Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Member
    Join Date
    Mar 2007
    Location
    Butler, PA
    Posts
    102
    Points
    0

    Default Puter running slow

    I have a computer running Win 7 Pro, 32 bit with 2.5 G Ram and SP1 installed. It started running slower and slower and sometimes I was typing faster than the screen could follow. I followed the instructions and ran Malwarebytes, SuperAntiSpyware and HiJack this, all three logs posted here.

    Malwarebytes Anti-Malware
    Malwarebytes | Free Anti-Malware & Internet Security Software

    Scan Date: 7/10/2014
    Scan Time: 9:13:42 AM
    Logfile: malwarebytes log 7.10.14.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.07.09.13
    Rootkit Database: v2014.07.09.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: user

    Scan Type: Custom Scan
    Result: Completed
    Objects Scanned: 525725
    Time Elapsed: 5 hr, 51 min, 39 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)




    (end)


    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 1:04:30 PM, on 7/11/2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v10.0 (10.00.9200.17028)


    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\AVG\AVG2014\avgui.exe
    C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
    C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
    C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\Common Files\aol\1266698022\ee\aolsoftware.exe
    C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe
    C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
    C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Garmin\Express Tray\ExpressTray.exe
    C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\AOL Desktop 9.7a\waol.exe
    C:\Program Files\USBKVM Switcher\USBKVM.exe
    C:\Users\user\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    C:\Program Files\AOL Desktop 9.7a\shellmon.exe
    C:\Program Files\Common Files\aol\1266698022\ee\aolupdates.exe
    C:\Users\user\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [lxecmon.exe] "C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe"
    O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1266698022\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [IOGEAR Auto Printer Sharing Switch] C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe start
    O4 - HKLM\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
    O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
    O4 - HKCU\..\Run: [cdloader] "C:\Users\user\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKCU\..\Run: [AVG-Secure-Search-Update_1213b] C:\Users\user\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=8e884bbd88933caa63e3018499de9268-449cf39c3d3482eb87fa220332bace0bfad72af6 /CMPID=1213b
    O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0214c] C:\Users\user\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=8e884bbd88933caa63e3018499de9268-449cf39c3d3482eb87fa220332bace0bfad72af6 /CMPID=0214c
    O4 - HKCU\..\Run: [SkyDrive] "C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL Desktop 9.7a\AOL.EXE" -b
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-2178227108-149082570-3650749505-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-2178227108-149082570-3650749505-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - Startup: HP SimpleSave Monitor.lnk = user\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: USBKVM Switcher.lnk = C:\Program Files\USBKVM Switcher\USBKVM.exe
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} (Gif89 Lite +Audio Class) - http://192.168.0.114/aplugLite.cab
    O16 - DPF: {9AA03FEC-6582-48B1-BC62-821D4A7B9461} (RMN9_DVR Control) - http://10.24.183.144:85/N9DvrOcx.cab?V1111
    O16 - DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} (WebClient Control) - http://10.24.183.114:85/WebClient.exe
    O16 - DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} - http://javadl-esd.oracle.com/update/...ndows-i586.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
    O23 - Service: BackupService - ArcSoft, Inc. - C:\Users\user\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
    O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\RangeBooster G WUA-2340\JSWUtilVst\jswpsapi.exe
    O23 - Service: lxecCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxecserv.exe
    O23 - Service: lxec_device - - C:\Windows\system32\lxeccoms.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Splunkd - Splunk Inc. - C:\Program Files\Splunk\bin\splunkd.exe
    O23 - Service: Splunkweb - Unknown owner - C:\Program Files\Splunk\bin\splunkweb.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 12587 bytes


    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 07/11/2014 at 08:23 AM

    Application Version : 5.7.1026

    Core Rules Database Version : 11364
    Trace Rules Database Version: 9176

    Scan type : Complete Scan
    Total Scan Time : 00:50:36

    Operating System Information
    Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned : 874
    Memory threats detected : 0
    Registry items scanned : 41386
    Registry threats detected : 0
    File items scanned : 30927
    File threats detected : 1

    Trojan.Agent/Gen-Autorun[Swisyn]
    C:\USERS\USER\SHARED\CLONE DVD2 + ANY DVD+ CRACK+SERIAL\ELBY CLONE DVD V1.3.10.1 ANYDVD 2.0.0.4 GER KEY\KEYGEN-CLONEDVD.EXE


    Please advise me what to do.

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello tenny,

    Please uninstall Spybot search an destroy, it will interfere with our work.


    You have 2 Anti Virus programs running:
    1-AVG 2014
    2-Microsoft Security Essentials

    The real-time protection of two antivirus programs may conflict with each other and cause the following:

    * False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    * Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
    * Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
    * Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.


    Tell me what on you want to keep ?


    Next

    Right click on Hijack this, do a system scan only. place a check mark in the following Entries


    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [lxecmon.exe] "C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe"
    04 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1266698022\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
    O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKCU\..\Run: [AVG-Secure-Search-Update_1213b] C:\Users\user\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=8e884bbd88933caa63e3018499de9268-449cf39c3d3482eb87fa220332bace0bfad72af6 /CMPID=1213b
    O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0214c] C:\Users\user\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=8e884bbd88933caa63e3018499de9268-449cf39c3d3482eb87fa220332bace0bfad72af6 /CMPID=0214c
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL Desktop 9.7a\AOL.EXE" -b
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE


    1-Click fix checked.
    2-Close Hijackthis.
    3-Reboot the computer.

    Then

    Please download OTL to your Desktop
    • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox
      and
    • Check the option for All under the Extra Registry section
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

    Please post the contents of both OTL.txt and Extras.txt files in your next reply.



    In your next reply post
    1- OTL.txt
    2- Extra's.txt

  3. #3
    Member
    Join Date
    Mar 2007
    Location
    Butler, PA
    Posts
    102
    Points
    0

    Default

    Thanks for the help!

    I uninstalled Spybot.

    As for the antivirus, what would you do if this were your computer?

    I ran HijackThis and deleted what you indicated should be.

    Two files you requested from OTL are below.


    OTL logfile created on: 7/13/2014 11:47:09 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.17028)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.50 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 61.31% Memory free
    5.00 Gb Paging File | 3.74 Gb Available in Paging File | 74.87% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 178.99 Gb Total Space | 99.20 Gb Free Space | 55.42% Space Free | Partition Type: NTFS
    Drive D: | 7.29 Gb Total Space | 0.35 Gb Free Space | 4.84% Space Free | Partition Type: FAT32

    Computer Name: COMPAQ | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/07/13 23:45:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
    PRC - [2014/06/27 15:20:18 | 003,241,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
    PRC - [2014/06/17 16:22:40 | 000,846,864 | ---- | M] (AVG Technologies CZ, s.r.o.) -- c:\Program Files\AVG\AVG2014\avgrsx.exe
    PRC - [2014/06/17 16:21:52 | 000,642,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
    PRC - [2014/06/17 16:16:00 | 000,838,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
    PRC - [2014/06/17 16:12:30 | 000,656,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
    PRC - [2014/06/17 16:11:46 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
    PRC - [2014/05/25 22:01:05 | 000,257,224 | ---- | M] (Microsoft Corporation) -- C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    PRC - [2014/03/20 23:03:18 | 001,797,064 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
    PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
    PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2014/03/04 08:34:44 | 001,821,128 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    PRC - [2014/03/04 08:34:44 | 000,943,048 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    PRC - [2014/03/04 07:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/10/27 10:12:58 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2013/10/10 18:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2013/08/01 20:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2013/07/22 10:22:30 | 001,093,464 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Express Tray\ExpressTray.exe
    PRC - [2013/07/22 10:22:08 | 000,219,480 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    PRC - [2013/05/13 15:33:02 | 001,693,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    PRC - [2013/05/13 15:33:02 | 001,113,296 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    PRC - [2013/02/20 23:03:31 | 000,067,104 | ---- | M] (ArcSoft, Inc.) -- C:\Users\user\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
    PRC - [2013/02/20 23:03:30 | 000,555,040 | ---- | M] (ArcSoft, Inc.) -- C:\Users\user\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
    PRC - [2013/01/31 20:21:24 | 000,019,224 | R--- | M] () -- C:\Program Files\Splunk\bin\splunkweb.exe
    PRC - [2013/01/31 20:20:00 | 015,349,528 | R--- | M] (Splunk Inc.) -- C:\Program Files\Splunk\bin\splunkd.exe
    PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2012/08/29 14:01:16 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
    PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    PRC - [2010/04/14 16:08:12 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeccoms.exe
    PRC - [2010/03/05 14:37:40 | 000,867,328 | ---- | M] () -- C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe
    PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/10/02 11:24:58 | 000,188,416 | ---- | M] () -- C:\Program Files\USBKVM Switcher\USBKVM.exe
    PRC - [2008/09/23 23:45:00 | 001,667,072 | ---- | M] (D-Link) -- C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
    PRC - [2007/01/19 12:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/02/12 23:26:03 | 001,091,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\0bedc417d3c5dcb1c9a5f15dd733c556\System.ServiceModel.Web.ni.dll
    MOD - [2014/02/12 23:25:06 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
    MOD - [2014/02/12 22:49:17 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll
    MOD - [2014/02/12 22:49:08 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
    MOD - [2014/02/12 22:48:41 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll
    MOD - [2014/02/12 21:56:45 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
    MOD - [2014/02/12 21:56:05 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
    MOD - [2014/02/12 21:55:55 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
    MOD - [2014/02/12 21:55:53 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
    MOD - [2014/02/12 21:55:53 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
    MOD - [2014/02/12 21:55:51 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
    MOD - [2014/02/12 21:55:43 | 000,291,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatiod51afaa5#\edec2d7b3ecaabfc5c72d7615d884f79\PresentationFramework.classic.ni.dll
    MOD - [2014/02/12 21:55:41 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
    MOD - [2014/02/12 21:55:23 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
    MOD - [2014/02/12 21:55:12 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
    MOD - [2014/02/12 21:55:00 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
    MOD - [2014/02/12 21:54:53 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
    MOD - [2014/02/12 21:54:50 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
    MOD - [2014/02/12 21:54:42 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
    MOD - [2014/02/12 21:54:32 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
    MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
    MOD - [2010/03/05 14:37:40 | 000,867,328 | ---- | M] () -- C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe
    MOD - [2008/10/02 11:24:58 | 000,188,416 | ---- | M] () -- C:\Program Files\USBKVM Switcher\USBKVM.exe
    MOD - [2008/09/11 12:48:38 | 000,262,144 | ---- | M] () -- C:\Windows\System32\wlanapp.dll
    MOD - [2007/07/17 17:26:18 | 000,086,016 | ---- | M] () -- C:\Program Files\USBKVM Switcher\KeyHook.dll


    ========== Services (SafeList) ==========

    SRV - [2014/06/27 15:20:18 | 003,241,488 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2014/06/17 16:11:46 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
    SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2014/03/04 07:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2014/02/06 18:09:56 | 000,046,184 | R--- | M] (AOL Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)
    SRV - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/10/27 10:12:58 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/10/10 18:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2013/07/22 10:22:08 | 000,219,480 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
    SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/02/28 21:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
    SRV - [2013/02/20 23:03:31 | 000,067,104 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\user\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
    SRV - [2013/01/31 20:21:24 | 000,019,224 | R--- | M] () [Auto | Running] -- C:\Program Files\Splunk\bin\splunkweb.exe -- (Splunkweb)
    SRV - [2013/01/31 20:20:00 | 015,349,528 | R--- | M] (Splunk Inc.) [Auto | Running] -- C:\Program Files\Splunk\bin\splunkd.exe -- (Splunkd)
    SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
    SRV - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
    SRV - [2010/05/04 23:53:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/04/14 16:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeccoms.exe -- (lxec_device)
    SRV - [2010/04/14 16:08:05 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe -- (lxecCATSCustConnectService)
    SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/05/19 04:36:40 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\D-Link\RangeBooster G WUA-2340\JSWUtilVst\jswpsapi.exe -- (jswpsapi)
    SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


    ========== Driver Services (SafeList) ==========

    DRV - [2014/07/13 23:41:24 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{157298D3-02FE-46E6-A9F2-568DB873375D}\MpKsl1bf6a376.sys -- (MpKsl1bf6a376)
    DRV - [2014/06/17 16:22:02 | 000,188,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2014/06/17 16:21:22 | 000,197,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2014/06/17 16:18:00 | 000,241,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
    DRV - [2014/06/17 16:17:58 | 000,147,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
    DRV - [2014/06/17 16:06:40 | 000,199,960 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
    DRV - [2014/06/17 16:06:38 | 000,121,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
    DRV - [2014/06/17 16:06:24 | 000,098,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2014/06/17 16:06:22 | 000,027,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2014/06/17 16:06:20 | 000,021,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
    DRV - [2014/03/20 23:03:40 | 010,523,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2014/03/19 15:27:42 | 000,065,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
    DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2014/01/22 09:52:12 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(데브구루 | 데브구루에 오*것을 환영합니다.)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
    DRV - [2014/01/22 09:52:12 | 000,088,576 | ---- | M] (DEVGURU Co., LTD.(데브구루 | 데브구루에 오*것을 환영합니다.)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV - [2013/10/01 20:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2013/02/28 21:48:42 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
    DRV - [2013/01/31 20:19:58 | 000,031,096 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\splunkdrv-win6.sys -- (splunkdrv-win6)
    DRV - [2012/08/23 10:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV - [2012/01/18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
    DRV - [2012/01/18 06:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
    DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/12/13 14:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2010/01/21 01:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2010/01/21 01:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2010/01/21 01:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2009/10/07 08:46:14 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
    DRV - [2009/07/31 01:12:54 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
    DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
    DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
    DRV - [2009/06/22 23:34:38 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
    DRV - [2008/08/07 03:09:32 | 000,905,728 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGUx86.sys -- (A5AGU)
    DRV - [2008/05/15 04:28:44 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
    DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{1913A79D-26E4-4599-9AE5-B13BB10AAC05}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2178227108-149082570-3650749505-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    IE - HKU\S-1-5-21-2178227108-149082570-3650749505-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com
    IE - HKU\S-1-5-21-2178227108-149082570-3650749505-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2178227108-149082570-3650749505-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 2D 07 83 9F A0 CA 01 [binary data]
    IE - HKU\S-1-5-21-2178227108-149082570-3650749505-1002\..\SearchScopes,DefaultScope = {2BE51A2D-CC39-4B72-BFCB-11FC0BB213F0}
    IE - HKU\S-1-5-21-2178227108-149082570-3650749505-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKU\S-1-5-21-2178227108-149082570-3650749505-1002\..\SearchScopes\{2BE51A2D-CC39-4B72-BFCB-11FC0BB213F0}: "URL" = https://www.google.com/search?q={searchTerms}
    IE - HKU\S-1-5-21-2178227108-149082570-3650749505-1002\..\SearchScopes\{52BB94D5-C995-40EC-8BAB-D37164469768}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
    IE - HKU\S-1-5-21-2178227108-149082570-3650749505-1002\..\SearchScopes\{5B291E6C-9A74-4034-971B-A4B007A0B315}: "URL" = http://radiobar.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
    IE - HKU\S-1-5-21-2178227108-149082570-3650749505-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
    FF - HKLM\Software\MozillaPlugins\@EDVR/WebClient: C:\windows\system32\WebClient\npwebclient.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\user\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)


    [2012/02/12 10:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
    [2012/04/24 20:16:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c75guc3d.default\extensions
    [2012/04/24 20:16:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c75guc3d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

    O1 HOSTS File: ([2014/07/10 16:10:47 | 000,450,712 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 [㳡ǡǡ,㳡,ѹ㳡һǡǡ],2014ҳ
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 ͨ,,𱦲188,ͨ,ټ,ټ
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 Gadgets And More
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 123fporn.info
    O1 - Hosts: 15469 more lines...
    O3 - HKU\S-1-5-21-2178227108-149082570-3650749505-1002\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
    O4 - HKLM..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe (D-Link)
    O4 - HKLM..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
    O4 - HKLM..\Run: [IOGEAR Auto Printer Sharing Switch] C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe ()
    O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NPSStartup] File not found
    O4 - HKU\S-1-5-21-2178227108-149082570-3650749505-1002..\Run: [cdloader] C:\Users\user\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
    O4 - HKU\S-1-5-21-2178227108-149082570-3650749505-1002..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
    O4 - HKU\S-1-5-21-2178227108-149082570-3650749505-1002..\Run: [SkyDrive] C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2178227108-149082570-3650749505-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk = C:\Users\user\AppData\Roaming\HP SimpleSave Application\StartHelper.exe (ArcSoft, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
    O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
    O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-2178227108-149082570-3650749505-1002\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} http://192.168.0.114/aplugLite.cab (Gif89 Lite +Audio Class)
    O16 - DPF: {9AA03FEC-6582-48B1-BC62-821D4A7B9461} http://10.24.183.144:85/N9DvrOcx.cab?V1111 (RMN9_DVR Control)
    O16 - DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} http://10.24.183.114:85/WebClient.exe (WebClient Control)
    O16 - DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} http://javadl-esd.oracle.com/update/...ndows-i586.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A33130C3-FA18-48CC-9751-499614A9A8E5}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
    O33 - MountPoints2\{35878999-7ee7-11e2-9131-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{35878999-7ee7-11e2-9131-00038a000015}\Shell\AutoRun\command - "" = F:\MotoCastSetup.exe -a
    O33 - MountPoints2\{4bce79bc-214f-11e1-92fc-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{4bce79bc-214f-11e1-92fc-00038a000015}\Shell\AutoRun\command - "" = F:\StormF1.exe
    O33 - MountPoints2\{83630f61-95ac-11df-b755-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{83630f61-95ac-11df-b755-00038a000015}\Shell\AutoRun\command - "" = F:\StormF1.exe
    O33 - MountPoints2\{c67b78fe-e482-11e1-a58e-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{c67b78fe-e482-11e1-a58e-00038a000015}\Shell\AutoRun\command - "" = F:\TLBootstrap_WPP.exe
    O33 - MountPoints2\{e5b84bac-43d3-11df-965d-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{e5b84bac-43d3-11df-965d-00038a000015}\Shell\AutoRun\command - "" = J:\LaunchU3.exe
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\MotoCastSetup.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (/sync /restart)
    O34 - HKLM BootExecute: (/sync /restart)
    O34 - HKLM BootExecute: (/sync /restart)
    O34 - HKLM BootExecute: (/sync /restart)
    O34 - HKLM BootExecute: (/sync /restart)
    O34 - HKLM BootExecute: (/sync /restart)
    O34 - HKLM BootExecute: (/sync /restart)
    O34 - HKLM BootExecute: (/sync /restart)
    O34 - HKLM BootExecute: (/sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/07/11 07:30:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com
    [2014/07/11 07:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2014/07/11 07:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2014/07/11 07:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2014/07/10 23:04:34 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\trailer
    [2014/07/10 22:58:29 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Tractor
    [2014/07/09 07:47:33 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2014/07/09 07:47:33 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2014/07/09 07:47:33 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2014/07/09 07:47:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2014/07/09 07:47:32 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
    [2014/07/09 07:47:32 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2014/07/09 07:47:31 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2014/07/09 07:47:30 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2014/07/09 07:47:29 | 001,440,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2014/07/09 07:47:28 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2014/07/09 07:47:25 | 002,863,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2014/07/09 07:47:25 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
    [2014/07/09 07:47:24 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
    [2014/07/09 07:47:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2014/07/09 07:47:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
    [2014/07/09 07:47:16 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
    [2014/07/09 07:47:09 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
    [2014/07/09 07:46:51 | 002,350,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2014/07/09 07:46:51 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
    [2014/07/09 07:44:18 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
    [2014/07/09 07:44:15 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
    [2014/06/30 10:55:44 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/06/30 10:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/06/30 10:55:12 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014/06/30 10:55:12 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
    [2014/06/26 09:19:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Adobe
    [2014/06/25 08:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Desktop 9.7b
    [2014/06/22 10:59:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
    [2014/06/22 10:58:41 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\SelfMV
    [2014/06/22 10:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
    [2014/06/22 10:57:49 | 000,144,664 | ---- | C] (MAPILab Ltd. & Add-in Express Ltd.) -- C:\Windows\System32\secman.dll
    [2014/06/17 16:22:02 | 000,188,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
    [2014/06/17 16:21:22 | 000,197,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
    [2014/06/17 16:18:00 | 000,241,944 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avglogx.sys
    [2014/06/17 16:17:58 | 000,147,736 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidshx.sys
    [2014/06/17 16:06:40 | 000,199,960 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsdriverx.sys
    [2014/06/17 16:06:38 | 000,121,624 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgdiskx.sys
    [2014/06/17 16:06:24 | 000,098,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
    [2014/06/17 16:06:22 | 000,027,416 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
    [2014/06/17 16:06:20 | 000,021,272 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
    [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/07/13 23:49:09 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/07/13 23:49:09 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/07/13 23:39:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/07/13 23:39:41 | 2012,127,232 | -HS- | M] () -- C:\hiberfil.sys
    [2014/07/12 13:36:39 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/07/11 07:30:05 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2014/07/10 16:10:47 | 000,450,712 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2014/07/10 09:11:30 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2014/07/10 09:11:28 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2014/07/09 17:06:07 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2014/07/09 08:06:31 | 000,493,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2014/07/08 06:23:24 | 000,450,712 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140710-161047.backup
    [2014/07/03 12:17:00 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
    [2014/07/02 15:13:49 | 000,666,330 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2014/07/02 15:13:49 | 000,123,712 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2014/07/02 14:53:57 | 000,026,823 | ---- | M] () -- C:\Users\user\Desktop\ATT00008.mid
    [2014/06/30 10:55:30 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/06/29 21:40:16 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
    [2014/06/29 21:36:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
    [2014/06/25 08:44:33 | 000,001,090 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.7.lnk
    [2014/06/25 08:44:32 | 000,001,004 | ---- | M] () -- C:\Users\Public\Desktop\AOL Desktop 9.7.lnk
    [2014/06/23 05:27:20 | 002,943,789 | ---- | M] () -- C:\Users\user\Desktop\SANY0001.jpg
    [2014/06/23 05:21:57 | 003,190,986 | ---- | M] () -- C:\Users\user\Desktop\SANY0130.jpg
    [2014/06/22 10:58:13 | 000,001,939 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies 3.lnk
    [2014/06/22 10:58:13 | 000,001,915 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies 3.lnk
    [2014/06/18 20:54:05 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2014/06/18 20:53:03 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
    [2014/06/18 20:53:01 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2014/06/18 20:52:46 | 002,863,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2014/06/18 20:52:46 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2014/06/18 20:52:43 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2014/06/18 20:52:42 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2014/06/18 20:52:42 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2014/06/18 20:52:42 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2014/06/18 20:52:42 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2014/06/18 20:52:34 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
    [2014/06/18 20:52:34 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
    [2014/06/18 20:52:19 | 001,440,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2014/06/18 20:30:35 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2014/06/18 19:34:26 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
    [2014/06/17 21:51:32 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
    [2014/06/17 20:52:00 | 002,350,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2014/06/17 16:22:02 | 000,188,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
    [2014/06/17 16:21:22 | 000,197,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
    [2014/06/17 16:18:00 | 000,241,944 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avglogx.sys
    [2014/06/17 16:17:58 | 000,147,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidshx.sys
    [2014/06/17 16:06:40 | 000,199,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsdriverx.sys
    [2014/06/17 16:06:38 | 000,121,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgdiskx.sys
    [2014/06/17 16:06:24 | 000,098,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
    [2014/06/17 16:06:22 | 000,027,416 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
    [2014/06/17 16:06:20 | 000,021,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
    [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/07/11 07:30:05 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2014/07/02 14:53:56 | 000,026,823 | ---- | C] () -- C:\Users\user\Desktop\ATT00008.mid
    [2014/06/30 10:55:30 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/06/23 05:27:15 | 002,943,789 | ---- | C] () -- C:\Users\user\Desktop\SANY0001.jpg
    [2014/06/23 05:21:51 | 003,190,986 | ---- | C] () -- C:\Users\user\Desktop\SANY0130.jpg
    [2014/06/22 10:58:13 | 000,001,939 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies 3.lnk
    [2014/06/22 10:58:13 | 000,001,915 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies 3.lnk
    [2014/05/10 13:38:52 | 000,000,880 | ---- | C] () -- C:\Windows\m3jpeg.ini
    [2014/05/10 13:37:34 | 002,274,816 | ---- | C] () -- C:\Windows\System32\avcodec-dvrcodecsf-53.dll
    [2014/05/10 13:37:34 | 000,244,224 | ---- | C] () -- C:\Windows\System32\swscale-dvrcodecsf-2.dll
    [2014/05/10 13:37:34 | 000,135,680 | ---- | C] () -- C:\Windows\System32\avutil-dvrcodecsf-51.dll
    [2013/10/29 14:09:42 | 000,000,218 | ---- | C] () -- C:\Users\user\AppData\Local\recently-used.xbel
    [2013/05/02 17:05:28 | 000,030,136 | ---- | C] () -- C:\Users\user\http
    [2013/02/28 21:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
    [2013/01/20 20:50:30 | 000,262,144 | ---- | C] () -- C:\Windows\System32\wlanapp.dll
    [2013/01/20 20:50:29 | 000,049,152 | ---- | C] () -- C:\Windows\System32\JJAKEn.dll
    [2012/12/28 21:13:23 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxecvs.dll
    [2012/12/28 21:13:21 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeccoin.dll
    [2012/12/28 21:13:16 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxecgcfg.dll
    [2012/12/28 21:13:15 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeccui.dll
    [2012/12/28 21:13:15 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeccuir.dll
    [2012/12/28 21:11:45 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxecserv.dll
    [2012/12/28 21:11:45 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxecusb1.dll
    [2012/12/28 21:11:45 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxecpmui.dll
    [2012/12/28 21:11:45 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxecinpa.dll
    [2012/12/28 21:11:45 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEChcp.dll
    [2012/12/28 21:11:45 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeciesc.dll
    [2012/12/28 21:11:45 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXECinst.dll
    [2012/12/28 21:11:44 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeccomc.dll
    [2012/12/28 21:11:44 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxechbn3.dll
    [2012/12/28 21:11:44 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeccoms.exe
    [2012/12/28 21:11:44 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeclmpm.dll
    [2012/12/28 21:11:44 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeccomm.dll
    [2012/12/28 21:11:44 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxecih.exe
    [2012/12/28 21:11:44 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxecins.dll
    [2012/12/28 21:11:44 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxecinsb.dll
    [2012/12/28 21:11:44 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeccu.dll
    [2012/12/28 21:11:44 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxecgrd.dll
    [2012/12/28 21:11:44 | 000,106,496 | ---- | C] () -- C:\Windows\System32\lxecinsr.dll
    [2012/12/28 21:11:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeccub.dll
    [2012/12/28 21:11:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxecjswr.dll
    [2012/12/28 21:11:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeccur.dll
    [2012/12/28 21:11:43 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeccfg.exe
    [2012/08/28 22:46:50 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2012/08/28 19:32:07 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
    [2012/08/28 19:32:07 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
    [2012/07/30 14:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
    [2012/07/30 14:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
    [2012/07/30 14:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
    [2012/07/30 14:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
    [2012/07/28 18:05:16 | 000,000,054 | ---- | C] () -- C:\Windows\System32\set.ini
    [2011/10/01 21:53:45 | 000,000,187 | ---- | C] () -- C:\ProgramData\RmUserCfg.ini
    [2011/10/01 21:53:45 | 000,000,039 | ---- | C] () -- C:\ProgramData\IpAndPort.fig
    [2010/03/28 21:51:10 | 000,002,395 | ---- | C] () -- C:\Users\user\AppData\Roaming\SAS7_000.DAT

    ========== ZeroAccess Check ==========

    [2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:F35A93AD
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4

    < End of report >



    OTL Extras logfile created on: 7/13/2014 11:47:09 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.17028)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.50 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 61.31% Memory free
    5.00 Gb Paging File | 3.74 Gb Available in Paging File | 74.87% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 178.99 Gb Total Space | 99.20 Gb Free Space | 55.42% Space Free | Partition Type: NTFS
    Drive D: | 7.29 Gb Total Space | 0.35 Gb Free Space | 4.84% Space Free | Partition Type: FAT32

    Computer Name: COMPAQ | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2178227108-149082570-3650749505-1002\SOFTWARE\Classes\<extension>]
    .scr [@ = DWGTrueViewScriptFile] -- C:\Windows\System32\notepad.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{138B953B-D631-4662-ACC3-64A70F3BA712}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
    "{1A849300-785F-41F8-B4BA-56F79A999584}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{28557811-79EF-472C-A38F-69DA41D1CB06}" = lport=138 | protocol=17 | dir=in | app=system |
    "{3263FEE7-DD88-48D8-BA72-66F152070BE0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{358B10A2-2DD1-4195-8D19-F5615D492B8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{41C0C78F-A4AB-4749-B8B9-8A5E327A0850}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{5D289555-0F20-451E-85AF-EE74829358AC}" = rport=138 | protocol=17 | dir=out | app=system |
    "{69791D1E-D254-4675-810E-39FC065C42C9}" = lport=137 | protocol=17 | dir=in | app=system |
    "{6CB4397F-6313-4147-B692-BB4A8B1A9C8C}" = lport=139 | protocol=6 | dir=in | app=system |
    "{7ECD9E7F-1EB4-4CBE-8638-92308429C6DD}" = rport=137 | protocol=17 | dir=out | app=system |
    "{8A919BBB-D454-49F6-8072-7760AABA5483}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{8B490A9B-59E7-46E5-9D18-FAD410704F23}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{8D44AA42-8B93-4492-B199-D03FC311D05F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{91AE5594-196F-4A96-B5FE-B8B421CEE192}" = lport=445 | protocol=6 | dir=in | app=system |
    "{9B2E0A8E-5714-478B-A9F2-5CD393351731}" = lport=7000 | protocol=6 | dir=in | name=windows easy transfer tcp port |
    "{9B85F604-B944-43B5-AA06-3D82BED74392}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{9F1511AF-A297-4590-AE4C-BDA3FE67EC5A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{9F9C622B-6B02-4473-858D-BE9A8848AA8B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{A1603D5B-1A9D-4C52-94B2-E90DF6FCF14D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A86DFA9B-DFAB-4ED0-96EE-03EE1C35938A}" = lport=7000 | protocol=17 | dir=in | name=windows easy transfer udp port |
    "{AA2AB350-F684-41AE-B5C7-62A52401FA36}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{AAF9375A-C1AA-4046-A14E-35D448EB38C2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B9C0950E-2D78-49F2-9AAC-5137E9CCC5BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BA3D7BE2-5357-4BEF-B61C-2AE5F3E4DFC2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{CE2DF8F2-6C84-4C51-BB88-A9ECB9B904C7}" = rport=445 | protocol=6 | dir=out | app=system |
    "{DE9E5293-4B33-4688-B14A-0DE88295F96D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00A0BD9C-9437-4DB1-8372-8991F70E9335}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{05D16DBC-D742-4D63-99D0-A9AD98DE031F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{081FAD9D-737C-4B64-AF5A-BFC2137EFBDA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{0B28626B-F528-494F-A20C-E8EFA0750E91}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
    "{0E4AA37D-1226-442D-816E-3D177FF67FF1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{0F54FF96-689C-4A14-BCAB-FBC17F0F7763}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
    "{1232A9D4-D82C-4CC6-AEB7-14A706E32C36}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{12DE758D-E72F-4C1A-BB23-F761B21B41E4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{12E60739-1E36-42DB-AE76-C7DF726582BC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
    "{13D32D44-B494-4AC2-8D45-9F406D3AAC0B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{13F69D21-C72E-4575-96CA-BBFBB755FB6A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{1699CD66-3B8C-4BE8-A4ED-D1467A2C7A76}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{178FC9B3-FCCC-44F0-8514-380F58B140F9}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
    "{18B77594-6CAD-40FE-9BE3-5D588A6564E3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
    "{1D742C60-29CC-49AD-A84A-0F2F6F044875}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
    "{20412AE9-29F5-4D6B-8D08-2EC092C41B5D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{2092C0ED-E8A5-4654-80A5-E96F522B44B0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{21099525-8465-4E23-96D6-82C868F4523B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{24A01308-0A3B-44A4-83B6-AE6C401F509E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{2661ACDC-4317-4364-A739-2F557CDF12AB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{26E45669-C308-48B0-B1BC-47A0BABD6C4B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
    "{2817ED3E-5CC0-4CF0-BA59-9B436923CF87}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
    "{2960B828-7D19-458D-9BBB-1DF62783202A}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
    "{29740ED2-B910-4B9E-A5DB-7A4BAD3D4071}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{2A6AE64F-90F9-4A56-8471-C13BDFA7B959}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{2A73572B-37D3-4137-8747-101F51866E6B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{2B0CA03B-B8E0-4701-9F4F-9EA93EAFC9FE}" = protocol=17 | dir=in | app=c:\program files\aol 9.5\waol.exe |
    "{2BCC5BBB-D0A8-49C8-B0A9-B988B28BB055}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1266698022\ee\aolsoftware.exe |
    "{2E3EE091-CB58-49CB-9DFF-4574F40DE729}" = protocol=6 | dir=in | app=c:\program files\aol desktop 9.7\waol.exe |
    "{2F4A1EE6-1B02-49D6-9DA9-9C3CB7881A4B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{30D865E2-BF49-4705-9F1D-F7A1358D0520}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{31D9AC0C-2E5A-4505-82FD-2BFF37D4E2AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{32081950-B52C-4BE9-9447-4309F71FCFF3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{32DBFA89-77A9-4FA2-BEE8-D4307F7A9C89}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
    "{359C9C6C-606B-492A-8CCE-9435E634AC38}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{3604AA48-15EA-40D0-9F84-004AEC976994}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{365BAA88-6AD3-4E9E-AE0D-7D06EEBAB4BA}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{369B24C5-500D-4EEC-8765-16EB01B2F447}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{38BEABE6-583E-4DEF-BD7F-89277E6C7093}" = dir=in | app=c:\users\user\appdata\local\viber\viber.exe |
    "{391AB68D-A822-4FCE-9112-2992307DB039}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
    "{39CD2BCA-39C4-43FD-9F9B-6A2F8BC86CD5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
    "{3BD8CF48-7112-425A-8968-F678E96E3A2F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{3CC8C254-17F6-40B8-828F-902B6EF81ACF}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{41328959-79DE-4310-B3D2-09265A2FC70B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{429B6B20-A04E-46FB-8536-00427CE4030C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{45C4B411-884C-48AF-8538-7C72A3F36523}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{46460F27-1388-499C-8349-E5606A305457}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
    "{4724DA79-D995-4942-9FA4-E240630365A9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
    "{47993328-36B2-48E8-85C8-FAABFDEE2348}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
    "{48BCC7F9-B62C-438E-930E-B25A7DACF489}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
    "{48C649AF-7C58-4950-A82A-DE77973EBE50}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{48CA8AB2-81A3-4D3B-8E3B-158676C85674}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
    "{498AD901-AF56-4B60-8D7F-ADCF1DA29C07}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
    "{49D94AA9-1357-4B3D-B6D2-3E1594570741}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{49E89E8D-3A16-415C-9BA0-0303EC11E2AD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{4BD5F7EB-9E0C-4C94-A6C4-F1FC9874DC3D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{4D18CEC1-B980-423E-B67B-0D0CF95E6F1D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{4E6507D4-1F44-44F0-8C1B-3FAE8B6B8606}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
    "{4EF953C3-C29A-446E-876C-3F966C5EA1A1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
    "{5050E0A3-A711-4A92-9EEC-7F842373FB2A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{50BC4F01-82A3-43FB-B10E-482DCC9BE6CB}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
    "{53E0ED05-A90B-4116-B8CE-C1155224321E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
    "{54364B94-D752-4E31-B9C7-45ADE779A506}" = protocol=17 | dir=in | app=c:\program files\aol desktop 9.7b\waol.exe |
    "{554C64D3-9232-4F9C-8FED-2F652C8C61D8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{575CA008-DF98-4EAD-8765-40FCF6152CBA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
    "{5B40875B-5CE8-4DF5-B4D6-693217F40656}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{5B6475AD-857B-4CF6-ABA1-A83429D4C098}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{5E4DCE9D-34D2-4E54-AD9A-3E223F1455F1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{5E8BED58-28D4-464C-A599-FC017D0AE6B9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
    "{6132A42D-CFC4-4E71-98CB-6DCA56282DED}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
    "{61DBF943-0861-4108-A321-000F9C282F70}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{638A2135-CCDC-46E4-A8F3-F6BF6CE60464}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
    "{668B6DDD-FBE5-4FD0-81ED-CFD222406A68}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
    "{67B34FE5-5EC5-4665-A602-739C0CE0318E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{684105AE-9F9A-4E3A-8914-9361A627DDDE}" = protocol=17 | dir=in | app=c:\program files\aol desktop 9.6\aolbrowser\aolbrowser.exe |
    "{693AB14C-9299-4B5C-AD53-097CE593A6FA}" = protocol=6 | dir=in | app=c:\program files\aol desktop 9.6\waol.exe |
    "{696BF22E-6482-4E79-9D24-835BFC04124D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{6A2BE739-09EA-4817-87CB-70C44D7BEC32}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{6B905C54-42E0-4557-A04F-644E129BDC7F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{6D52C4AB-7C75-40EE-98A2-C003858BBA46}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
    "{6D67F07D-ECDC-47E5-B532-5969E36876FC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{6EA71CFA-C221-41CC-B5E6-059BAD5EA59A}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{72C396DB-DE28-4926-B6D6-8606490905C7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{765B417A-1F19-4071-8F65-DD970C2B99DB}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
    "{767D5E4C-EFE8-4797-959B-14BB1A45BCB1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
    "{77FB2F6A-4011-4297-BC64-CD11FE4AFB9C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{788FB235-5D0A-402D-88AD-6143317724A2}" = protocol=17 | dir=in | app=c:\program files\lexmark pro800-pro900 series\lxecfax.exe |
    "{78ABB1FE-4468-4ABD-B5E8-B3E5311E334C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{78DEA4A2-D481-468F-A2DA-DF80DF3C7A68}" = protocol=17 | dir=in | app=c:\program files\aol desktop 9.6\waol.exe |
    "{7902E268-A6FA-460B-ADAE-1CC038DEE02B}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
    "{790F12BB-4201-4961-9E05-F568C6B5BD1D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{79376326-59EF-4777-9E79-39B853DB717C}" = protocol=6 | dir=in | app=c:\program files\aol 9.5\waol.exe |
    "{7F874D3F-CBC1-45B9-9DF8-53005A7938AA}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
    "{80816A64-7EFF-4935-BBD6-A68349262A42}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
    "{827DC6FD-8F4E-4704-9DD4-31903AF7230F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
    "{89AAB219-975E-4A08-8CDB-31272CD3B14B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{8C02447E-13D2-437A-8285-C0E841CC732A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{8D45B5F7-1205-4E76-BE2A-DC9C10C96B5F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
    "{8E7906B9-99C8-4497-9A1D-DF4199D3C33B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
    "{927A5752-56CC-4B05-BC53-FFAFC8871A5A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{92986EE1-08BD-4165-B8A7-02651768A965}" = protocol=17 | dir=in | app=c:\program files\aol desktop 9.7b\aolbrowser.exe |
    "{948E69E8-5D48-41B3-A101-08F377B3270E}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
    "{950E75E8-3A3F-4EB9-ADC6-1487D80486C6}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
    "{9730006A-25EC-4908-8CE7-8A7AAEA79AAC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
    "{98C28740-CBE1-4AAB-A591-76CF198E9F28}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{99EEA402-BCDB-4D7E-B50A-86DD3465DA06}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
    "{9A4431BE-5B70-4F20-BD19-991535632157}" = protocol=6 | dir=in | app=c:\program files\aol desktop 9.7a\aolbrowser\aolbrowser.exe |
    "{9C86FFCE-2051-4B5B-A4DE-7F94BA0FE02B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
    "{9CF4216B-2129-48C4-80E2-DBCF0429AE92}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{A02F6A74-58C3-4235-841F-A3476AE617DA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{A112FB68-0CBA-420F-8BBF-FADBB1D60D9D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
    "{A3D67485-5DC6-40C1-A5F5-E032931BCF27}" = protocol=6 | dir=in | app=c:\program files\lexmark pro800-pro900 series\lxecfax.exe |
    "{A3FE8E0E-3CDB-439F-B868-D77A977BA23A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{A488975B-BC2B-4882-8D15-CEBE4A32816C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{A59BFD65-9C63-4537-A0F6-446EF47220E1}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
    "{A6217771-03FC-4921-8454-31142E85457B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
    "{A7E9E145-B7B9-4C04-9A6D-B7249A37ED0A}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
    "{AAB07191-74CF-48BC-92C4-383A9636AF36}" = protocol=17 | dir=in | app=c:\program files\aol desktop 9.7\waol.exe |
    "{AD3D6475-36A6-495F-9029-A5C4C52CFC79}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
    "{AE73472E-D92D-4F38-AF68-A5B02B578D33}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
    "{AFF616F9-778A-4C54-AA65-829970B1827B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{B0C9E6A9-1B97-46CF-9AA0-F0FD79CCA59D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
    "{B12F8F3E-F6E2-429D-ABC7-4E3566130CF7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{B22EF2E3-E58C-4E01-931F-C39B291187E3}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
    "{B3D1669F-F561-46BF-90DA-1B4648D268EA}" = protocol=17 | dir=in | app=c:\program files\aol desktop 9.7\aolbrowser\aolbrowser.exe |
    "{B3D270D7-A8AB-4E2E-A810-5BB4FE342401}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{B50424F5-D19E-4A15-87AB-14519A3152BF}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
    "{B540B864-23EB-44FD-B1FE-7C693B2E65DB}" = protocol=6 | dir=in | app=c:\program files\aol desktop 9.7\aolbrowser\aolbrowser.exe |
    "{B955C3AA-30D4-4C86-94C5-F9D530230F95}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{BA9CF9FE-F095-4F9B-9144-5E5F5EA78268}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{BAFB430B-3E56-4427-91A3-1EF67E632310}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{BB719B0E-E6EA-4E25-AA8A-37B22D9097B9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
    "{BC1A7DB0-551D-4CA7-8705-E21173ACC2C1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1266698022\ee\aolsoftware.exe |
    "{BC608E14-6C69-4C70-ADD4-D3DF8CFDE18F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{BCCD9CC3-FA23-4809-A9AB-A4759A4344B2}" = protocol=17 | dir=in | app=c:\program files\aol desktop 9.7a\waol.exe |
    "{C052F977-07C6-4F52-8888-3395C6628616}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{C14D2E8E-50D3-417E-B3CE-9FC60273E438}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{C18CC7C0-15C8-411A-A301-152B737A7D51}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
    "{C1AB092C-BFDC-4718-9F3A-E81049743C5C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
    "{C219448B-F816-4BA5-B7A5-94BD7730D4E6}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
    "{C4AD34AA-9218-40ED-9948-B988EC9898E6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{C4B81C5B-FD2C-4BD6-B4A7-B0BD4C191994}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{C5330B84-A361-4EFC-8189-020B7DD77F43}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C560078E-5D98-40FB-B179-8552738B5E93}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{C76471EF-B596-4E55-A53F-7C0EDA4A097E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
    "{C8D4770C-0E04-4BBD-9BC6-60644D8C5E18}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
    "{CA350CDC-20B3-4AC9-8809-EF3A491A34CD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{CB102099-B07C-448B-9D13-A07E6B69476C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
    "{CD5C5D42-B72E-4DF9-9443-80866EF81157}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
    "{CF250DA8-78B1-4B21-A79C-B28CD943C4C2}" = protocol=17 | dir=in | app=c:\program files\aol desktop 9.7a\aolbrowser\aolbrowser.exe |
    "{D041CE3D-0A1D-4F80-B35E-EF3E62EA6109}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{D0872559-56F7-4322-98EE-A3CB81C18AD1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{D1E7FFB2-3879-4D85-9B89-11997A1C4B3D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{D38FEC06-4E3B-4276-BA1B-6F25CE2965BA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
    "{D40BF76E-9CB3-4266-B33C-9CFA4D066D8C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
    "{D4BDDCAE-D423-4917-8A5B-3F0787B98205}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{D4C314DB-C400-4C73-B9B9-F10A738AEEAE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
    "{D68B7C80-6F16-438D-AA12-42CB90E2ECE4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{D7B80980-0B25-41C4-8DFD-3955BD7F2900}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{DAE07373-D342-4451-B504-F44C5D815089}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
    "{DC0B6DF1-08B5-4FC6-B780-71119F46CD01}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{DCECC269-9DD7-4F5E-BE27-8D595144C8A5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{DDFE3973-4864-4431-B566-833DB214678A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
    "{DF1D7496-2A52-462B-8050-871E4B3C4FCE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
    "{DFAA3873-212B-4DCB-8978-88790AE53887}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{E1023648-E25C-4174-BBD5-2D739353EEE3}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
    "{E16B2E80-5E46-4E89-ADF2-FF94228095E2}" = protocol=6 | dir=in | app=c:\program files\aol desktop 9.7a\waol.exe |
    "{E1B5B2E2-D779-4774-8212-F0B9FD67012A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
    "{E21F7C62-1C81-43BF-B347-3C1B2DCAC78E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{E255A5A4-9E20-4E08-BEA9-E35D57C246B1}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{E41CDC9F-B5E0-4210-BAFC-279317DBF463}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
    "{E5014A51-A937-491E-A83C-D0033895581D}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
    "{EE420AEB-B804-4F2A-8463-177385AC133E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{EEE4CF23-2F19-40DF-B2F7-5DED147E0D1B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
    "{EF09FA09-5121-4C4E-AA99-30BB6264722B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{EF576D6E-2021-44F5-9BE7-FFFD630514E1}" = dir=in | app=c:\users\user\appdata\local\microsoft\skydrive\skydrive.exe |
    "{EF705E9C-3616-43D1-B97B-91723974EEBA}" = protocol=6 | dir=in | app=c:\program files\aol desktop 9.7b\aolbrowser.exe |
    "{F0E4B4F3-2F9D-4128-B4DE-CB1AF1C0006E}" = protocol=6 | dir=in | app=c:\program files\aol desktop 9.7b\waol.exe |
    "{F15A8A7B-A22C-46E5-A48E-4EC9C67AAE07}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{F16BD768-E67B-4E4C-951A-491A0B16C579}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{F2C33638-38A7-4883-BF87-1344BF699156}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{F4BF62E6-C03C-4420-A3EE-EC192EA8EE7B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
    "{F5413469-ECC7-4437-8364-E5788356BA5C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{F68A0806-A139-497F-9550-110F289A87CE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{F835E6C8-8BD7-4DC5-BDFB-7A8D51D2F229}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{F9464108-3C08-4CDA-A501-9091333F428A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{F99361D1-F8E2-4BF3-9FEE-0A0054E0AD90}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
    "{FA5779F1-CB0B-458B-80EC-B0FC8E79055B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{FACBAB40-4C10-4612-B297-98921862A495}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
    "{FB1936A2-ADC2-4EDC-AB37-D96C9849AF86}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
    "{FB79E5FB-2F00-45A2-AC70-CCCF8715D50A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
    "{FE153329-FCC5-4E44-B1BE-9A0477DB97B1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
    "{FFCA341F-D5CC-4CA7-9AEA-D842A717B9EC}" = protocol=6 | dir=in | app=c:\program files\aol desktop 9.6\aolbrowser\aolbrowser.exe |
    "TCP Query User{2AF06436-0FBF-469F-A9E6-615AD83C6D76}C:\users\user\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\mjusbsp\magicjack.exe |
    "TCP Query User{6A232E81-C6C7-4512-A29D-F801BE96EFBE}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "TCP Query User{E74ECBF7-59CF-4FEC-AF1C-B74CB2738E4E}C:\program files\cain\cain.exe" = protocol=6 | dir=in | app=c:\program files\cain\cain.exe |
    "TCP Query User{F4230E65-3411-4200-93D5-68C404CADA86}C:\program files\bitpim\bitpimw.exe" = protocol=6 | dir=in | app=c:\program files\bitpim\bitpimw.exe |
    "UDP Query User{141E86EA-0753-47EF-A318-D9AE22725A56}C:\program files\cain\cain.exe" = protocol=17 | dir=in | app=c:\program files\cain\cain.exe |
    "UDP Query User{1EBF1344-0059-429E-95B4-1F8C3E76AAD4}C:\users\user\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\mjusbsp\magicjack.exe |
    "UDP Query User{83B0CBF8-6013-4868-8E14-C2CD1336B694}C:\program files\bitpim\bitpimw.exe" = protocol=17 | dir=in | app=c:\program files\bitpim\bitpimw.exe |
    "UDP Query User{F4AB6229-54C8-428E-A9AA-6042E0C2F7DB}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01748EE1-FD8D-4708-B0D2-65709A2DE0BD}" = Garmin Express
    "{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package
    "{0B17B1DA-76AB-4D07-B8E8-FD6061E6BCA5}" = Garmin Express Tray
    "{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
    "{0E202730-41DE-479B-9AE3-63EE685766C4}" = SlimCleaner
    "{0E837AF0-4C92-4077-83F0-D022073F17C0}" = Microsoft Expression Blend 3 SDK
    "{188CEE76-0503-4910-A845-E1DC45685DA0}" = RangeBooster G WUA-2340
    "{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{280C9F2B-45ED-493B-B406-31C1434CAF7C}" = Survey Link Extension
    "{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{44F7BA74-C11A-49FC-B2FC-1B827C491F74}" = Microsoft Expression Studio 3
    "{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
    "{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
    "{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
    "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
    "{5783F2D6-7028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2009
    "{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit June 2009 (Version 3.5.40619.1)
    "{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4
    "{65BCF909-6AF7-4B01-8EB3-713CE2873DC8}" = Microsoft Expression Web 3
    "{6B6B527F-72AC-426D-821F-39E261CC6297}" = Garmin Update Service
    "{6B6EF732-A621-4BAB-A695-CEF6C76B46F2}" = Ettercap
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
    "{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
    "{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
    "{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_XWeb_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_XWeb_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_XWeb_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0045-0000-0000-0000000FF1CE}" = Microsoft Expression Web 2
    "{90120000-0045-0409-0000-0000000FF1CE}" = Microsoft Expression Web 2 MUI (English)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_XWeb_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_XWeb_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{97F4D62E-5AEB-4649-BABF-4712C6EF6845}" = DeductionPro 2009
    "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
    "{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D5CBE17-8414-431E-A335-5DEE0F4C90D4}" = CDBurnerXP
    "{9FE75E68-96A2-48F3-90AB-34E6B8C9989D}" = Microsoft Mouse and Keyboard Center
    "{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
    "{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{A9BEEB55-3E49-43BD-87E6-F1632C0E2BA6}" = Microsoft Expression Studio 2
    "{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.10)
    "{B015973E-A65D-48D3-83C2-BF9723705AB1}" = Splunk
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 335.23
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 335.23
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 335.23
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 10.4.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B78FB576-8BB4-4799-B612-A02B74BA0DF0}" = AVG 2014
    "{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
    "{bd9bc494-8cd2-4ae2-92fe-6a3dda9c3ee9}" = Garmin Express
    "{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec
    "{C31719FC-309E-4529-A78C-DC6FAEC12CC2}" = iSpy
    "{C330C4F4-FD7C-4821-A210-F8058E1FB81C}" = AVG 2014
    "{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Reports 2008 Runtime SP1
    "{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}" = Microsoft Streets & Trips 2010
    "{C82185E8-C27B-4EF4-2011-4444BC2C2B6D}" = Microsoft Streets & Trips 2011
    "{CB8CA439-DA83-419C-A4CF-5A0A50025144}" = Windows Mobile Device Center Driver Update
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{CFEFC45E-86A0-4970-B14F-C273CA021B10}_is1" = MiniPlayer version 1.5
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
    "{D785E51B-6BE3-4747-A77E-EF28081FFEAD}" = Elevated Installer
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
    "{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
    "{ED79C920-2FF2-4742-AF32-B58BE68B0FA6}" = VS 2008 CRT Package
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FF14C187-9EB3-41F9-862F-2620EF5E5898}_is1" = QS Multi DVR View
    "{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
    "AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
    "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
    "AVG" = AVG 2014
    "AVIGenerator V1.0.0.0_is1" = AVIGenerator V1.0.0.0
    "Cain & Abel 4.9.46" = Cain & Abel 4.9.46
    "CCleaner" = CCleaner
    "D9-Viewer" = D9-Viewer 1.2.7.232
    "DVRServer.Application_is1" = SecurView Pro 2.1.4
    "DWG TrueView 2009" = DWG TrueView 2009
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Ettercap 0.7.4" = Ettercap-0.7.4
    "ExpressionStudio_2.0.133.0" = Microsoft Expression Studio 2
    "ExpressionStudio_3.0.1061.0" = Microsoft Expression Studio 3
    "ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4
    "ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
    "FileZilla Client" = FileZilla Client 3.5.3
    "H264" = H264 Video Codec
    "HaaliMkx" = Haali Media Splitter
    "ieSpell" = ieSpell
    "InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
    "IOGEAR Auto Printer Sharing Switch_is1" = IOGEAR Auto Printer Sharing Switch 2.0
    "KeePassPasswordSafe2_is1" = KeePass Password Safe 2.16
    "Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
    "Logitech Unifying" = Logitech Unifying Software 2.10
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
    "Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
    "Microsoft Security Client" = Microsoft Security Essentials
    "Morgan Multimedia Motion JPEG Codec_is1" = Morgan Multimedia Motion JPEG Codec 3.0.0.9
    "Network Print Monitor" = Network Print Monitor for Windows
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Pdf995" = Pdf995 (installed by H&R Block)
    "PdfEdit995" = PdfEdit995 (installed by H&R Block)
    "Playback_is1" = Playback 2.3.0.4
    "USBKVM Switcher_is1" = USBKVM Switcher 2.27
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "VLC media player" = VLC media player 2.1.3
    "Web_3.0.3813.0" = Microsoft Expression Web 3
    "Web_4.0.1303.0" = Microsoft Expression Web 4
    "WebClient" = WebClient
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinPcapInst" = WinPcap 4.1.3
    "Wireshark" = Wireshark 1.8.6 (32-bit)
    "XWeb" = Microsoft Expression Web 2
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2178227108-149082570-3650749505-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "magicJack" = magicJack
    "OneDriveSetup.exe" = Microsoft OneDrive
    "Viber" = Viber
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/9/2014 9:16:59 PM | Computer Name = compaq | Source = Windows Search Service | ID = 7040
    Description =

    Error - 7/9/2014 9:17:00 PM | Computer Name = compaq | Source = Windows Search Service | ID = 7042
    Description =

    Error - 7/9/2014 9:17:00 PM | Computer Name = compaq | Source = Windows Search Service | ID = 9002
    Description =

    Error - 7/9/2014 9:17:00 PM | Computer Name = compaq | Source = Windows Search Service | ID = 3029
    Description =

    Error - 7/9/2014 9:17:23 PM | Computer Name = compaq | Source = Windows Search Service | ID = 3029
    Description =

    Error - 7/9/2014 9:17:23 PM | Computer Name = compaq | Source = Windows Search Service | ID = 3028
    Description =

    Error - 7/9/2014 9:17:23 PM | Computer Name = compaq | Source = Windows Search Service | ID = 3058
    Description =

    Error - 7/9/2014 9:17:23 PM | Computer Name = compaq | Source = Windows Search Service | ID = 7010
    Description =

    Error - 7/10/2014 12:54:42 AM | Computer Name = compaq | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 10.0.9200.17028 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: a18 Start
    Time: 01cf9bfafded8e93 Termination Time: 212 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id: 4524b39b-07ee-11e4-bf03-00038a000015

    Error - 7/11/2014 1:03:57 PM | Computer Name = compaq | Source = Application Hang | ID = 1002
    Description = The program HijackThis.exe version 2.0.0.5 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1410 Start
    Time: 01cf9d29fba81229 Termination Time: 31 Application Path: C:\Users\user\Downloads\HijackThis.exe

    Report
    Id: 54ad08a5-091d-11e4-a08f-00038a000015

    [ Media Center Events ]
    Error - 5/6/2010 9:20:59 AM | Computer Name = compaq | Source = MCUpdate | ID = 0
    Description = 9:20:59 AM - Failed to retrieve MCESpotlight (Error: The request failed
    with HTTP status 503: Service Unavailable.)

    Error - 5/6/2010 9:21:14 AM | Computer Name = compaq | Source = MCUpdate | ID = 0
    Description = 9:21:14 AM - Failed to retrieve SportsV2 (Error: The request failed
    with HTTP status 503: Service Unavailable.)

    Error - 5/6/2010 9:21:17 AM | Computer Name = compaq | Source = MCUpdate | ID = 0
    Description = 9:21:17 AM - Failed to retrieve Broadband (Error: Invalid security
    token.)

    [ System Events ]
    Error - 7/13/2014 5:18:10 PM | Computer Name = compaq | Source = DCOM | ID = 10016
    Description =

    Error - 7/13/2014 6:41:09 PM | Computer Name = compaq | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Garmin
    Core Update Service service to connect.

    Error - 7/13/2014 6:41:09 PM | Computer Name = compaq | Source = Service Control Manager | ID = 7000
    Description = The Garmin Core Update Service service failed to start due to the
    following error: %%1053

    Error - 7/13/2014 6:41:11 PM | Computer Name = compaq | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the lxecCATSCustConnectService
    service to connect.

    Error - 7/13/2014 6:41:11 PM | Computer Name = compaq | Source = Service Control Manager | ID = 7000
    Description = The lxecCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 7/13/2014 6:42:35 PM | Computer Name = compaq | Source = DCOM | ID = 10016
    Description =

    Error - 7/13/2014 11:40:50 PM | Computer Name = compaq | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the lxecCATSCustConnectService
    service to connect.

    Error - 7/13/2014 11:40:50 PM | Computer Name = compaq | Source = Service Control Manager | ID = 7000
    Description = The lxecCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 7/13/2014 11:42:06 PM | Computer Name = compaq | Source = DCOM | ID = 10016
    Description =

    Error - 7/13/2014 11:42:23 PM | Computer Name = compaq | Source = WMPNetworkSvc | ID = 866300
    Description =


    < End of report >

  4. #4
    Member
    Join Date
    Mar 2007
    Location
    Butler, PA
    Posts
    102
    Points
    0

    Default

    Thanks for the help!

    I uninstalled Spybot.

    As for the antivirus, what would you do if this were your computer?

    I ran HijackThis and deleted what you indicated should be.

    Two files you requested from OTL are below.


    OTL logfile created on: 7/13/2014 11:47:09 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.17028)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.50 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 61.31% Memory free
    5.00 Gb Paging File | 3.74 Gb Available in Paging File | 74.87% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 178.99 Gb Total Space | 99.20 Gb Free Space | 55.42% Space Free | Partition Type: NTFS
    Drive D: | 7.29 Gb Total Space | 0.35 Gb Free Space | 4.84% Space Free | Partition Type: FAT32

    Computer Name: COMPAQ | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/07/13 23:45:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
    PRC - [2014/06/27 15:20:18 | 003,241,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
    PRC - [2014/06/17 16:22:40 | 000,846,864 | ---- | M] (AVG Technologies CZ, s.r.o.) -- c:\Program Files\AVG\AVG2014\avgrsx.exe
    PRC - [2014/06/17 16:21:52 | 000,642,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
    PRC - [2014/06/17 16:16:00 | 000,838,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
    PRC - [2014/06/17 16:12:30 | 000,656,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
    PRC - [2014/06/17 16:11:46 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
    PRC - [2014/05/25 22:01:05 | 000,257,224 | ---- | M] (Microsoft Corporation) -- C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    PRC - [2014/03/20 23:03:18 | 001,797,064 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
    PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
    PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2014/03/04 08:34:44 | 001,821,128 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    PRC - [2014/03/04 08:34:44 | 000,943,048 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    PRC - [2014/03/04 07:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/10/27 10:12:58 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2013/10/10 18:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2013/08/01 20:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2013/07/22 10:22:30 | 001,093,464 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Express Tray\ExpressTray.exe
    PRC - [2013/07/22 10:22:08 | 000,219,480 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    PRC - [2013/05/13 15:33:02 | 001,693,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    PRC - [2013/05/13 15:33:02 | 001,113,296 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    PRC - [2013/02/20 23:03:31 | 000,067,104 | ---- | M] (ArcSoft, Inc.) -- C:\Users\user\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
    PRC - [2013/02/20 23:03:30 | 000,555,040 | ---- | M] (ArcSoft, Inc.) -- C:\Users\user\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
    PRC - [2013/01/31 20:21:24 | 000,019,224 | R--- | M] () -- C:\Program Files\Splunk\bin\splunkweb.exe
    PRC - [2013/01/31 20:20:00 | 015,349,528 | R--- | M] (Splunk Inc.) -- C:\Program Files\Splunk\bin\splunkd.exe
    PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2012/08/29 14:01:16 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
    PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    PRC - [2010/04/14 16:08:12 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeccoms.exe
    PRC - [2010/03/05 14:37:40 | 000,867,328 | ---- | M] () -- C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe
    PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/10/02 11:24:58 | 000,188,416 | ---- | M] () -- C:\Program Files\USBKVM Switcher\USBKVM.exe
    PRC - [2008/09/23 23:45:00 | 001,667,072 | ---- | M] (D-Link) -- C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
    PRC - [2007/01/19 12:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/02/12 23:26:03 | 001,091,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\0bedc417d3c5dcb1c9a5f15dd733c556\System.ServiceModel.Web.ni.dll
    MOD - [2014/02/12 23:25:06 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
    MOD - [2014/02/12 22:49:17 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll
    MOD - [2014/02/12 22:49:08 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
    MOD - [2014/02/12 22:48:41 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll
    MOD - [2014/02/12 21:56:45 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
    MOD - [2014/02/12 21:56:05 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
    MOD - [2014/02/12 21:55:55 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
    MOD - [2014/02/12 21:55:53 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
    MOD - [2014/02/12 21:55:53 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
    MOD - [2014/02/12 21:55:51 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
    MOD - [2014/02/12 21:55:43 | 000,291,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatiod51afaa5#\edec2d7b3ecaabfc5c72d7615d884f79\PresentationFramework.classic.ni.dll
    MOD - [2014/02/12 21:55:41 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
    MOD - [2014/02/12 21:55:23 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
    MOD - [2014/02/12 21:55:12 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
    MOD - [2014/02/12 21:55:00 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
    MOD - [2014/02/12 21:54:53 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
    MOD - [2014/02/12 21:54:50 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
    MOD - [2014/02/12 21:54:42 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
    MOD - [2014/02/12 21:54:32 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
    MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
    MOD - [2010/03/05 14:37:40 | 000,867,328 | ---- | M] () -- C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe
    MOD - [2008/10/02 11:24:58 | 000,188,416 | ---- | M] () -- C:\Program Files\USBKVM Switcher\USBKVM.exe
    MOD - [2008/09/11 12:48:38 | 000,262,144 | ---- | M] () -- C:\Windows\System32\wlanapp.dll
    MOD - [2007/07/17 17:26:18 | 000,086,016 | ---- | M] () -- C:\Program Files\USBKVM Switcher\KeyHook.dll


    ========== Services (SafeList) ==========

    SRV - [2014/06/27 15:20:18 | 003,241,488 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2014/06/17 16:11:46 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
    SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2014/03/04 07:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2014/02/06 18:09:56 | 000,046,184 | R--- | M] (AOL Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)
    SRV - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/10/27 10:12:58 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/10/10 18:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2013/07/22 10:22:08 | 000,219,480 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
    SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/02/28 21:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
    SRV - [2013/02/20 23:03:31 | 000,067,104 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\user\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
    SRV - [2013/01/31 20:21:24 | 000,019,224 | R--- | M] () [Auto | Running] -- C:\Program Files\Splunk\bin\splunkweb.exe -- (Splunkweb)
    SRV - [2013/01/31 20:20:00 | 015,349,528 | R--- | M] (Splunk Inc.) [Auto | Running] -- C:\Program Files\Splunk\bin\splunkd.exe -- (Splunkd)
    SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
    SRV - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
    SRV - [2010/05/04 23:53:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/04/14 16:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeccoms.exe -- (lxec_device)
    SRV - [2010/04/14 16:08:05 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe -- (lxecCATSCustConnectService)
    SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/05/19 04:36:40 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\D-Link\RangeBooster G WUA-2340\JSWUtilVst\jswpsapi.exe -- (jswpsapi)
    SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


    ========== Driver Services (SafeList) ==========

    DRV - [2014/07/13 23:41:24 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{157298D3-02FE-46E6-A9F2-568DB873375D}\MpKsl1bf6a376.sys -- (MpKsl1bf6a376)
    DRV - [2014/06/17 16:22:02 | 000,188,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2014/06/17 16:21:22 | 000,197,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2014/06/17 16:18:00 | 000,241,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
    DRV - [2014/06/17 16:17:58 | 000,147,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
    DRV - [2014/06/17 16:06:40 | 000,199,960 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
    DRV - [2014/06/17 16:06:38 | 000,121,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
    DRV - [2014/06/17 16:06:24 | 000,098,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2014/06/17 16:06:22 | 000,027,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2014/06/17 16:06:20 | 000,021,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
    DRV - [2014/03/20 23:03:40 | 010,523,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2014/03/19 15:27:42 | 000,065,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
    DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2014/01/22 09:52:12 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(데브구루 | 데브구루에 오*것을 환영합니다.)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
    DRV - [2014/01/22 09:52:12 | 000,088,576 | ---- | M] (DEVGURU Co., LTD.(데브구루 | 데브구루에 오*것을 환영합니다.)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV - [2013/10/01 20:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2013/02/28 21:48:42 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
    DRV - [2013/01/31 20:19:58 | 000,031,096 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\splunkdrv-win6.sys -- (splunkdrv-win6)
    DRV - [2012/08/23 10:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV - [2012/01/18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
    DRV - [2012/01/18 06:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
    DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/12/13 14:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2010/01/21 01:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2010/01/21 01:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2010/01/21 01:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2009/10/07 08:46:14 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
    DRV - [2009/07/31 01:12:54 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
    DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
    DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
    DRV - [2009/06/22 23:34:38 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
    DRV - [2008/08/07 03:09:32 | 000,905,728 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGUx86.sys -- (A5AGU)
    DRV - [2008/05/15 04:28:44 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
    DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{1913A79D-26E4-4599-9AE5-B13BB10AAC05}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2178227108-149082570-3650749505-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    IE - HKU\S-1-5-21-2178227108-149082570-3650749505-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com
    IE - HKU\S-1-5-21-2178227108-149082570-3650749505-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2178227108-149082570-3650749505-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 2D 07 83 9F A0 CA 01 [binary data]
    IE - HKU\S-1-5-21-2178227108-149082570-3650749505-1002\..\SearchScopes,DefaultScope = {2BE51A2D-CC39-4B72-BFCB-11FC0BB213F0}
    IE - HKU\S-1-5-21-2178227108-149082570-3650749505-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKU\S-1-5-21-2178227108-149082570-3650749505-1002\..\SearchScopes\{2BE51A2D-CC39-4B72-BFCB-11FC0BB213F0}: "URL" = https://www.google.com/search?q={searchTerms}
    IE - HKU\S-1-5-21-2178227108-149082570-3650749505-1002\..\SearchScopes\{52BB94D5-C995-40EC-8BAB-D37164469768}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
    IE - HKU\S-1-5-21-2178227108-149082570-3650749505-1002\..\SearchScopes\{5B291E6C-9A74-4034-971B-A4B007A0B315}: "URL" = http://radiobar.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
    IE - HKU\S-1-5-21-2178227108-149082570-3650749505-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
    FF - HKLM\Software\MozillaPlugins\@EDVR/WebClient: C:\windows\system32\WebClient\npwebclient.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\user\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)


    [2012/02/12 10:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
    [2012/04/24 20:16:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c75guc3d.default\extensions
    [2012/04/24 20:16:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c75guc3d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

    O1 HOSTS File: ([2014/07/10 16:10:47 | 000,450,712 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 [㳡ǡǡ,㳡,ѹ㳡һǡǡ],2014ҳ
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 ͨ,,𱦲188,ͨ,ټ,ټ
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 Gadgets And More
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 123fporn.info
    O1 - Hosts: 15469 more lines...
    O3 - HKU\S-1-5-21-2178227108-149082570-3650749505-1002\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
    O4 - HKLM..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe (D-Link)
    O4 - HKLM..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
    O4 - HKLM..\Run: [IOGEAR Auto Printer Sharing Switch] C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe ()
    O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NPSStartup] File not found
    O4 - HKU\S-1-5-21-2178227108-149082570-3650749505-1002..\Run: [cdloader] C:\Users\user\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
    O4 - HKU\S-1-5-21-2178227108-149082570-3650749505-1002..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
    O4 - HKU\S-1-5-21-2178227108-149082570-3650749505-1002..\Run: [SkyDrive] C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2178227108-149082570-3650749505-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk = C:\Users\user\AppData\Roaming\HP SimpleSave Application\StartHelper.exe (ArcSoft, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
    O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
    O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-2178227108-149082570-3650749505-1002\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} http://192.168.0.114/aplugLite.cab (Gif89 Lite +Audio Class)
    O16 - DPF: {9AA03FEC-6582-48B1-BC62-821D4A7B9461} http://10.24.183.144:85/N9DvrOcx.cab?V1111 (RMN9_DVR Control)
    O16 - DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} http://10.24.183.114:85/WebClient.exe (WebClient Control)
    O16 - DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} http://javadl-esd.oracle.com/update/...ndows-i586.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A33130C3-FA18-48CC-9751-499614A9A8E5}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
    O33 - MountPoints2\{35878999-7ee7-11e2-9131-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{35878999-7ee7-11e2-9131-00038a000015}\Shell\AutoRun\command - "" = F:\MotoCastSetup.exe -a
    O33 - MountPoints2\{4bce79bc-214f-11e1-92fc-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{4bce79bc-214f-11e1-92fc-00038a000015}\Shell\AutoRun\command - "" = F:\StormF1.exe
    O33 - MountPoints2\{83630f61-95ac-11df-b755-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{83630f61-95ac-11df-b755-00038a000015}\Shell\AutoRun\command - "" = F:\StormF1.exe
    O33 - MountPoints2\{c67b78fe-e482-11e1-a58e-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{c67b78fe-e482-11e1-a58e-00038a000015}\Shell\AutoRun\command - "" = F:\TLBootstrap_WPP.exe
    O33 - MountPoints2\{e5b84bac-43d3-11df-965d-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{e5b84bac-43d3-11df-965d-00038a000015}\Shell\AutoRun\command - "" = J:\LaunchU3.exe
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\MotoCastSetup.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (/sync /restart)
    O34 - HKLM BootExecute: (/sync /restart)
    O34 - HKLM BootExecute: (/sync /restart)
    O34 - HKLM BootExecute: (/sync /restart)
    O34 - HKLM BootExecute: (/sync /restart)
    O34 - HKLM BootExecute: (/sync /restart)
    O34 - HKLM BootExecute: (/sync /restart)
    O34 - HKLM BootExecute: (/sync /restart)
    O34 - HKLM BootExecute: (/sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/07/11 07:30:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com
    [2014/07/11 07:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2014/07/11 07:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2014/07/11 07:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2014/07/10 23:04:34 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\trailer
    [2014/07/10 22:58:29 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Tractor
    [2014/07/09 07:47:33 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2014/07/09 07:47:33 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2014/07/09 07:47:33 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2014/07/09 07:47:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2014/07/09 07:47:32 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
    [2014/07/09 07:47:32 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2014/07/09 07:47:31 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2014/07/09 07:47:30 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2014/07/09 07:47:29 | 001,440,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2014/07/09 07:47:28 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2014/07/09 07:47:25 | 002,863,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2014/07/09 07:47:25 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
    [2014/07/09 07:47:24 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
    [2014/07/09 07:47:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2014/07/09 07:47:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
    [2014/07/09 07:47:16 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
    [2014/07/09 07:47:09 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
    [2014/07/09 07:46:51 | 002,350,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2014/07/09 07:46:51 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
    [2014/07/09 07:44:18 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
    [2014/07/09 07:44:15 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
    [2014/06/30 10:55:44 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/06/30 10:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/06/30 10:55:12 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014/06/30 10:55:12 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
    [2014/06/26 09:19:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Adobe
    [2014/06/25 08:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Desktop 9.7b
    [2014/06/22 10:59:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
    [2014/06/22 10:58:41 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\SelfMV
    [2014/06/22 10:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
    [2014/06/22 10:57:49 | 000,144,664 | ---- | C] (MAPILab Ltd. & Add-in Express Ltd.) -- C:\Windows\System32\secman.dll
    [2014/06/17 16:22:02 | 000,188,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
    [2014/06/17 16:21:22 | 000,197,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
    [2014/06/17 16:18:00 | 000,241,944 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avglogx.sys
    [2014/06/17 16:17:58 | 000,147,736 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidshx.sys
    [2014/06/17 16:06:40 | 000,199,960 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsdriverx.sys
    [2014/06/17 16:06:38 | 000,121,624 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgdiskx.sys
    [2014/06/17 16:06:24 | 000,098,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
    [2014/06/17 16:06:22 | 000,027,416 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
    [2014/06/17 16:06:20 | 000,021,272 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
    [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/07/13 23:49:09 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/07/13 23:49:09 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/07/13 23:39:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/07/13 23:39:41 | 2012,127,232 | -HS- | M] () -- C:\hiberfil.sys
    [2014/07/12 13:36:39 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/07/11 07:30:05 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2014/07/10 16:10:47 | 000,450,712 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2014/07/10 09:11:30 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2014/07/10 09:11:28 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2014/07/09 17:06:07 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2014/07/09 08:06:31 | 000,493,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2014/07/08 06:23:24 | 000,450,712 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140710-161047.backup
    [2014/07/03 12:17:00 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
    [2014/07/02 15:13:49 | 000,666,330 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2014/07/02 15:13:49 | 000,123,712 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2014/07/02 14:53:57 | 000,026,823 | ---- | M] () -- C:\Users\user\Desktop\ATT00008.mid
    [2014/06/30 10:55:30 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/06/29 21:40:16 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
    [2014/06/29 21:36:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
    [2014/06/25 08:44:33 | 000,001,090 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.7.lnk
    [2014/06/25 08:44:32 | 000,001,004 | ---- | M] () -- C:\Users\Public\Desktop\AOL Desktop 9.7.lnk
    [2014/06/23 05:27:20 | 002,943,789 | ---- | M] () -- C:\Users\user\Desktop\SANY0001.jpg
    [2014/06/23 05:21:57 | 003,190,986 | ---- | M] () -- C:\Users\user\Desktop\SANY0130.jpg
    [2014/06/22 10:58:13 | 000,001,939 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies 3.lnk
    [2014/06/22 10:58:13 | 000,001,915 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies 3.lnk
    [2014/06/18 20:54:05 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2014/06/18 20:53:03 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
    [2014/06/18 20:53:01 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2014/06/18 20:52:46 | 002,863,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2014/06/18 20:52:46 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2014/06/18 20:52:43 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2014/06/18 20:52:42 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2014/06/18 20:52:42 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2014/06/18 20:52:42 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2014/06/18 20:52:42 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2014/06/18 20:52:34 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
    [2014/06/18 20:52:34 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
    [2014/06/18 20:52:19 | 001,440,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2014/06/18 20:30:35 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2014/06/18 19:34:26 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
    [2014/06/17 21:51:32 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
    [2014/06/17 20:52:00 | 002,350,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2014/06/17 16:22:02 | 000,188,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
    [2014/06/17 16:21:22 | 000,197,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
    [2014/06/17 16:18:00 | 000,241,944 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avglogx.sys
    [2014/06/17 16:17:58 | 000,147,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidshx.sys
    [2014/06/17 16:06:40 | 000,199,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsdriverx.sys
    [2014/06/17 16:06:38 | 000,121,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgdiskx.sys
    [2014/06/17 16:06:24 | 000,098,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
    [2014/06/17 16:06:22 | 000,027,416 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
    [2014/06/17 16:06:20 | 000,021,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsshimx.sys
    [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/07/11 07:30:05 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2014/07/02 14:53:56 | 000,026,823 | ---- | C] () -- C:\Users\user\Desktop\ATT00008.mid
    [2014/06/30 10:55:30 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/06/23 05:27:15 | 002,943,789 | ---- | C] () -- C:\Users\user\Desktop\SANY0001.jpg
    [2014/06/23 05:21:51 | 003,190,986 | ---- | C] () -- C:\Users\user\Desktop\SANY0130.jpg
    [2014/06/22 10:58:13 | 000,001,939 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies 3.lnk
    [2014/06/22 10:58:13 | 000,001,915 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies 3.lnk
    [2014/05/10 13:38:52 | 000,000,880 | ---- | C] () -- C:\Windows\m3jpeg.ini
    [2014/05/10 13:37:34 | 002,274,816 | ---- | C] () -- C:\Windows\System32\avcodec-dvrcodecsf-53.dll
    [2014/05/10 13:37:34 | 000,244,224 | ---- | C] () -- C:\Windows\System32\swscale-dvrcodecsf-2.dll
    [2014/05/10 13:37:34 | 000,135,680 | ---- | C] () -- C:\Windows\System32\avutil-dvrcodecsf-51.dll
    [2013/10/29 14:09:42 | 000,000,218 | ---- | C] () -- C:\Users\user\AppData\Local\recently-used.xbel
    [2013/05/02 17:05:28 | 000,030,136 | ---- | C] () -- C:\Users\user\http
    [2013/02/28 21:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
    [2013/01/20 20:50:30 | 000,262,144 | ---- | C] () -- C:\Windows\System32\wlanapp.dll
    [2013/01/20 20:50:29 | 000,049,152 | ---- | C] () -- C:\Windows\System32\JJAKEn.dll
    [2012/12/28 21:13:23 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxecvs.dll
    [2012/12/28 21:13:21 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeccoin.dll
    [2012/12/28 21:13:16 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxecgcfg.dll
    [2012/12/28 21:13:15 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeccui.dll
    [2012/12/28 21:13:15 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeccuir.dll
    [2012/12/28 21:11:45 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxecserv.dll
    [2012/12/28 21:11:45 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxecusb1.dll
    [2012/12/28 21:11:45 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxecpmui.dll
    [2012/12/28 21:11:45 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxecinpa.dll
    [2012/12/28 21:11:45 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEChcp.dll
    [2012/12/28 21:11:45 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeciesc.dll
    [2012/12/28 21:11:45 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXECinst.dll
    [2012/12/28 21:11:44 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeccomc.dll
    [2012/12/28 21:11:44 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxechbn3.dll
    [2012/12/28 21:11:44 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeccoms.exe
    [2012/12/28 21:11:44 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeclmpm.dll
    [2012/12/28 21:11:44 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeccomm.dll
    [2012/12/28 21:11:44 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxecih.exe
    [2012/12/28 21:11:44 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxecins.dll
    [2012/12/28 21:11:44 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxecinsb.dll
    [2012/12/28 21:11:44 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeccu.dll
    [2012/12/28 21:11:44 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxecgrd.dll
    [2012/12/28 21:11:44 | 000,106,496 | ---- | C] () -- C:\Windows\System32\lxecinsr.dll
    [2012/12/28 21:11:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeccub.dll
    [2012/12/28 21:11:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxecjswr.dll
    [2012/12/28 21:11:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeccur.dll
    [2012/12/28 21:11:43 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeccfg.exe
    [2012/08/28 22:46:50 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2012/08/28 19:32:07 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
    [2012/08/28 19:32:07 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
    [2012/07/30 14:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
    [2012/07/30 14:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
    [2012/07/30 14:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
    [2012/07/30 14:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
    [2012/07/28 18:05:16 | 000,000,054 | ---- | C] () -- C:\Windows\System32\set.ini
    [2011/10/01 21:53:45 | 000,000,187 | ---- | C] () -- C:\ProgramData\RmUserCfg.ini
    [2011/10/01 21:53:45 | 000,000,039 | ---- | C] () -- C:\ProgramData\IpAndPort.fig
    [2010/03/28 21:51:10 | 000,002,395 | ---- | C] () -- C:\Users\user\AppData\Roaming\SAS7_000.DAT

    ========== ZeroAccess Check ==========

    [2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:F35A93AD
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4

    < End of report >



    OTL Extras logfile created on: 7/13/2014 11:47:09 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.17028)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.50 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 61.31% Memory free
    5.00 Gb Paging File | 3.74 Gb Available in Paging File | 74.87% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 178.99 Gb Total Space | 99.20 Gb Free Space | 55.42% Space Free | Partition Type: NTFS
    Drive D: | 7.29 Gb Total Space | 0.35 Gb Free Space | 4.84% Space Free | Partition Type: FAT32

    Computer Name: COMPAQ | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2178227108-149082570-3650749505-1002\SOFTWARE\Classes\<extension>]
    .scr [@ = DWGTrueViewScriptFile] -- C:\Windows\System32\notepad.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{138B953B-D631-4662-ACC3-64A70F3BA712}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
    "{1A849300-785F-41F8-B4BA-56F79A999584}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{28557811-79EF-472C-A38F-69DA41D1CB06}" = lport=138 | protocol=17 | dir=in | app=system |
    "{3263FEE7-DD88-48D8-BA72-66F152070BE0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{358B10A2-2DD1-4195-8D19-F5615D492B8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{41C0C78F-A4AB-4749-B8B9-8A5E327A0850}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{5D289555-0F20-451E-85AF-EE74829358AC}" = rport=138 | protocol=17 | dir=out | app=system |
    "{69791D1E-D254-4675-810E-39FC065C42C9}" = lport=137 | protocol=17 | dir=in | app=system |
    "{6CB4397F-6313-4147-B692-BB4A8B1A9C8C}" = lport=139 | protocol=6 | dir=in | app=system |
    "{7ECD9E7F-1EB4-4CBE-8638-92308429C6DD}" = rport=137 | protocol=17 | dir=out | app=system |
    "{8A919BBB-D454-49F6-8072-7760AABA5483}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{8B490A9B-59E7-46E5-9D18-FAD410704F23}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{8D44AA42-8B93-4492-B199-D03FC311D05F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{91AE5594-196F-4A96-B5FE-B8B421CEE192}" = lport=445 | protocol=6 | dir=in | app=system |
    "{9B2E0A8E-5714-478B-A9F2-5CD393351731}" = lport=7000 | protocol=6 | dir=in | name=windows easy transfer tcp port |
    "{9B85F604-B944-43B5-AA06-3D82BED74392}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{9F1511AF-A297-4590-AE4C-BDA3FE67EC5A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{9F9C622B-6B02-4473-858D-BE9A8848AA8B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{A1603D5B-1A9D-4C52-94B2-E90DF6FCF14D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{A86DFA9B-DFAB-4ED0-96EE-03EE1C35938A}" = lport=7000 | protocol=17 | dir=in | name=windows easy transfer udp port |
    "{AA2AB350-F684-41AE-B5C7-62A52401FA36}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{AAF9375A-C1AA-4046-A14E-35D448EB38C2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B9C0950E-2D78-49F2-9AAC-5137E9CCC5BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{BA3D7BE2-5357-4BEF-B61C-2AE5F3E4DFC2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{CE2DF8F2-6C84-4C51-BB88-A9ECB9B904C7}" = rport=445 | protocol=6 | dir=out | app=system |
    "{DE9E5293-4B33-4688-B14A-0DE88295F96D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00A0BD9C-9437-4DB1-8372-8991F70E9335}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{05D16DBC-D742-4D63-99D0-A9AD98DE031F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{081FAD9D-737C-4B64-AF5A-BFC2137EFBDA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{0B28626B-F528-494F-A20C-E8EFA0750E91}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
    "{0E4AA37D-1226-442D-816E-3D177FF67FF1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{0F54FF96-689C-4A14-BCAB-FBC17F0F7763}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
    "{1232A9D4-D82C-4CC6-AEB7-14A706E32C36}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{12DE758D-E72F-4C1A-BB23-F761B21B41E4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{12E60739-1E36-42DB-AE76-C7DF726582BC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
    "{13D32D44-B494-4AC2-8D45-9F406D3AAC0B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{13F69D21-C72E-4575-96CA-BBFBB755FB6A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{1699CD66-3B8C-4BE8-A4ED-D1467A2C7A76}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{178FC9B3-FCCC-44F0-8514-380F58B140F9}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
    "{18B77594-6CAD-40FE-9BE3-5D588A6564E3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
    "{1D742C60-29CC-49AD-A84A-0F2F6F044875}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
    "{20412AE9-29F5-4D6B-8D08-2EC092C41B5D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{2092C0ED-E8A5-4654-80A5-E96F522B44B0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{21099525-8465-4E23-96D6-82C868F4523B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{24A01308-0A3B-44A4-83B6-AE6C401F509E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{2661ACDC-4317-4364-A739-2F557CDF12AB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{26E45669-C308-48B0-B1BC-47A0BABD6C4B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
    "{2817ED3E-5CC0-4CF0-BA59-9B436923CF87}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
    "{2960B828-7D19-458D-9BBB-1DF62783202A}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
    "{29740ED2-B910-4B9E-A5DB-7A4BAD3D4071}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{2A6AE64F-90F9-4A56-8471-C13BDFA7B959}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{2A73572B-37D3-4137-8747-101F51866E6B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{2B0CA03B-B8E0-4701-9F4F-9EA93EAFC9FE}" = protocol=17 | dir=in | app=c:\program files\aol 9.5\waol.exe |
    "{2BCC5BBB-D0A8-49C8-B0A9-B988B28BB055}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1266698022\ee\aolsoftware.exe |
    "{2E3EE091-CB58-49CB-9DFF-4574F40DE729}" = protocol=6 | dir=in | app=c:\program files\aol desktop 9.7\waol.exe |
    "{2F4A1EE6-1B02-49D6-9DA9-9C3CB7881A4B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{30D865E2-BF49-4705-9F1D-F7A1358D0520}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{31D9AC0C-2E5A-4505-82FD-2BFF37D4E2AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{32081950-B52C-4BE9-9447-4309F71FCFF3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{32DBFA89-77A9-4FA2-BEE8-D4307F7A9C89}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
    "{359C9C6C-606B-492A-8CCE-9435E634AC38}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{3604AA48-15EA-40D0-9F84-004AEC976994}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{365BAA88-6AD3-4E9E-AE0D-7D06EEBAB4BA}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{369B24C5-500D-4EEC-8765-16EB01B2F447}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{38BEABE6-583E-4DEF-BD7F-89277E6C7093}" = dir=in | app=c:\users\user\appdata\local\viber\viber.exe |
    "{391AB68D-A822-4FCE-9112-2992307DB039}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
    "{39CD2BCA-39C4-43FD-9F9B-6A2F8BC86CD5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
    "{3BD8CF48-7112-425A-8968-F678E96E3A2F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{3CC8C254-17F6-40B8-828F-902B6EF81ACF}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{41328959-79DE-4310-B3D2-09265A2FC70B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{429B6B20-A04E-46FB-8536-00427CE4030C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{45C4B411-884C-48AF-8538-7C72A3F36523}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{46460F27-1388-499C-8349-E5606A305457}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
    "{4724DA79-D995-4942-9FA4-E240630365A9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
    "{47993328-36B2-48E8-85C8-FAABFDEE2348}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
    "{48BCC7F9-B62C-438E-930E-B25A7DACF489}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
    "{48C649AF-7C58-4950-A82A-DE77973EBE50}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{48CA8AB2-81A3-4D3B-8E3B-158676C85674}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
    "{498AD901-AF56-4B60-8D7F-ADCF1DA29C07}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
    "{49D94AA9-1357-4B3D-B6D2-3E1594570741}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{49E89E8D-3A16-415C-9BA0-0303EC11E2AD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{4BD5F7EB-9E0C-4C94-A6C4-F1FC9874DC3D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{4D18CEC1-B980-423E-B67B-0D0CF95E6F1D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{4E6507D4-1F44-44F0-8C1B-3FAE8B6B8606}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
    "{4EF953C3-C29A-446E-876C-3F966C5EA1A1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
    "{5050E0A3-A711-4A92-9EEC-7F842373FB2A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{50BC4F01-82A3-43FB-B10E-482DCC9BE6CB}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
    "{53E0ED05-A90B-4116-B8CE-C1155224321E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
    "{54364B94-D752-4E31-B9C7-45ADE779A506}" = protocol=17 | dir=in | app=c:\program files\aol desktop 9.7b\waol.exe |
    "{554C64D3-9232-4F9C-8FED-2F652C8C61D8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{575CA008-DF98-4EAD-8765-40FCF6152CBA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
    "{5B40875B-5CE8-4DF5-B4D6-693217F40656}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{5B6475AD-857B-4CF6-ABA1-A83429D4C098}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{5E4DCE9D-34D2-4E54-AD9A-3E223F1455F1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{5E8BED58-28D4-464C-A599-FC017D0AE6B9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
    "{6132A42D-CFC4-4E71-98CB-6DCA56282DED}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
    "{61DBF943-0861-4108-A321-000F9C282F70}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{638A2135-CCDC-46E4-A8F3-F6BF6CE60464}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
    "{668B6DDD-FBE5-4FD0-81ED-CFD222406A68}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
    "{67B34FE5-5EC5-4665-A602-739C0CE0318E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{684105AE-9F9A-4E3A-8914-9361A627DDDE}" = protocol=17 | dir=in | app=c:\program files\aol desktop 9.6\aolbrowser\aolbrowser.exe |
    "{693AB14C-9299-4B5C-AD53-097CE593A6FA}" = protocol=6 | dir=in | app=c:\program files\aol desktop 9.6\waol.exe |
    "{696BF22E-6482-4E79-9D24-835BFC04124D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{6A2BE739-09EA-4817-87CB-70C44D7BEC32}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{6B905C54-42E0-4557-A04F-644E129BDC7F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{6D52C4AB-7C75-40EE-98A2-C003858BBA46}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
    "{6D67F07D-ECDC-47E5-B532-5969E36876FC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{6EA71CFA-C221-41CC-B5E6-059BAD5EA59A}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{72C396DB-DE28-4926-B6D6-8606490905C7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{765B417A-1F19-4071-8F65-DD970C2B99DB}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
    "{767D5E4C-EFE8-4797-959B-14BB1A45BCB1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
    "{77FB2F6A-4011-4297-BC64-CD11FE4AFB9C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{788FB235-5D0A-402D-88AD-6143317724A2}" = protocol=17 | dir=in | app=c:\program files\lexmark pro800-pro900 series\lxecfax.exe |
    "{78ABB1FE-4468-4ABD-B5E8-B3E5311E334C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{78DEA4A2-D481-468F-A2DA-DF80DF3C7A68}" = protocol=17 | dir=in | app=c:\program files\aol desktop 9.6\waol.exe |
    "{7902E268-A6FA-460B-ADAE-1CC038DEE02B}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
    "{790F12BB-4201-4961-9E05-F568C6B5BD1D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{79376326-59EF-4777-9E79-39B853DB717C}" = protocol=6 | dir=in | app=c:\program files\aol 9.5\waol.exe |
    "{7F874D3F-CBC1-45B9-9DF8-53005A7938AA}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
    "{80816A64-7EFF-4935-BBD6-A68349262A42}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
    "{827DC6FD-8F4E-4704-9DD4-31903AF7230F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
    "{89AAB219-975E-4A08-8CDB-31272CD3B14B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{8C02447E-13D2-437A-8285-C0E841CC732A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{8D45B5F7-1205-4E76-BE2A-DC9C10C96B5F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
    "{8E7906B9-99C8-4497-9A1D-DF4199D3C33B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
    "{927A5752-56CC-4B05-BC53-FFAFC8871A5A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{92986EE1-08BD-4165-B8A7-02651768A965}" = protocol=17 | dir=in | app=c:\program files\aol desktop 9.7b\aolbrowser.exe |
    "{948E69E8-5D48-41B3-A101-08F377B3270E}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
    "{950E75E8-3A3F-4EB9-ADC6-1487D80486C6}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
    "{9730006A-25EC-4908-8CE7-8A7AAEA79AAC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
    "{98C28740-CBE1-4AAB-A591-76CF198E9F28}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{99EEA402-BCDB-4D7E-B50A-86DD3465DA06}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
    "{9A4431BE-5B70-4F20-BD19-991535632157}" = protocol=6 | dir=in | app=c:\program files\aol desktop 9.7a\aolbrowser\aolbrowser.exe |
    "{9C86FFCE-2051-4B5B-A4DE-7F94BA0FE02B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
    "{9CF4216B-2129-48C4-80E2-DBCF0429AE92}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{A02F6A74-58C3-4235-841F-A3476AE617DA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{A112FB68-0CBA-420F-8BBF-FADBB1D60D9D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
    "{A3D67485-5DC6-40C1-A5F5-E032931BCF27}" = protocol=6 | dir=in | app=c:\program files\lexmark pro800-pro900 series\lxecfax.exe |
    "{A3FE8E0E-3CDB-439F-B868-D77A977BA23A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{A488975B-BC2B-4882-8D15-CEBE4A32816C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{A59BFD65-9C63-4537-A0F6-446EF47220E1}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
    "{A6217771-03FC-4921-8454-31142E85457B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
    "{A7E9E145-B7B9-4C04-9A6D-B7249A37ED0A}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
    "{AAB07191-74CF-48BC-92C4-383A9636AF36}" = protocol=17 | dir=in | app=c:\program files\aol desktop 9.7\waol.exe |
    "{AD3D6475-36A6-495F-9029-A5C4C52CFC79}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
    "{AE73472E-D92D-4F38-AF68-A5B02B578D33}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
    "{AFF616F9-778A-4C54-AA65-829970B1827B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{B0C9E6A9-1B97-46CF-9AA0-F0FD79CCA59D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
    "{B12F8F3E-F6E2-429D-ABC7-4E3566130CF7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{B22EF2E3-E58C-4E01-931F-C39B291187E3}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
    "{B3D1669F-F561-46BF-90DA-1B4648D268EA}" = protocol=17 | dir=in | app=c:\program files\aol desktop 9.7\aolbrowser\aolbrowser.exe |
    "{B3D270D7-A8AB-4E2E-A810-5BB4FE342401}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{B50424F5-D19E-4A15-87AB-14519A3152BF}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
    "{B540B864-23EB-44FD-B1FE-7C693B2E65DB}" = protocol=6 | dir=in | app=c:\program files\aol desktop 9.7\aolbrowser\aolbrowser.exe |
    "{B955C3AA-30D4-4C86-94C5-F9D530230F95}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{BA9CF9FE-F095-4F9B-9144-5E5F5EA78268}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{BAFB430B-3E56-4427-91A3-1EF67E632310}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{BB719B0E-E6EA-4E25-AA8A-37B22D9097B9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
    "{BC1A7DB0-551D-4CA7-8705-E21173ACC2C1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1266698022\ee\aolsoftware.exe |
    "{BC608E14-6C69-4C70-ADD4-D3DF8CFDE18F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{BCCD9CC3-FA23-4809-A9AB-A4759A4344B2}" = protocol=17 | dir=in | app=c:\program files\aol desktop 9.7a\waol.exe |
    "{C052F977-07C6-4F52-8888-3395C6628616}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{C14D2E8E-50D3-417E-B3CE-9FC60273E438}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{C18CC7C0-15C8-411A-A301-152B737A7D51}" = dir=in | app=c:\windows\system32\lxeccoms.exe |
    "{C1AB092C-BFDC-4718-9F3A-E81049743C5C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
    "{C219448B-F816-4BA5-B7A5-94BD7730D4E6}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
    "{C4AD34AA-9218-40ED-9948-B988EC9898E6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{C4B81C5B-FD2C-4BD6-B4A7-B0BD4C191994}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{C5330B84-A361-4EFC-8189-020B7DD77F43}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C560078E-5D98-40FB-B179-8552738B5E93}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{C76471EF-B596-4E55-A53F-7C0EDA4A097E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
    "{C8D4770C-0E04-4BBD-9BC6-60644D8C5E18}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
    "{CA350CDC-20B3-4AC9-8809-EF3A491A34CD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{CB102099-B07C-448B-9D13-A07E6B69476C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
    "{CD5C5D42-B72E-4DF9-9443-80866EF81157}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
    "{CF250DA8-78B1-4B21-A79C-B28CD943C4C2}" = protocol=17 | dir=in | app=c:\program files\aol desktop 9.7a\aolbrowser\aolbrowser.exe |
    "{D041CE3D-0A1D-4F80-B35E-EF3E62EA6109}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{D0872559-56F7-4322-98EE-A3CB81C18AD1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{D1E7FFB2-3879-4D85-9B89-11997A1C4B3D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{D38FEC06-4E3B-4276-BA1B-6F25CE2965BA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
    "{D40BF76E-9CB3-4266-B33C-9CFA4D066D8C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
    "{D4BDDCAE-D423-4917-8A5B-3F0787B98205}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{D4C314DB-C400-4C73-B9B9-F10A738AEEAE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
    "{D68B7C80-6F16-438D-AA12-42CB90E2ECE4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{D7B80980-0B25-41C4-8DFD-3955BD7F2900}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{DAE07373-D342-4451-B504-F44C5D815089}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
    "{DC0B6DF1-08B5-4FC6-B780-71119F46CD01}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{DCECC269-9DD7-4F5E-BE27-8D595144C8A5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{DDFE3973-4864-4431-B566-833DB214678A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
    "{DF1D7496-2A52-462B-8050-871E4B3C4FCE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
    "{DFAA3873-212B-4DCB-8978-88790AE53887}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{E1023648-E25C-4174-BBD5-2D739353EEE3}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
    "{E16B2E80-5E46-4E89-ADF2-FF94228095E2}" = protocol=6 | dir=in | app=c:\program files\aol desktop 9.7a\waol.exe |
    "{E1B5B2E2-D779-4774-8212-F0B9FD67012A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
    "{E21F7C62-1C81-43BF-B347-3C1B2DCAC78E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{E255A5A4-9E20-4E08-BEA9-E35D57C246B1}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{E41CDC9F-B5E0-4210-BAFC-279317DBF463}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
    "{E5014A51-A937-491E-A83C-D0033895581D}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
    "{EE420AEB-B804-4F2A-8463-177385AC133E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{EEE4CF23-2F19-40DF-B2F7-5DED147E0D1B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
    "{EF09FA09-5121-4C4E-AA99-30BB6264722B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{EF576D6E-2021-44F5-9BE7-FFFD630514E1}" = dir=in | app=c:\users\user\appdata\local\microsoft\skydrive\skydrive.exe |
    "{EF705E9C-3616-43D1-B97B-91723974EEBA}" = protocol=6 | dir=in | app=c:\program files\aol desktop 9.7b\aolbrowser.exe |
    "{F0E4B4F3-2F9D-4128-B4DE-CB1AF1C0006E}" = protocol=6 | dir=in | app=c:\program files\aol desktop 9.7b\waol.exe |
    "{F15A8A7B-A22C-46E5-A48E-4EC9C67AAE07}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{F16BD768-E67B-4E4C-951A-491A0B16C579}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{F2C33638-38A7-4883-BF87-1344BF699156}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{F4BF62E6-C03C-4420-A3EE-EC192EA8EE7B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
    "{F5413469-ECC7-4437-8364-E5788356BA5C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{F68A0806-A139-497F-9550-110F289A87CE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{F835E6C8-8BD7-4DC5-BDFB-7A8D51D2F229}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{F9464108-3C08-4CDA-A501-9091333F428A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{F99361D1-F8E2-4BF3-9FEE-0A0054E0AD90}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
    "{FA5779F1-CB0B-458B-80EC-B0FC8E79055B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{FACBAB40-4C10-4612-B297-98921862A495}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
    "{FB1936A2-ADC2-4EDC-AB37-D96C9849AF86}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
    "{FB79E5FB-2F00-45A2-AC70-CCCF8715D50A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
    "{FE153329-FCC5-4E44-B1BE-9A0477DB97B1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
    "{FFCA341F-D5CC-4CA7-9AEA-D842A717B9EC}" = protocol=6 | dir=in | app=c:\program files\aol desktop 9.6\aolbrowser\aolbrowser.exe |
    "TCP Query User{2AF06436-0FBF-469F-A9E6-615AD83C6D76}C:\users\user\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\mjusbsp\magicjack.exe |
    "TCP Query User{6A232E81-C6C7-4512-A29D-F801BE96EFBE}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "TCP Query User{E74ECBF7-59CF-4FEC-AF1C-B74CB2738E4E}C:\program files\cain\cain.exe" = protocol=6 | dir=in | app=c:\program files\cain\cain.exe |
    "TCP Query User{F4230E65-3411-4200-93D5-68C404CADA86}C:\program files\bitpim\bitpimw.exe" = protocol=6 | dir=in | app=c:\program files\bitpim\bitpimw.exe |
    "UDP Query User{141E86EA-0753-47EF-A318-D9AE22725A56}C:\program files\cain\cain.exe" = protocol=17 | dir=in | app=c:\program files\cain\cain.exe |
    "UDP Query User{1EBF1344-0059-429E-95B4-1F8C3E76AAD4}C:\users\user\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\mjusbsp\magicjack.exe |
    "UDP Query User{83B0CBF8-6013-4868-8E14-C2CD1336B694}C:\program files\bitpim\bitpimw.exe" = protocol=17 | dir=in | app=c:\program files\bitpim\bitpimw.exe |
    "UDP Query User{F4AB6229-54C8-428E-A9AA-6042E0C2F7DB}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01748EE1-FD8D-4708-B0D2-65709A2DE0BD}" = Garmin Express
    "{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package
    "{0B17B1DA-76AB-4D07-B8E8-FD6061E6BCA5}" = Garmin Express Tray
    "{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
    "{0E202730-41DE-479B-9AE3-63EE685766C4}" = SlimCleaner
    "{0E837AF0-4C92-4077-83F0-D022073F17C0}" = Microsoft Expression Blend 3 SDK
    "{188CEE76-0503-4910-A845-E1DC45685DA0}" = RangeBooster G WUA-2340
    "{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{280C9F2B-45ED-493B-B406-31C1434CAF7C}" = Survey Link Extension
    "{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{44F7BA74-C11A-49FC-B2FC-1B827C491F74}" = Microsoft Expression Studio 3
    "{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
    "{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
    "{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
    "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
    "{5783F2D6-7028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2009
    "{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit June 2009 (Version 3.5.40619.1)
    "{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4
    "{65BCF909-6AF7-4B01-8EB3-713CE2873DC8}" = Microsoft Expression Web 3
    "{6B6B527F-72AC-426D-821F-39E261CC6297}" = Garmin Update Service
    "{6B6EF732-A621-4BAB-A695-CEF6C76B46F2}" = Ettercap
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
    "{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype 6.16
    "{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
    "{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_XWeb_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_XWeb_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_XWeb_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0045-0000-0000-0000000FF1CE}" = Microsoft Expression Web 2
    "{90120000-0045-0409-0000-0000000FF1CE}" = Microsoft Expression Web 2 MUI (English)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_XWeb_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_XWeb_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{97F4D62E-5AEB-4649-BABF-4712C6EF6845}" = DeductionPro 2009
    "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
    "{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D5CBE17-8414-431E-A335-5DEE0F4C90D4}" = CDBurnerXP
    "{9FE75E68-96A2-48F3-90AB-34E6B8C9989D}" = Microsoft Mouse and Keyboard Center
    "{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
    "{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{A9BEEB55-3E49-43BD-87E6-F1632C0E2BA6}" = Microsoft Expression Studio 2
    "{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.10)
    "{B015973E-A65D-48D3-83C2-BF9723705AB1}" = Splunk
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 335.23
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 335.23
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 335.23
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 10.4.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B78FB576-8BB4-4799-B612-A02B74BA0DF0}" = AVG 2014
    "{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
    "{bd9bc494-8cd2-4ae2-92fe-6a3dda9c3ee9}" = Garmin Express
    "{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec
    "{C31719FC-309E-4529-A78C-DC6FAEC12CC2}" = iSpy
    "{C330C4F4-FD7C-4821-A210-F8058E1FB81C}" = AVG 2014
    "{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Reports 2008 Runtime SP1
    "{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}" = Microsoft Streets & Trips 2010
    "{C82185E8-C27B-4EF4-2011-4444BC2C2B6D}" = Microsoft Streets & Trips 2011
    "{CB8CA439-DA83-419C-A4CF-5A0A50025144}" = Windows Mobile Device Center Driver Update
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{CFEFC45E-86A0-4970-B14F-C273CA021B10}_is1" = MiniPlayer version 1.5
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
    "{D785E51B-6BE3-4747-A77E-EF28081FFEAD}" = Elevated Installer
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
    "{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
    "{ED79C920-2FF2-4742-AF32-B58BE68B0FA6}" = VS 2008 CRT Package
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FF14C187-9EB3-41F9-862F-2620EF5E5898}_is1" = QS Multi DVR View
    "{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
    "AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
    "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
    "AVG" = AVG 2014
    "AVIGenerator V1.0.0.0_is1" = AVIGenerator V1.0.0.0
    "Cain & Abel 4.9.46" = Cain & Abel 4.9.46
    "CCleaner" = CCleaner
    "D9-Viewer" = D9-Viewer 1.2.7.232
    "DVRServer.Application_is1" = SecurView Pro 2.1.4
    "DWG TrueView 2009" = DWG TrueView 2009
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Ettercap 0.7.4" = Ettercap-0.7.4
    "ExpressionStudio_2.0.133.0" = Microsoft Expression Studio 2
    "ExpressionStudio_3.0.1061.0" = Microsoft Expression Studio 3
    "ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4
    "ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
    "FileZilla Client" = FileZilla Client 3.5.3
    "H264" = H264 Video Codec
    "HaaliMkx" = Haali Media Splitter
    "ieSpell" = ieSpell
    "InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
    "IOGEAR Auto Printer Sharing Switch_is1" = IOGEAR Auto Printer Sharing Switch 2.0
    "KeePassPasswordSafe2_is1" = KeePass Password Safe 2.16
    "Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
    "Logitech Unifying" = Logitech Unifying Software 2.10
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
    "Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
    "Microsoft Security Client" = Microsoft Security Essentials
    "Morgan Multimedia Motion JPEG Codec_is1" = Morgan Multimedia Motion JPEG Codec 3.0.0.9
    "Network Print Monitor" = Network Print Monitor for Windows
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Pdf995" = Pdf995 (installed by H&R Block)
    "PdfEdit995" = PdfEdit995 (installed by H&R Block)
    "Playback_is1" = Playback 2.3.0.4
    "USBKVM Switcher_is1" = USBKVM Switcher 2.27
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "VLC media player" = VLC media player 2.1.3
    "Web_3.0.3813.0" = Microsoft Expression Web 3
    "Web_4.0.1303.0" = Microsoft Expression Web 4
    "WebClient" = WebClient
    "WinGimp-2.0_is1" = GIMP 2.6.11
    "WinPcapInst" = WinPcap 4.1.3
    "Wireshark" = Wireshark 1.8.6 (32-bit)
    "XWeb" = Microsoft Expression Web 2
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2178227108-149082570-3650749505-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "magicJack" = magicJack
    "OneDriveSetup.exe" = Microsoft OneDrive
    "Viber" = Viber
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/9/2014 9:16:59 PM | Computer Name = compaq | Source = Windows Search Service | ID = 7040
    Description =

    Error - 7/9/2014 9:17:00 PM | Computer Name = compaq | Source = Windows Search Service | ID = 7042
    Description =

    Error - 7/9/2014 9:17:00 PM | Computer Name = compaq | Source = Windows Search Service | ID = 9002
    Description =

    Error - 7/9/2014 9:17:00 PM | Computer Name = compaq | Source = Windows Search Service | ID = 3029
    Description =

    Error - 7/9/2014 9:17:23 PM | Computer Name = compaq | Source = Windows Search Service | ID = 3029
    Description =

    Error - 7/9/2014 9:17:23 PM | Computer Name = compaq | Source = Windows Search Service | ID = 3028
    Description =

    Error - 7/9/2014 9:17:23 PM | Computer Name = compaq | Source = Windows Search Service | ID = 3058
    Description =

    Error - 7/9/2014 9:17:23 PM | Computer Name = compaq | Source = Windows Search Service | ID = 7010
    Description =

    Error - 7/10/2014 12:54:42 AM | Computer Name = compaq | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 10.0.9200.17028 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: a18 Start
    Time: 01cf9bfafded8e93 Termination Time: 212 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id: 4524b39b-07ee-11e4-bf03-00038a000015

    Error - 7/11/2014 1:03:57 PM | Computer Name = compaq | Source = Application Hang | ID = 1002
    Description = The program HijackThis.exe version 2.0.0.5 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1410 Start
    Time: 01cf9d29fba81229 Termination Time: 31 Application Path: C:\Users\user\Downloads\HijackThis.exe

    Report
    Id: 54ad08a5-091d-11e4-a08f-00038a000015

    [ Media Center Events ]
    Error - 5/6/2010 9:20:59 AM | Computer Name = compaq | Source = MCUpdate | ID = 0
    Description = 9:20:59 AM - Failed to retrieve MCESpotlight (Error: The request failed
    with HTTP status 503: Service Unavailable.)

    Error - 5/6/2010 9:21:14 AM | Computer Name = compaq | Source = MCUpdate | ID = 0
    Description = 9:21:14 AM - Failed to retrieve SportsV2 (Error: The request failed
    with HTTP status 503: Service Unavailable.)

    Error - 5/6/2010 9:21:17 AM | Computer Name = compaq | Source = MCUpdate | ID = 0
    Description = 9:21:17 AM - Failed to retrieve Broadband (Error: Invalid security
    token.)

    [ System Events ]
    Error - 7/13/2014 5:18:10 PM | Computer Name = compaq | Source = DCOM | ID = 10016
    Description =

    Error - 7/13/2014 6:41:09 PM | Computer Name = compaq | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Garmin
    Core Update Service service to connect.

    Error - 7/13/2014 6:41:09 PM | Computer Name = compaq | Source = Service Control Manager | ID = 7000
    Description = The Garmin Core Update Service service failed to start due to the
    following error: %%1053

    Error - 7/13/2014 6:41:11 PM | Computer Name = compaq | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the lxecCATSCustConnectService
    service to connect.

    Error - 7/13/2014 6:41:11 PM | Computer Name = compaq | Source = Service Control Manager | ID = 7000
    Description = The lxecCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 7/13/2014 6:42:35 PM | Computer Name = compaq | Source = DCOM | ID = 10016
    Description =

    Error - 7/13/2014 11:40:50 PM | Computer Name = compaq | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the lxecCATSCustConnectService
    service to connect.

    Error - 7/13/2014 11:40:50 PM | Computer Name = compaq | Source = Service Control Manager | ID = 7000
    Description = The lxecCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 7/13/2014 11:42:06 PM | Computer Name = compaq | Source = DCOM | ID = 10016
    Description =

    Error - 7/13/2014 11:42:23 PM | Computer Name = compaq | Source = WMPNetworkSvc | ID = 866300
    Description =


    < End of report >

  5. #5
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    I'd get rid of AVG.

    Uninstall from the programs an Features list, The go Here and run the 32Bit AVG2014 removal link, fist one listed.

    Next

    Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the Report button and the report will open in Notepad.
    • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
    • Click on the Clean button follow the prompts.[/*]
    • A log file will automatically open after the scan has finished and the PC has rebooted.
    • Please post the content of that log file with your next answer.
    • You can find the log file at C:\AdwCleaner


    In your next reply post:
    1-AdwCleaner.txt Log

  6. #6
    Member
    Join Date
    Mar 2007
    Location
    Butler, PA
    Posts
    102
    Points
    0

    Default

    OK, took AVG off and ran the removal link. Downloaded AdwCleaner and ran it. Log attached here.

    # AdwCleaner v3.215 - Report created 14/07/2014 at 08:02:11
    # Updated 09/07/2014 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (32 bits)
    # Username : user - COMPAQ
    # Running from : C:\Users\user\Desktop\adwcleaner_3.215.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\Viewpoint
    Folder Deleted : C:\Program Files\Viewpoint
    Folder Deleted : C:\users\user\AppData\Local\PackageAware
    Folder Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c75guc3d.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c75guc3d.default\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
    Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_samsung-new-pc-studio_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_samsung-new-pc-studio_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-mobile-device-center_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-mobile-device-center_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Key Deleted : HKCU\Software\Imesh
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKLM\Software\MetaStream
    Key Deleted : HKLM\Software\Viewpoint
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.17028


    -\\ Mozilla Firefox v

    *************************

    AdwCleaner[R0].txt - [5464 octets] - [14/07/2014 08:00:31]
    AdwCleaner[S0].txt - [5513 octets] - [14/07/2014 08:02:11]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5573 octets] ##########

  7. #7
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello tenny,

    Next

    Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts. See Here on how to do that.
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    Next

    We need to do a fix to delete some files using OTL

    • Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following


      Code:
      :COMMANDS
      [CREATERESTOREPOINT]
      
      :OTL
      
      O3 - HKU\S-1-5-21-2178227108-149082570-3650749505-1002\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
      O4 - HKLM..\Run: [NPSStartup] File not found
      O13 - gopher Prefix: missing
      O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
      O33 - MountPoints2\{35878999-7ee7-11e2-9131-00038a000015}\Shell\AutoRun\command - "" = F:\MotoCastSetup.exe -a
      O33 - MountPoints2\{4bce79bc-214f-11e1-92fc-00038a000015}\Shell - "" = AutoRun
      O33 - MountPoints2\{4bce79bc-214f-11e1-92fc-00038a000015}\Shell\AutoRun\command - "" = F:\StormF1.exe
      O33 - MountPoints2\{83630f61-95ac-11df-b755-00038a000015}\Shell - "" = AutoRun
      O33 - MountPoints2\{83630f61-95ac-11df-b755-00038a000015}\Shell\AutoRun\command - "" = F:\StormF1.exe
      O33 - MountPoints2\{c67b78fe-e482-11e1-a58e-00038a000015}\Shell - "" = AutoRun
      O33 - MountPoints2\{c67b78fe-e482-11e1-a58e-00038a000015}\Shell\AutoRun\command - "" = F:\TLBootstrap_WPP.exe
      O33 - MountPoints2\{e5b84bac-43d3-11df-965d-00038a000015}\Shell - "" = AutoRun
      O33 - MountPoints2\{e5b84bac-43d3-11df-965d-00038a000015}\Shell\AutoRun\command - "" = J:\LaunchU3.exe
      O33 - MountPoints2\F\Shell - "" = AutoRun
      O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\MotoCastSetup.exe -a
      [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
      [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
      @Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:F35A93AD
      @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
      
      
      :Files
      
      ipconfig /flushdns /c
      
      :Commands
      
      [emptytemp]
      [resethosts]
    • Make sure all other windows are closed.
    • Click the Run Fix button at the top
    • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
    • Post the log that is found in C:\_OTL\Moved Files in your next reply.
    • Open OTL again and click the Quick Scan button.



    Your next reply should include:

    1-The OTL Fix log, it pops up in from of you after fix is done, if not it's also located here->C:\_OTL\Moved Files
    2-The new OTL After quick scan
    3-The JRT.txt log

    Thanks
    Joe
    Last edited by zep516; 07-14-2014 at 05:41 PM.

  8. #8
    Member
    Join Date
    Mar 2007
    Location
    Butler, PA
    Posts
    102
    Points
    0

    Default

    Hi Joe, where are you in da burgh? I am south of Butler.


    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-2178227108-149082570-3650749505-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ not found.
    File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35878999-7ee7-11e2-9131-00038a000015}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35878999-7ee7-11e2-9131-00038a000015}\ not found.
    File F:\MotoCastSetup.exe -a not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4bce79bc-214f-11e1-92fc-00038a000015}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4bce79bc-214f-11e1-92fc-00038a000015}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4bce79bc-214f-11e1-92fc-00038a000015}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4bce79bc-214f-11e1-92fc-00038a000015}\ not found.
    File F:\StormF1.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83630f61-95ac-11df-b755-00038a000015}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83630f61-95ac-11df-b755-00038a000015}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83630f61-95ac-11df-b755-00038a000015}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83630f61-95ac-11df-b755-00038a000015}\ not found.
    File F:\StormF1.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c67b78fe-e482-11e1-a58e-00038a000015}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c67b78fe-e482-11e1-a58e-00038a000015}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c67b78fe-e482-11e1-a58e-00038a000015}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c67b78fe-e482-11e1-a58e-00038a000015}\ not found.
    File F:\TLBootstrap_WPP.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b84bac-43d3-11df-965d-00038a000015}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5b84bac-43d3-11df-965d-00038a000015}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5b84bac-43d3-11df-965d-00038a000015}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5b84bac-43d3-11df-965d-00038a000015}\ not found.
    File J:\LaunchU3.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
    File F:\MotoCastSetup.exe -a not found.
    C:\ProgramData\SPL1B14.tmp deleted successfully.
    ADS C:\ProgramData\TEMP:F35A93AD deleted successfully.
    ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\user\Downloads\cmd.bat deleted successfully.
    C:\Users\user\Downloads\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: TEMP
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32768 bytes
    ->Flash cache emptied: 2843 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: user
    ->Temp folder emptied: 2363051 bytes
    ->Temporary Internet Files folder emptied: 128 bytes
    ->Java cache emptied: 39695 bytes
    ->FireFox cache emptied: 11547420 bytes
    ->Flash cache emptied: 57028 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4132315 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 17.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.69.0 log created on 07162014_003032

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


    OTL logfile created on: 7/16/2014 12:40:29 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.17028)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.50 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 59.57% Memory free
    5.00 Gb Paging File | 3.76 Gb Available in Paging File | 75.22% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 178.99 Gb Total Space | 99.33 Gb Free Space | 55.49% Space Free | Partition Type: NTFS
    Drive D: | 7.29 Gb Total Space | 0.35 Gb Free Space | 4.84% Space Free | Partition Type: FAT32

    Computer Name: COMPAQ | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/07/13 23:45:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
    PRC - [2014/07/10 09:11:27 | 000,851,632 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe
    PRC - [2014/05/25 22:01:05 | 000,257,224 | ---- | M] (Microsoft Corporation) -- C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
    PRC - [2014/03/20 23:03:18 | 001,797,064 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
    PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2014/03/04 08:34:44 | 001,821,128 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    PRC - [2014/03/04 08:34:44 | 000,943,048 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    PRC - [2014/03/04 07:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2014/02/06 18:09:56 | 000,046,184 | R--- | M] (AOL Inc.) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
    PRC - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/10/27 10:12:58 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2013/10/10 18:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2013/09/07 13:20:56 | 000,071,224 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.7a\waol.exe
    PRC - [2013/09/07 13:20:48 | 000,045,624 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.7a\shellmon.exe
    PRC - [2013/08/01 20:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2013/07/22 10:22:30 | 001,093,464 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Express Tray\ExpressTray.exe
    PRC - [2013/07/22 10:22:08 | 000,219,480 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    PRC - [2013/05/13 15:33:02 | 001,693,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    PRC - [2013/05/13 15:33:02 | 001,113,296 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    PRC - [2013/04/27 21:05:12 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
    PRC - [2013/02/20 23:03:31 | 000,067,104 | ---- | M] (ArcSoft, Inc.) -- C:\Users\user\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
    PRC - [2013/02/20 23:03:30 | 000,555,040 | ---- | M] (ArcSoft, Inc.) -- C:\Users\user\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
    PRC - [2013/01/31 20:21:24 | 000,019,224 | R--- | M] () -- C:\Program Files\Splunk\bin\splunkweb.exe
    PRC - [2013/01/31 20:20:00 | 015,349,528 | R--- | M] (Splunk Inc.) -- C:\Program Files\Splunk\bin\splunkd.exe
    PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2012/08/29 14:01:16 | 000,095,744 | ---- | M] (j2 Global Communications, Inc.) -- C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
    PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    PRC - [2010/04/14 16:08:12 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeccoms.exe
    PRC - [2010/03/08 03:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\aol\1266698022\ee\aolsoftware.exe
    PRC - [2010/03/05 14:37:40 | 000,867,328 | ---- | M] () -- C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe
    PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/10/02 11:24:58 | 000,188,416 | ---- | M] () -- C:\Program Files\USBKVM Switcher\USBKVM.exe
    PRC - [2008/09/23 23:45:00 | 001,667,072 | ---- | M] (D-Link) -- C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
    PRC - [2007/01/19 12:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/02/12 23:26:03 | 001,091,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\0bedc417d3c5dcb1c9a5f15dd733c556\System.ServiceModel.Web.ni.dll
    MOD - [2014/02/12 23:25:06 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll
    MOD - [2014/02/12 22:49:17 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll
    MOD - [2014/02/12 22:49:08 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
    MOD - [2014/02/12 22:48:41 | 000,399,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll
    MOD - [2014/02/12 21:56:45 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
    MOD - [2014/02/12 21:56:05 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
    MOD - [2014/02/12 21:55:55 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
    MOD - [2014/02/12 21:55:53 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
    MOD - [2014/02/12 21:55:53 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
    MOD - [2014/02/12 21:55:51 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
    MOD - [2014/02/12 21:55:43 | 000,291,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatiod51afaa5#\edec2d7b3ecaabfc5c72d7615d884f79\PresentationFramework.classic.ni.dll
    MOD - [2014/02/12 21:55:41 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
    MOD - [2014/02/12 21:55:23 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
    MOD - [2014/02/12 21:55:12 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
    MOD - [2014/02/12 21:55:00 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
    MOD - [2014/02/12 21:54:53 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
    MOD - [2014/02/12 21:54:50 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
    MOD - [2014/02/12 21:54:42 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
    MOD - [2014/02/12 21:54:32 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
    MOD - [2013/09/07 13:20:57 | 000,048,640 | ---- | M] () -- C:\Program Files\AOL Desktop 9.7a\zlib.dll
    MOD - [2013/09/07 13:19:37 | 021,117,440 | ---- | M] () -- C:\Program Files\AOL Desktop 9.7a\libcef.dll
    MOD - [2013/09/07 13:19:35 | 000,648,704 | ---- | M] () -- C:\Program Files\AOL Desktop 9.7a\libGLESv2.dll
    MOD - [2013/09/07 13:19:35 | 000,122,880 | ---- | M] () -- C:\Program Files\AOL Desktop 9.7a\libEGL.dll
    MOD - [2010/03/05 14:37:40 | 000,867,328 | ---- | M] () -- C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe
    MOD - [2008/10/02 11:24:58 | 000,188,416 | ---- | M] () -- C:\Program Files\USBKVM Switcher\USBKVM.exe
    MOD - [2008/09/11 12:48:38 | 000,262,144 | ---- | M] () -- C:\Windows\System32\wlanapp.dll
    MOD - [2007/07/17 17:26:18 | 000,086,016 | ---- | M] () -- C:\Program Files\USBKVM Switcher\KeyHook.dll


    ========== Services (SafeList) ==========

    SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2014/03/04 07:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2014/02/06 18:09:56 | 000,046,184 | R--- | M] (AOL Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)
    SRV - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/10/27 10:12:58 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/10/10 18:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2013/07/22 10:22:08 | 000,219,480 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
    SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/02/28 21:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
    SRV - [2013/02/20 23:03:31 | 000,067,104 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\user\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
    SRV - [2013/01/31 20:21:24 | 000,019,224 | R--- | M] () [Auto | Running] -- C:\Program Files\Splunk\bin\splunkweb.exe -- (Splunkweb)
    SRV - [2013/01/31 20:20:00 | 015,349,528 | R--- | M] (Splunk Inc.) [Auto | Running] -- C:\Program Files\Splunk\bin\splunkd.exe -- (Splunkd)
    SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
    SRV - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
    SRV - [2010/05/04 23:53:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/04/14 16:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeccoms.exe -- (lxec_device)
    SRV - [2010/04/14 16:08:05 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe -- (lxecCATSCustConnectService)
    SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/05/19 04:36:40 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\D-Link\RangeBooster G WUA-2340\JSWUtilVst\jswpsapi.exe -- (jswpsapi)
    SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


    ========== Driver Services (SafeList) ==========

    DRV - [2014/03/20 23:03:40 | 010,523,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2014/03/19 15:27:42 | 000,065,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
    DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2014/01/22 09:52:12 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(데브구루 | 데브구루에 오*것을 환영합니다.)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
    DRV - [2014/01/22 09:52:12 | 000,088,576 | ---- | M] (DEVGURU Co., LTD.(데브구루 | 데브구루에 오*것을 환영합니다.)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
    DRV - [2013/10/01 20:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2013/02/28 21:48:42 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
    DRV - [2013/01/31 20:19:58 | 000,031,096 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\splunkdrv-win6.sys -- (splunkdrv-win6)
    DRV - [2012/08/23 10:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV - [2012/01/18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
    DRV - [2012/01/18 06:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
    DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/12/13 14:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2010/01/21 01:59:58 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2010/01/21 01:59:56 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2010/01/21 01:59:56 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2009/10/07 08:46:14 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
    DRV - [2009/07/31 01:12:54 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
    DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
    DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
    DRV - [2009/06/22 23:34:38 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
    DRV - [2008/08/07 03:09:32 | 000,905,728 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGUx86.sys -- (A5AGU)
    DRV - [2008/05/15 04:28:44 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
    DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 2D 07 83 9F A0 CA 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {2BE51A2D-CC39-4B72-BFCB-11FC0BB213F0}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKCU\..\SearchScopes\{2BE51A2D-CC39-4B72-BFCB-11FC0BB213F0}: "URL" = https://www.google.com/search?q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
    FF - HKLM\Software\MozillaPlugins\@EDVR/WebClient: C:\windows\system32\WebClient\npwebclient.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\user\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)


    [2012/02/12 10:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
    [2014/07/14 08:02:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c75guc3d.default\extensions

    O1 HOSTS File: ([2014/07/16 00:32:05 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
    O4 - HKLM..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe (D-Link)
    O4 - HKLM..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
    O4 - HKLM..\Run: [IOGEAR Auto Printer Sharing Switch] C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe ()
    O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.7a\AOL.EXE (AOL Inc.)
    O4 - HKCU..\Run: [cdloader] C:\Users\user\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
    O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
    O4 - HKCU..\Run: [SkyDrive] C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk = C:\Users\user\AppData\Roaming\HP SimpleSave Application\StartHelper.exe (ArcSoft, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
    O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
    O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} http://192.168.0.114/aplugLite.cab (Gif89 Lite +Audio Class)
    O16 - DPF: {9AA03FEC-6582-48B1-BC62-821D4A7B9461} http://10.24.183.144:85/N9DvrOcx.cab?V1111 (RMN9_DVR Control)
    O16 - DPF: {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} http://10.24.183.114:85/WebClient.exe (WebClient Control)
    O16 - DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} http://javadl-esd.oracle.com/update/...ndows-i586.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A33130C3-FA18-48CC-9751-499614A9A8E5}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (/sync /restart)
    O34 - HKLM BootExecute: (/sync /restart)
    O34 - HKLM BootExecute: (/sync /restart)
    O34 - HKLM BootExecute: (/sync /restart)
    O34 - HKLM BootExecute: (/sync /restart)
    O34 - HKLM BootExecute: (/sync /restart)
    O34 - HKLM BootExecute: (/sync /restart)
    O34 - HKLM BootExecute: (/sync /restart)
    O34 - HKLM BootExecute: (/sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/07/16 00:30:32 | 000,000,000 | ---D | C] -- C:\_OTL
    [2014/07/16 00:22:34 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/07/16 00:21:33 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\user\Desktop\JRT.exe
    [2014/07/14 08:00:24 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/07/11 07:30:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com
    [2014/07/11 07:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2014/07/11 07:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2014/07/11 07:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2014/07/10 23:04:34 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\trailer
    [2014/07/10 22:58:29 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Tractor
    [2014/06/30 10:55:44 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/06/30 10:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/06/30 10:55:12 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
    [2014/06/30 10:55:12 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
    [2014/06/26 09:19:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Adobe
    [2014/06/25 08:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Desktop 9.7b
    [2014/06/22 10:59:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
    [2014/06/22 10:58:41 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\SelfMV
    [2014/06/22 10:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
    [2014/06/22 10:57:49 | 000,144,664 | ---- | C] (MAPILab Ltd. & Add-in Express Ltd.) -- C:\Windows\System32\secman.dll

    ========== Files - Modified Within 30 Days ==========

    [2014/07/16 00:41:12 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/07/16 00:41:12 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/07/16 00:33:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/07/16 00:33:03 | 2012,127,232 | -HS- | M] () -- C:\hiberfil.sys
    [2014/07/16 00:32:05 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2014/07/16 00:21:33 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\user\Desktop\JRT.exe
    [2014/07/14 07:59:23 | 001,348,263 | ---- | M] () -- C:\Users\user\Desktop\adwcleaner_3.215.exe
    [2014/07/12 13:36:39 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    [2014/07/11 07:30:05 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2014/07/09 17:06:07 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2014/07/09 08:06:31 | 000,493,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2014/07/08 06:23:24 | 000,450,712 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140710-161047.backup
    [2014/07/02 15:13:49 | 000,666,330 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2014/07/02 15:13:49 | 000,123,712 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2014/07/02 14:53:57 | 000,026,823 | ---- | M] () -- C:\Users\user\Desktop\ATT00008.mid
    [2014/06/30 10:55:30 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/06/25 08:44:33 | 000,001,090 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.7.lnk
    [2014/06/25 08:44:32 | 000,001,004 | ---- | M] () -- C:\Users\Public\Desktop\AOL Desktop 9.7.lnk
    [2014/06/23 05:27:20 | 002,943,789 | ---- | M] () -- C:\Users\user\Desktop\SANY0001.jpg
    [2014/06/23 05:21:57 | 003,190,986 | ---- | M] () -- C:\Users\user\Desktop\SANY0130.jpg
    [2014/06/22 10:58:13 | 000,001,939 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies 3.lnk
    [2014/06/22 10:58:13 | 000,001,915 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies 3.lnk

    ========== Files Created - No Company Name ==========

    [2014/07/14 07:59:23 | 001,348,263 | ---- | C] () -- C:\Users\user\Desktop\adwcleaner_3.215.exe
    [2014/07/11 07:30:05 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2014/07/02 14:53:56 | 000,026,823 | ---- | C] () -- C:\Users\user\Desktop\ATT00008.mid
    [2014/06/30 10:55:30 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/06/23 05:27:15 | 002,943,789 | ---- | C] () -- C:\Users\user\Desktop\SANY0001.jpg
    [2014/06/23 05:21:51 | 003,190,986 | ---- | C] () -- C:\Users\user\Desktop\SANY0130.jpg
    [2014/06/22 10:58:13 | 000,001,939 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies 3.lnk
    [2014/06/22 10:58:13 | 000,001,915 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies 3.lnk
    [2014/05/10 13:38:52 | 000,000,880 | ---- | C] () -- C:\Windows\m3jpeg.ini
    [2014/05/10 13:37:34 | 002,274,816 | ---- | C] () -- C:\Windows\System32\avcodec-dvrcodecsf-53.dll
    [2014/05/10 13:37:34 | 000,244,224 | ---- | C] () -- C:\Windows\System32\swscale-dvrcodecsf-2.dll
    [2014/05/10 13:37:34 | 000,135,680 | ---- | C] () -- C:\Windows\System32\avutil-dvrcodecsf-51.dll
    [2013/10/29 14:09:42 | 000,000,218 | ---- | C] () -- C:\Users\user\AppData\Local\recently-used.xbel
    [2013/05/02 17:05:28 | 000,030,136 | ---- | C] () -- C:\Users\user\http
    [2013/02/28 21:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
    [2013/01/20 20:50:30 | 000,262,144 | ---- | C] () -- C:\Windows\System32\wlanapp.dll
    [2013/01/20 20:50:29 | 000,049,152 | ---- | C] () -- C:\Windows\System32\JJAKEn.dll
    [2012/12/28 21:13:23 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxecvs.dll
    [2012/12/28 21:13:21 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeccoin.dll
    [2012/12/28 21:13:16 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxecgcfg.dll
    [2012/12/28 21:13:15 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeccui.dll
    [2012/12/28 21:13:15 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeccuir.dll
    [2012/12/28 21:11:45 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxecserv.dll
    [2012/12/28 21:11:45 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxecusb1.dll
    [2012/12/28 21:11:45 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxecpmui.dll
    [2012/12/28 21:11:45 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxecinpa.dll
    [2012/12/28 21:11:45 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEChcp.dll
    [2012/12/28 21:11:45 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeciesc.dll
    [2012/12/28 21:11:45 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXECinst.dll
    [2012/12/28 21:11:44 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeccomc.dll
    [2012/12/28 21:11:44 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxechbn3.dll
    [2012/12/28 21:11:44 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeccoms.exe
    [2012/12/28 21:11:44 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeclmpm.dll
    [2012/12/28 21:11:44 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeccomm.dll
    [2012/12/28 21:11:44 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxecih.exe
    [2012/12/28 21:11:44 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxecins.dll
    [2012/12/28 21:11:44 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxecinsb.dll
    [2012/12/28 21:11:44 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeccu.dll
    [2012/12/28 21:11:44 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxecgrd.dll
    [2012/12/28 21:11:44 | 000,106,496 | ---- | C] () -- C:\Windows\System32\lxecinsr.dll
    [2012/12/28 21:11:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeccub.dll
    [2012/12/28 21:11:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxecjswr.dll
    [2012/12/28 21:11:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeccur.dll
    [2012/12/28 21:11:43 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeccfg.exe
    [2012/08/28 22:46:50 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2012/08/28 19:32:07 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
    [2012/08/28 19:32:07 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
    [2012/07/30 14:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
    [2012/07/30 14:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
    [2012/07/30 14:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
    [2012/07/30 14:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
    [2012/07/28 18:05:16 | 000,000,054 | ---- | C] () -- C:\Windows\System32\set.ini
    [2011/10/01 21:53:45 | 000,000,187 | ---- | C] () -- C:\ProgramData\RmUserCfg.ini
    [2011/10/01 21:53:45 | 000,000,039 | ---- | C] () -- C:\ProgramData\IpAndPort.fig
    [2010/03/28 21:51:10 | 000,002,395 | ---- | C] () -- C:\Users\user\AppData\Roaming\SAS7_000.DAT

    ========== ZeroAccess Check ==========

    [2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2011/08/12 23:29:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Auslogics
    [2011/11/26 16:49:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Autodesk
    [2011/11/29 15:20:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG
    [2013/12/21 20:06:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BitTorrent
    [2013/09/24 15:11:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canneverbe Limited
    [2011/11/29 13:51:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
    [2014/03/07 15:56:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\eFax Messenger
    [2010/03/18 19:41:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EPSON
    [2014/02/24 00:56:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FileZilla
    [2012/04/01 12:42:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Foxit Software
    [2013/01/21 21:11:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Garmin
    [2013/04/19 08:33:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\gtk-2.0
    [2014/05/10 19:26:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\iSpy
    [2014/03/07 15:56:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\j2 Global
    [2013/10/21 18:51:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\KeePass
    [2014/03/04 12:20:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\mjusbsp
    [2013/05/05 16:28:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MusicNet
    [2010/03/28 21:05:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nuance
    [2010/04/15 00:55:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\pdf995
    [2011/12/12 00:23:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Peachtree
    [2010/11/26 23:59:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Pro800-Pro900 Series
    [2014/06/22 10:57:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Samsung
    [2014/05/30 23:08:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SlimCleaner
    [2010/04/15 00:55:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TaxCut
    [2012/09/28 09:20:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software
    [2013/11/01 22:37:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
    [2014/05/22 00:13:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ViberPC
    [2013/05/02 16:54:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Wireshark

    ========== Purity Check ==========



    < End of report >


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 7 Professional x86
    Ran by user on Wed 07/16/2014 at 0:22:41.30
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{52BB94D5-C995-40EC-8BAB-D37164469768}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5B291E6C-9A74-4034-971B-A4B007A0B315}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{1913A79D-26E4-4599-9AE5-B13BB10AAC05}



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 07/16/2014 at 0:25:07.10
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Thanks Larry

  9. #9
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hello,

    I'm in Swissvale, In the good part up on the hill

    Logs are looking good. So I'm out of things to do.

    You tell me how things are with the computer and we will take it from there.

    Joe

  10. #10
    Member
    Join Date
    Mar 2007
    Location
    Butler, PA
    Posts
    102
    Points
    0

    Default

    Hi Joe from Swissvale,

    My brother from Florida arrived to visit for a few days and so this is the first chance I had to reply.

    It seems fine, so I suspect we are done? Did I have any really nasty stuff on here, like key loggers or such?

    Larry

Page 1 of 2 12 LastLast