/12/13 11:35:19 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2013/12/11 11:59:26 | 000,000,000 | ---D | C] -- C:\Users\capndavid2001\Desktop\PC Maintenance
    [2013/12/11 11:59:24 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll
    [2013/12/11 11:57:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/12/10 20:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\CDB
    [2013/12/10 20:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
    [2013/12/10 20:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
    [2013/12/10 20:39:42 | 000,000,000 | ---D | C] -- C:\Users\capndavid2001\AppData\Roaming\Mozilla
    [2013/12/10 20:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\Surf Canyon
    [2013/12/10 11:36:09 | 000,000,000 | ---D | C] -- C:\Users\capndavid2001\AppData\Roaming\MyMorph
    [2013/12/10 11:36:03 | 000,000,000 | ---D | C] -- C:\Binaries
    [2013/12/10 11:36:02 | 000,000,000 | ---D | C] -- C:\Program Files\MyMorph
    [2013/12/10 11:32:39 | 000,000,000 | ---D | C] -- C:\Users\capndavid2001\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
    [2013/12/10 11:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Association Manager
    [2013/12/10 11:30:49 | 000,000,000 | ---D | C] -- C:\Users\capndavid2001\AppData\Roaming\FileAssociationManager
    [2013/12/10 11:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\FileAssociationManager
    [2013/12/10 11:30:31 | 000,000,000 | ---D | C] -- C:\Users\capndavid2001\AppData\Roaming\ConverterLite
    [2013/12/10 11:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
    [2013/12/10 11:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
    [2013/12/10 11:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
    [2013/12/10 09:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2013/12/06 08:55:14 | 000,000,000 | ---D | C] -- C:\Windows\Temp1D9C9B91-9A7C-ABC0-99A2-2E9C886CB19E-Signatures
    [2013/12/06 08:09:34 | 000,000,000 | ---D | C] -- C:\Windows\Migration
    [2013/12/06 08:05:19 | 000,000,000 | ---D | C] -- C:\Windows\TempA8E6C37B-0B41-17B5-6D96-F067604F0B0D-Signatures
    [2013/12/05 22:05:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2013/12/05 22:05:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2013/12/05 22:05:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2013/12/05 22:05:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2013/12/05 22:05:54 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2013/12/05 22:05:51 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2013/12/05 22:05:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2013/12/05 22:05:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2013/12/05 22:04:36 | 000,000,000 | ---D | C] -- C:\Windows\Temp20E73372-CC9E-78BE-AF21-0286D41F5870-Signatures
    [2013/12/05 22:00:39 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
    [2013/12/05 12:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
    [2013/12/05 12:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\REGSERVO
    [2013/11/23 13:19:52 | 000,041,280 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\drivers\PCASp50a64.sys
    [2013/11/23 13:19:51 | 000,061,440 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\ASIW32N50.dll
    [2013/11/23 13:19:51 | 000,052,800 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\drivers\PCASp50.sys
    [2013/11/23 13:19:51 | 000,016,302 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\ASINDIS5.sys
    [2013/11/23 13:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
    [2013/11/23 13:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
    [2013/11/23 12:55:44 | 000,028,672 | R--- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\drivers\PcaSp60.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/12/13 15:14:46 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/12/13 15:14:46 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/12/13 14:51:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/12/13 14:39:07 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/12/13 14:39:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/12/13 11:37:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/12/13 11:35:35 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
    [2013/12/13 11:14:30 | 3210,784,768 | -HS- | M] () -- C:\hiberfil.sys
    [2013/12/13 11:13:17 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2013/12/12 22:09:52 | 372,158,927 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/12/12 18:35:21 | 000,642,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/12/12 18:35:21 | 000,120,150 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/12/11 13:26:11 | 000,000,162 | ---- | M] () -- C:\Windows\Reimage.ini
    [2013/12/11 12:00:57 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\RegCure Pro.job
    [2013/12/11 05:52:07 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/12/11 05:52:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2013/12/10 12:01:17 | 000,000,488 | ---- | M] () -- C:\Users\capndavid2001\Documents\David Zweigle Rentals.pdf
    [2013/12/10 11:36:03 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\MyMorph.lnk
    [2013/12/10 11:30:33 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\ConverterLite.lnk
    [2013/12/10 09:41:37 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2013/12/06 08:56:08 | 000,002,113 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2013/11/19 04:21:30 | 000,230,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/12/13 11:35:35 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
    [2013/12/13 11:35:35 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2013/12/12 18:27:39 | 372,158,927 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2013/12/10 20:39:45 | 000,000,162 | ---- | C] () -- C:\Windows\Reimage.ini
    [2013/12/10 12:01:17 | 000,000,488 | ---- | C] () -- C:\Users\capndavid2001\Documents\David Zweigle Rentals.pdf
    [2013/12/10 11:36:03 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\MyMorph.lnk
    [2013/12/10 11:36:03 | 000,001,814 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyMorph.lnk
    [2013/12/10 09:41:37 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2013/12/05 22:00:40 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
    [2013/11/23 13:19:50 | 000,015,577 | ---- | C] () -- C:\Windows\System32\ASINDIS3.vxd
    [2013/07/18 19:11:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/07/18 19:11:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/07/18 19:11:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/07/18 19:11:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/07/18 19:11:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/01/08 22:05:13 | 000,148,870 | ---- | C] () -- C:\Windows\hpoins19.dat
    [2013/01/08 22:04:51 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
    [2012/12/10 13:19:37 | 000,003,993 | ---- | C] () -- C:\Windows\checkip.dat
    [2012/11/11 09:23:17 | 000,798,720 | ---- | C] () -- C:\Windows\System32\FCPlayer.dll
    [2012/11/11 09:23:17 | 000,303,104 | ---- | C] () -- C:\Windows\System32\FCPlayer.exe
    [2012/11/11 09:23:17 | 000,180,224 | ---- | C] () -- C:\Windows\System32\FCNetLib.dll
    [2012/11/11 09:23:17 | 000,073,728 | ---- | C] () -- C:\Windows\System32\SearchLib.dll
    [2012/11/11 09:23:17 | 000,069,632 | ---- | C] () -- C:\Windows\System32\IPCamera.exe
    [2012/11/11 09:23:17 | 000,053,248 | ---- | C] () -- C:\Windows\System32\FCSDK.dll
    [2012/03/28 14:07:43 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
    [2012/03/27 19:43:30 | 000,005,864 | ---- | C] () -- C:\Users\capndavid2001\AppData\Local\d3d9caps.dat
    [2012/03/21 08:28:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2012/03/21 08:28:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2012/03/21 02:10:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2012/03/10 11:02:38 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2012/03/09 09:55:51 | 000,870,128 | ---- | C] () -- C:\Users\capndavid2001\AppData\Roaming\mcs.rma
    [2012/03/08 18:13:29 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
    [2012/03/08 18:13:29 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
    [2012/03/08 11:41:00 | 000,057,344 | ---- | C] () -- C:\Users\capndavid2001\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/02/25 12:23:40 | 000,217,942 | ---- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

    ========== ZeroAccess Check ==========

    [2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >

  16. The Following User Says Thank You to capndavid For This Useful Post:


  17. #9
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,175
    Points
    1308

    Default

    OK.

    Thanks for those logs. Don't make any changes. Your logs are under review. I Should be able to post Saturday nite for you.


    Thanks
    Joe

  18. The Following User Says Thank You to zep516 For This Useful Post:


  19. #10
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,175
    Points
    1308

    Default

    Hello capndavid,


    We have a fix to do in OTL.

    • Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :COMMANDS
      [CREATERESTOREPOINT]
      
      :OTL
      
      IE - HKLM\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^YK^xdm002^S02465^us&si=CILu2L39nLICFedNTAodHHgAUw&ptb=4CB4AC84-E316-457B-A5FE-B4F5CB61470D&psa=&ind=2012090418&st=sb&n=77ee1032&searchfor={searchTerms}
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (Fast Search) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
      O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
      O15 - HKCU\..Trusted Domains: foxnews.com ([www] http in Trusted sites)
      O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
      [2013/12/10 20:41:14 | 000,000,000 | ---D | C] -- C:\Users\capndavid2001\AppData\Roaming\Fighters
      [2013/12/10 20:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
      [2013/12/10 20:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
      [2013/12/10 20:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\Fighters
      [2013/12/10 20:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\Surf Canyon
      [2013/12/10 20:41:15 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-capndavid2001-Startup.job
      [2013/12/10 20:41:14 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-capndavid2001-Notification.job
      [2013/12/10 20:40:55 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\SLOW-PCfighter.lnk
      [2013/12/10 20:39:32 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\ArcadeParlor.job
      [2013/12/10 20:39:32 | 000,000,000 | ---D | C] -- C:\Users\capndavid2001\AppData\Local\ArcadeParlor
      [2013/12/10 20:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\Surf Canyon
      [2013/12/10 18:00:00 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
      [2013/12/08 17:48:57 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
      [2013/12/08 17:48:56 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\RegCure Pro.job
      [2013/12/10 20:41:15 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\SLOW-PCfighter-capndavid2001-Startup.job
      [2013/12/10 20:41:14 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\SLOW-PCfighter-capndavid2001-Notification.job
      [2013/12/10 20:40:55 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\SLOW-PCfighter.lnk
      [2013/12/10 20:39:32 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\ArcadeParlor.job
      [2013/12/10 11:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
      [2013/12/10 11:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
      
      :Files
      ipconfig /flushdns /c
      
      :Commands
      [emptytemp]
      [Reboot]
    • Make sure all other windows are closed.
    • Click the Run Fix button at the top
    • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
    • Post the log that is found in C:\_OTL\Moved Files in your next reply.
    • Open OTL again and click the Quick Scan button.
    Please post the following logs in your next reply C:\_OTL\Moved Files OTL.txt

    Next

    Please download Junkware Removal Tool to your desktop.

    • Disable your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking on XP. Or right click and select Run as Administrator Vista/Win7 and above.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    Next

    Double-click AdwCleaner.exe to run the tool again.
    • Click the Scan button.
      Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • AdwCleaner will begin to scan your computer like it did before.
    • After the scan has finished...
    • This time click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


    In your next reply please post.

    • C:\_OTL\Moved Files
    • OTL.txt
    • AdwCleaner[S0].txt
    • JRT.txt


    Thanks
    Joe

Page 1 of 5 123 ... LastLast