Jump to content

Clem

Members
  • Content count

    32
  • Joined

  • Last visited

About Clem

  • Rank
    Member

Contact Methods

  • ICQ
    0

Profile Information

  • Gender
    Male
  • OS
    Windows 8/8.1
  • Computer specs
    windows 8.1

Profile Fields

  • Country
  1. Clem

  2. Just finished installing the new modem from Comcast. Checked my internet speed before and after up load speed remained about the same 6.10 mbps before and 6.07 after. download a different store 34.10 before and 60,03 after almost double. Guess you can say I'm pleased with it.
  3. Has anyone else got this yet. Have received five of these in the last two days. Text the same except for the amount and sender e-mail all different. Needless to delete as soon as you get it. Thanks for shopping with our company today! Your purchase is processing right now. You will receive more information via a separate email. PURCHASE INFORMATION Purchase Number: A141601635 Order Date: 12:3906272014 Customer Email: Payment Method: MC Outright Purchase: 5001 USD Kindly see the file enclosed with this email to have more details about your order.
  4. Burning software

    Thanks Shay. It worked ok for Audio cd, which is what I burn mostly, will try data and DVD later. Thanks again, appreciate you quick reply.
  5. Burning software

    What is a good cd/dvd burning software for Windows 8?. Had Nero 12 Platinum on before my hard drive crashed. Used restore program and got it back to factory specs. Was able to get all my programs back on except Nero, every time I tried with the recovery disc installation failed and getting no help from Nero. I even went to Nero and downloaded the Nero burning program, free trial, it failed on installation. So I am looking for a good burner program.
  6. Well I think the problem was with the computer itself(Dell). It went completely belly-up on me. Won't start and repair not working. Said the hell with Dell. Went out a bought a new one(Lenovo-by IBM. Now got to learn how to use Windows 8 with touch screen.
  7. Right now it is just programs on my computer, Haven't had reason any internet shortcuts lately.
  8. Different utility programs, videos of Japanese dancing for the wife, etc
  9. Works fine in Safe Mode or if I turn off UAC
  10. Using the send to option on right click menu (desktop (shortcut)) I get "Windows could not create shortcut. Check to see if disk is full."
  11. Broni - Everything you suggested has been done. Computer running great, except still unable to put shortcut on desktop. Have been able to work around that and not used that much anyway. Don't have the last log from OTL, thought it would auto post to desktop but it didn't and I forgot to save it. Anyway my computer is running faster and better than ever before. Have made a new image with Acronis and deleted all others except for the original one I made the first day I got it. Thanks for all your help. Your my hero!!
  12. After running FSS, TfC and ESET I had another problem. I use Windows Live Mail and when I checked my mail I found that the text of every msg had been deleted when I tried to send myself a msg using my Yahoo acct I could not get the text. Address and Subj line was Ok but no text. Luckily I had made an image of my C drive using Acronis just prior to downloading and running them and everything OK now.
  13. Virus scan showed no threats, here are the logs Farbar Service Scanner Version: 18-08-2013 Ran by Clem (administrator) on 19-08-2013 at 19:12:41 Running from "C:\Users\Clem\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** Results of screen317's Security Check version 0.99.72 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 5.0 SUPERAntiSpyware Professional Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.7.700.224 Adobe Reader XI Mozilla Firefox 19.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe WinPatrol winpatrol.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe IObit IObit Malware Fighter IMFsrv.exe Malwarebytes' Anti-Malware mbamscheduler.exe IObit IObit Malware Fighter IMF.exe TrustDefender TrustDefender TrustDefender.exe TrustDefender TrustDefender TDWatchdog.exe BillP Studios WinPatrol WinPatrol.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  14. Here the OTL file Now will work on the rest All processes killed ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\belarc\ deleted successfully. File Protocol\Handler\belarc - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully. File Protocol\Handler\livecall - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully. File Protocol\Handler\ms-itss - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully. File Protocol\Handler\msnim - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully. File Protocol\Handler\wlmailhtml - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully. File Protocol\Handler\wlpg - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist\ deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. ADS C:\ProgramData\Temp:30FD0CBD deleted successfully. Unable to delete ADS C:\Users\Clem\Downloads:Shareaza.GUID . ADS C:\ProgramData\Temp:84098FD3 deleted successfully. ADS C:\ProgramData\Temp:5C321E34 deleted successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== File\Folder C:\FRST not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Clem ->Temp folder emptied: 98338 bytes ->Temporary Internet Files folder emptied: 200248 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 5243030 bytes ->Flash cache emptied: 727 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 98304 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95403 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 758 bytes RecycleBin emptied: 292428 bytes Total Files Cleaned = 6.00 mb [EMPTYJAVA] User: All Users User: Clem ->Java cache emptied: 0 bytes User: Default User: Default User User: Public Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Clem ->Flash cache emptied: 0 bytes User: Default User: Default User User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 08192013_183751 Files\Folders moved on Reboot... C:\Users\Clem\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Clem\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. File\Folder C:\WINDOWS\temp\~DF77691D344B79E868.TMP not found! PendingFileRenameOperations files... Registry entries deleted on Reboot...
  15. Couldn't put this log on last time. Post too big OTL logfile created on: 8/19/2013 3:18:54 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Clem\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16660) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.80 Gb Total Physical Memory | 4.42 Gb Available Physical Memory | 76.22% Memory free 11.61 Gb Paging File | 10.22 Gb Available in Paging File | 88.06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 684.79 Gb Total Space | 628.08 Gb Free Space | 91.72% Space Free | Partition Type: NTFS Drive E: | 443.23 Gb Total Space | 404.94 Gb Free Space | 91.36% Space Free | Partition Type: NTFS Drive F: | 488.28 Gb Total Space | 159.95 Gb Free Space | 32.76% Space Free | Partition Type: NTFS Drive G: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Drive J: | 124.74 Mb Total Space | 124.74 Mb Free Space | 100.00% Space Free | Partition Type: FAT Drive L: | 234.57 Gb Total Space | 220.32 Gb Free Space | 93.93% Space Free | Partition Type: NTFS Drive M: | 230.53 Gb Total Space | 97.59 Gb Free Space | 42.33% Space Free | Partition Type: NTFS Computer Name: CLEM-PC | User Name: Clem | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/08/19 14:56:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Clem\Downloads\OTL.exe PRC - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/04/25 16:54:10 | 000,335,168 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe PRC - [2013/04/18 16:58:08 | 000,574,272 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe PRC - [2013/02/22 10:22:40 | 002,003,856 | ---- | M] (Symbiotic Technologies Pty Ltd) -- C:\Program Files (x86)\TrustDefender\TrustDefender\TrustDefender.exe PRC - [2012/04/15 14:04:44 | 000,374,368 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe PRC - [2011/10/14 11:02:10 | 000,866,304 | ---- | M] (Audiovox Accessories Corp.) -- C:\Users\Clem\My Documents\RCA Detective\RCADetective.exe PRC - [2010/01/27 15:01:56 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe PRC - [2009/09/01 15:32:12 | 000,087,344 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\SysWOW64\IoctlSvc.exe PRC - [2009/06/18 14:19:30 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008/04/09 20:42:00 | 000,492,896 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe PRC - [2008/04/09 19:23:22 | 000,909,208 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe PRC - [2008/04/09 19:14:28 | 000,136,472 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2008/04/09 19:11:24 | 002,595,792 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe ========== Modules (No Company Name) ========== MOD - [2012/05/30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll MOD - [2011/04/14 18:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll MOD - [2008/04/09 17:46:56 | 001,328,408 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2012/09/07 17:52:17 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV - [2013/06/11 17:31:14 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS) SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/04/25 16:54:10 | 000,335,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice) SRV - [2013/04/18 16:58:08 | 000,574,272 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/02/22 10:22:40 | 002,003,856 | ---- | M] (Symbiotic Technologies Pty Ltd) [Auto | Running] -- C:\Program Files (x86)\TrustDefender\TrustDefender\TrustDefender.exe -- (TrustDefender) SRV - [2011/03/01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2011/01/27 22:07:59 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/09/01 15:32:12 | 000,087,344 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\WINDOWS\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) SRV - [2009/06/18 14:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/05 17:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2008/04/09 20:42:00 | 000,492,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService) SRV - [2008/04/09 19:15:00 | 000,605,464 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/06/10 14:28:12 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013/05/22 22:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA) DRV:64bit: - [2013/05/22 18:49:32 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV:64bit: - [2013/05/20 22:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1404000.028\symds64.sys -- (SymDS) DRV:64bit: - [2013/05/15 22:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013/04/24 17:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1404000.028\symnets.sys -- (SymNetS) DRV:64bit: - [2013/04/15 19:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013/03/28 12:42:33 | 000,056,464 | ---- | M] (Symbiotic Technologies Pty Ltd) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\tdtdi.sys -- (tdtdi) DRV:64bit: - [2013/03/17 20:09:10 | 000,028,568 | ---- | M] (GiliSoft International LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\GSVDRIVE.sys -- (GSVDRIVE) DRV:64bit: - [2013/03/04 18:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON) DRV:64bit: - [2013/03/04 18:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012/09/12 16:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/02/23 14:34:12 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2011/02/23 14:34:12 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\tifsfilt.sys -- (tifsfilter) DRV:64bit: - [2011/02/23 14:34:09 | 000,235,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2011/02/23 14:34:08 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\tdrpman.sys -- (tdrpman) DRV:64bit: - [2010/11/20 19:24:34 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 19:23:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 04:07:04 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010/02/27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010/02/12 07:10:12 | 000,066,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\GenericMount.sys -- (GenericMount) DRV:64bit: - [2010/02/03 22:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\revoflt.sys -- (Revoflt) DRV:64bit: - [2009/10/24 05:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/10/16 04:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV - [2013/08/17 08:08:30 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130819.001\ex64.sys -- (NAVEX15) DRV - [2013/08/17 08:08:30 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130819.001\eng64.sys -- (NAVENG) DRV - [2013/08/12 19:15:09 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013/05/31 09:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130715.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013/03/26 19:34:08 | 000,023,016 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter) DRV - [2013/03/26 19:33:52 | 000,034,336 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter) DRV - [2013/03/24 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013/03/23 15:48:46 | 000,023,048 | ---- | M] (IObit) [File_System | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor) DRV - [2013/03/22 15:39:26 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130813.001\IDSviA64.sys -- (IDSVia64) DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{111BC878-21D1-4B86-9045-A32BE076EDDF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{BD53CC0F-329C-40BD-818A-FDD45E28D71F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1571865198-2256230166-3563497380-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1571865198-2256230166-3563497380-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1571865198-2256230166-3563497380-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=800236" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "about.blank" FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.7 FF - prefs.js..extensions.enabledAddons: iobitapps%40mybrowserbar.com:7.0 FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=800236&p=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/05/29 17:37:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2011/09/21 09:11:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2013/08/19 15:07:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\ [2013/03/24 23:29:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/11 21:37:17 | 000,000,000 | ---D | M] [2012/12/30 14:56:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clem\AppData\Roaming\Mozilla\Extensions [2011/03/04 20:10:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clem\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013/08/18 00:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clem\AppData\Roaming\Mozilla\Firefox\Profiles\ijpqxhzk.default\extensions [2013/07/04 16:43:41 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Clem\AppData\Roaming\Mozilla\Firefox\Profiles\ijpqxhzk.default\extensions\ascsurfingprotection@iobit.com [2013/03/09 09:48:15 | 000,275,665 | ---- | M] () (No name found) -- C:\Users\Clem\AppData\Roaming\Mozilla\Firefox\Profiles\ijpqxhzk.default\extensions\artur.dubovoy@gmail.com.xpi [2012/12/30 14:59:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF [2013/03/09 09:51:31 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/11/29 01:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/03/09 09:51:19 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2013/08/18 16:01:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook64.dll (Shareaza Development Team) O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1571865198-2256230166-3563497380-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [iObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit) O4 - HKLM..\Run: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [TrustDefenderWD] C:\Program Files (x86)\TrustDefender\TrustDefender\TDWatchdog.exe (Symbiotic Technologies Pty Ltd) O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios) O4 - HKU\S-1-5-21-1571865198-2256230166-3563497380-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware) O4 - Startup: C:\Users\Clem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk = C:\Users\Clem\My Documents\RCA Detective\RCADetective.exe (Audiovox Accessories Corp.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1571865198-2256230166-3563497380-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1571865198-2256230166-3563497380-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1571865198-2256230166-3563497380-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook64.dll (Shareaza Development Team) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook64.dll (Shareaza Development Team) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6E69AAB-9B0A-4C05-A918-26C65D409118}: DhcpNameServer = 75.75.75.75 75.75.76.76 O18:64bit: - Protocol\Handler\belarc - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\SysNative\relog_ap.dll (Acronis) O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\SysWow64\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/01/28 13:00:27 | 000,000,088 | ---- | M] () - G:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/08/19 15:10:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2013/08/18 16:01:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/08/18 15:53:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013/08/18 15:53:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013/08/18 15:53:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013/08/18 15:50:09 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/08/18 15:49:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013/08/18 15:19:28 | 005,105,231 | R--- | C] (Swearware) -- C:\Users\Clem\Desktop\ComboFix.exe [2013/08/18 13:58:20 | 000,000,000 | ---D | C] -- C:\Users\Clem\Desktop\RK_Quarantine [2013/08/18 00:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter [2013/08/17 20:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013/08/17 20:22:25 | 000,000,000 | ---D | C] -- C:\Users\Clem\Desktop\mbar [2013/08/13 03:34:29 | 000,000,000 | ---D | C] -- C:\Users\Clem\Documents\Anti-Malware [2013/07/31 01:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012/07/12 01:28:44 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/08/19 15:12:50 | 000,014,240 | -H-- | M] () -- C:\WINDOWS\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/08/19 15:12:50 | 000,014,240 | -H-- | M] () -- C:\WINDOWS\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/08/19 15:10:01 | 000,777,156 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2013/08/19 15:10:01 | 000,661,308 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2013/08/19 15:10:01 | 000,119,096 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2013/08/19 15:04:57 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/08/19 15:04:35 | 378,888,191 | -HS- | M] () -- C:\hiberfil.sys [2013/08/19 14:31:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/08/19 09:53:19 | 000,026,074 | ---- | M] () -- C:\Users\Clem\AppData\Roaming\wklnhst.dat [2013/08/19 04:17:00 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 000439ac-4eba-4e38-ace1-a1ad8e1b1641.job [2013/08/18 17:00:00 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job [2013/08/18 16:01:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts [2013/08/18 15:19:30 | 005,105,231 | R--- | M] (Swearware) -- C:\Users\Clem\Desktop\ComboFix.exe [2013/08/12 20:35:19 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE [2013/08/06 22:07:30 | 000,000,289 | ---- | M] () -- C:\Users\Clem\Duplicate File Finder.cfg [2013/07/31 01:07:25 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/08/18 15:53:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013/08/18 15:53:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013/08/18 15:53:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013/08/18 15:53:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013/08/18 15:53:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013/07/31 01:07:25 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013/05/22 19:53:59 | 000,000,081 | ---- | C] () -- C:\WINDOWS\ScreenHunter.INI [2013/05/15 12:31:16 | 000,000,179 | ---- | C] () -- C:\WINDOWS\Reimage.ini [2013/05/12 18:18:01 | 000,000,207 | ---- | C] () -- C:\WINDOWS\tweaking.com-regbackup-CLEM-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat [2013/04/15 10:57:06 | 000,000,218 | ---- | C] () -- C:\Users\Clem\AppData\Local\recently-used.xbel [2013/04/15 10:56:38 | 000,003,291 | ---- | C] () -- C:\Users\Clem\clem.gnucash [2013/04/05 13:53:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI [2013/03/17 20:23:18 | 000,819,200 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidcore.dll [2013/03/17 20:23:17 | 000,180,224 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidvfw.dll [2013/03/10 12:12:21 | 000,000,045 | ---- | C] () -- C:\Users\Clem\AppData\Roaming\mbam.context.scan [2012/10/07 12:36:37 | 000,002,761 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2012/06/14 08:40:41 | 000,000,017 | ---- | C] () -- C:\Users\Clem\AppData\Local\resmon.resmoncfg [2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\WINDOWS\SysWow64\ig4icd32.dll [2012/01/10 21:12:12 | 001,663,488 | ---- | C] () -- C:\WINDOWS\SysWow64\igfxcmjit32.dll [2011/11/23 17:34:39 | 000,049,152 | ---- | C] () -- C:\WINDOWS\SysWow64\OctaneARM.dll [2011/11/21 19:06:01 | 000,000,289 | ---- | C] () -- C:\Users\Clem\Duplicate File Finder.cfg [2011/09/24 20:50:57 | 000,000,175 | ---- | C] () -- C:\Users\Clem\AppData\Roaming\default.rss [2011/08/31 20:51:16 | 000,867,020 | ---- | C] () -- C:\WINDOWS\SysWow64\igkrng575.bin [2011/08/31 20:51:16 | 000,128,204 | ---- | C] () -- C:\WINDOWS\SysWow64\igcompkrng575.bin [2011/08/31 20:51:16 | 000,105,608 | ---- | C] () -- C:\WINDOWS\SysWow64\igfcg575m.bin [2011/05/08 16:04:53 | 000,018,944 | ---- | C] () -- C:\Users\Clem\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/02/23 14:19:32 | 000,026,074 | ---- | C] () -- C:\Users\Clem\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\WINDOWS\SysNative\shell32.dll -- [2013/05/14 20:46:26 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/05/14 20:46:26 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011/07/08 18:03:49 | 000,000,000 | ---D | M] -- C:\Users\Clem\AppData\Roaming\Acronis [2012/07/23 22:40:49 | 000,000,000 | ---D | M] -- C:\Users\Clem\AppData\Roaming\AnvSoft [2011/05/23 20:25:19 | 000,000,000 | ---D | M] -- C:\Users\Clem\AppData\Roaming\ASCOMP Software [2013/05/13 16:44:34 | 000,000,000 | ---D | M] -- C:\Users\Clem\AppData\Roaming\Audacity [2011/03/09 20:06:41 | 000,000,000 | ---D | M] -- C:\Users\Clem\AppData\Roaming\CheckPoint [2013/05/19 13:30:49 | 000,000,000 | ---D | M] -- C:\Users\Clem\AppData\Roaming\enchant [2013/04/05 14:02:39 | 000,000,000 | ---D | M] -- C:\Users\Clem\AppData\Roaming\FairStars CD Ripper [2012/03/16 11:17:42 | 000,000,000 | ---D | M] -- C:\Users\Clem\AppData\Roaming\Firetrust [2011/05/23 20:24:47 | 000,000,000 | ---D | M] -- C:\Users\Clem\AppData\Roaming\GetRightToGo [2013/03/17 20:09:19 | 000,000,000 | ---D | M] -- C:\Users\Clem\AppData\Roaming\GiliSoft [2012/02/02 14:21:46 | 000,000,000 | ---D | M] -- C:\Users\Clem\AppData\Roaming\gtk-2.0 [2012/10/02 14:20:56 | 000,000,000 | ---D | M] -- C:\Users\Clem\AppData\Roaming\ImTOO [2013/08/18 00:35:34 | 000,000,000 | ---D | M] -- C:\Users\Clem\AppData\Roaming\IObit [2011/05/17 22:00:10 | 000,000,000 | ---D | M] -- C:\Users\Clem\AppData\Roaming\IrfanView [2011/02/23 21:08:40 | 000,000,000 | ---D | M] -- C:\Users\Clem\AppData\Roaming\Leadertech [2012/03/16 11:17:04 | 000,000,000 | ---D | M] -- C:\Users\Clem\AppData\Roaming\MailWasherPro [2012/01/03 18:00:25 | 000,000,000 | ---D | M] -- C:\Users\Clem\AppData\Roaming\MusicNet [2011/03/24 17:21:04 | 000,000,000 | ---D | M] -- C:\Users\Clem\AppData\Roaming\OpenOffice.org [2012/05/23 16:24:36 | 000,000,000 | ---D | M] -- C:\Users\Clem\AppData\Roaming\PhotoFiltre [2011/05/07 12:01:39 | 000,000,000 | ---D | M] -- C:\Users\Clem\AppData\Roaming\Seven Zip [2013/07/07 18:44:09 | 000,000,000 | ---D | M] -- C:\Users\Clem\AppData\Roaming\Shareaza [2011/03/01 15:57:24 | 000,000,000 | ---D | M] -- C:\Users\Clem\AppData\Roaming\Template [2011/03/04 20:10:44 | 000,000,000 | ---D | M] -- C:\Users\Clem\AppData\Roaming\Thunderbird [2011/02/23 13:26:54 | 000,000,000 | ---D | M] -- C:\Users\Clem\AppData\Roaming\Windows Live Writer [2011/10/01 23:48:31 | 000,000,000 | ---D | M] -- C:\Users\Clem\AppData\Roaming\WinPatrol [2011/05/08 21:54:37 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 185 bytes -> C:\ProgramData\Temp:30FD0CBD @Alternate Data Stream - 16 bytes -> C:\Users\Clem\Downloads:Shareaza.GUID @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:84098FD3 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34 < End of report > OTL Extras logfile created on: 8/19/2013 3:18:54 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Clem\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16660) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.80 Gb Total Physical Memory | 4.42 Gb Available Physical Memory | 76.22% Memory free 11.61 Gb Paging File | 10.22 Gb Available in Paging File | 88.06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 684.79 Gb Total Space | 628.08 Gb Free Space | 91.72% Space Free | Partition Type: NTFS Drive E: | 443.23 Gb Total Space | 404.94 Gb Free Space | 91.36% Space Free | Partition Type: NTFS Drive F: | 488.28 Gb Total Space | 159.95 Gb Free Space | 32.76% Space Free | Partition Type: NTFS Drive G: | 442.98 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Drive J: | 124.74 Mb Total Space | 124.74 Mb Free Space | 100.00% Space Free | Partition Type: FAT Drive L: | 234.57 Gb Total Space | 220.32 Gb Free Space | 93.93% Space Free | Partition Type: NTFS Drive M: | 230.53 Gb Total Space | 97.59 Gb Free Space | 42.33% Space Free | Partition Type: NTFS Computer Name: CLEM-PC | User Name: Clem | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1571865198-2256230166-3563497380-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Print_Directory_Listing] -- Printdir.bat "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Print_Directory_Listing] -- Printdir.bat "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{029DA0CF-F261-40FB-B480-B3AE03E40E7D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{040F502F-7C89-484F-AA7B-4F4E6FD0CE0C}" = lport=137 | protocol=17 | dir=in | app=system | "{04874140-1ED8-4BB2-9E36-2C982F73099E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0B9702BE-D46B-4072-9312-340F15233233}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0FB197BA-8A30-476E-939A-A715FBF08E3A}" = lport=2869 | protocol=6 | dir=in | app=system | "{293DCE58-F9D9-45C5-973B-177C8CF8D001}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{321AB52F-C927-4740-B62A-9A403279CA8E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{50D1BD44-D785-4B8C-A7E0-722B06B4A583}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{612255EC-6F22-41CE-A1D5-04AB809F188E}" = rport=10243 | protocol=6 | dir=out | app=system | "{6731F928-4A35-4264-93DF-948F77F5B682}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{690084FE-BF5B-47AD-805B-A669F050D14F}" = lport=139 | protocol=6 | dir=in | app=system | "{71DA126E-90E6-4A5A-A845-A579F1EACE20}" = rport=138 | protocol=17 | dir=out | app=system | "{7C9DD4BA-2812-4B96-8F24-315DFCF1ECC0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8D14EFFA-A7ED-461D-BC3F-3B9F3B4220A3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{8E5EE7C1-080F-4960-8C3B-A6590B3BF3F1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{906267B1-466F-4645-B385-ECE7F2AE7EE6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{90A8F28C-6A10-427B-91EC-721E568B5CD1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A3F8D396-6069-46BA-95F1-1F29B35CD2BE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{A733CC47-6C09-4F48-9962-627E12B724D7}" = lport=138 | protocol=17 | dir=in | app=system | "{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BBBEA844-B8C4-4B7B-9707-EFD2D931500A}" = rport=137 | protocol=17 | dir=out | app=system | "{C4F0E84C-A7C1-4873-955A-3696A00C753E}" = rport=139 | protocol=6 | dir=out | app=system | "{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D5C17963-BA0E-406E-AB75-286F2872F953}" = lport=10243 | protocol=6 | dir=in | app=system | "{D873884D-C06D-4411-9315-E3F9BEA18B86}" = rport=445 | protocol=6 | dir=out | app=system | "{D8901B32-A85D-4ECA-9295-F168F069BDF1}" = lport=445 | protocol=6 | dir=in | app=system | "{DF523850-F55C-458F-9E52-AC4269CB6EF5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04F5BCA3-A92C-4393-889B-94DD5257678B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{07526860-7EFA-4B1E-B489-86F6FD7AE9CC}" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe | "{21872B4E-50DC-4669-9D87-39A664ED5629}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{2344121F-5202-478D-80A6-6305A9013C8F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2514E813-88D5-4A52-8779-9B505A0A31AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{265CF05E-0AAA-4740-A07A-9F80D6A2D1D2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2EAC24F5-E1EC-4CCC-B5D6-224EAB1856C3}" = protocol=6 | dir=out | app=system | "{31EFA066-A832-480D-95A5-EA2348526AEB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{334C5A0B-8B29-47D8-AB1C-1997E75F1FE9}" = protocol=17 | dir=in | app=c:\program files (x86)\trustdefender\trustdefender\trustdefender.exe | "{4F054935-5C4B-444E-8BD0-110312689CAD}" = protocol=17 | dir=in | app=c:\program files (x86)\trustdefender\trustdefender\trustdefender.exe | "{52F86E50-5834-4540-AA5B-1E58DDF18264}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5858FF91-2D22-42BA-90C3-F7008949724E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{617AAF7F-4E5C-4FC0-8FB6-10DCE2769D56}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7307BE4C-608E-4F87-B109-E9CAE58A4F56}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{73DB7711-BB38-4B4B-B870-5D1A9871912B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7AAA8775-2BC7-4109-9595-6E4FF21F84C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7B70501E-A985-46D8-A918-1F8720A70113}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{84D01C70-FE30-4278-B73B-D8CDC4DD66F8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8F2E8FD2-96CE-4736-9A58-3344E1C3E0AC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8F4A7F25-12A0-4974-BEED-E54DFFCDE973}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{9E79ADEB-1590-4F51-93F0-2E6EF3277219}" = protocol=6 | dir=in | app=c:\program files (x86)\trustdefender\trustdefender\trustdefender.exe | "{AAD273FF-5187-4701-A593-74263235A2DE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B6CADBD8-0143-4784-9473-3B2F58777F71}" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe | "{C0DA4726-6730-4AEC-8512-78E9A8047D9F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EB9A37E8-35F8-4C8A-BE15-4BDDE1E59B77}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{EC46FD93-9281-45D6-8B70-67AFE4055669}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F319208C-F262-42E3-A03F-994FE860C215}" = protocol=6 | dir=in | app=c:\program files (x86)\trustdefender\trustdefender\trustdefender.exe | "{FD3A7090-CEBC-4208-9F33-09FF593E2A0D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit) "{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.7 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter "CCleaner" = CCleaner "Dell Support Center" = Dell Support Center "File Shredder_is1" = File Shredder 2.5 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Recuva" = Recuva "Shareaza_is1" = Shareaza 2.6.0.0 "Speccy" = Speccy [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime "{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4 "{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help "{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23220cac-2204-4a1c-9996-ad4e51c6c93b}" = Nero 9 "{232FDC0C-12DE-41F2-9701-27EFCA18BEF9}" = MediaJoin "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help "{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources "{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader "{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 25 "{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode "{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent "{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3 "{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support "{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help "{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help "{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner "{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis True Image Home "{6657DA03-A39B-472C-8458-6292E128A3D9}" = MailWasherPro "{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express "{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{77E33D87-255E-413E-9C8D-EED2A7F9BEBF}" = Nero Live Help "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help "{85243696-5E58-4357-9CF8-3498C609941D}" = NeroLiveGadget Help "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8A8DE206-BE5C-40AA-A74B-5951FCF05372}_is1" = TrustDefender "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth "{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer "{98A67610-A3B5-4098-A423-3708040026D3}" = "Nero SoundTrax Help "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap "{9E9FDDE6-2C26-492A-85A0-05646B3F2795}" = NeroLiveGadget "{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor "{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.5.134 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) "{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help "{ADBD1772-24CF-49D2-A89F-19757D4FDA14}}_is1" = GiliSoft DVD Ripper Free 3.0.1 "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit "{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail "{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional "{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help "{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1725D54-279A-41C5-A73D-23C1785DB920}_is1" = AoA DVD Ripper "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer "{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common "{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime "{DF6A95F5-ADC1-406A-BDC6-2AA7CC0182AA}" = Nero Live "{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget "{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter "{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement "{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "Advanced SystemCare 6_is1" = Advanced SystemCare 6 "Any Audio Converter_is1" = Any Audio Converter 3.3.8 "Any Video Converter_is1" = Any Video Converter 3.3.9 "Audacity_is1" = Audacity 2.0 "Belarc Advisor" = Belarc Advisor 8.2 "eIMAGE Recovery" = eIMAGE Recovery "EULAlyzer_is1" = EULAlyzer 2.1 "FairStars CD Ripper_is1" = FairStars CD Ripper 1.52 "FileASSASSIN" = FileASSASSIN "Freemake Video Downloader_is1" = Freemake Video Downloader "Game Booster_is1" = Game Booster "GoToAssist" = GoToAssist 8.0.0.514 "ImTOO DVD Audio Ripper" = ImTOO DVD Audio Ripper "InstallShield_{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader "IObit Malware Fighter_is1" = IObit Malware Fighter "IrfanView" = IrfanView (remove only) "Karen's Directory Printer" = Karen's Directory Printer "LAME_is1" = LAME v3.99.3 (for Windows) "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "LP Recorder" = LP Recorder "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "MediaJoin" = MediaJoin "Mozilla Firefox 19.0 (x86 en-US)" = Mozilla Firefox 19.0 (x86 en-US) "NIS" = Norton Internet Security "Picasa 3" = Picasa 3 "Quick Screen Capture 3.0_is1" = Quick Screen Capture 3.0 "RCA Detective™_is1" = RCA Detective™ 3.0.4.0 "RCA Digital Voice Manager_is1" = RCA Digital Voice Manager 7.1.6.0 "RCA Updater_is1" = RCA Updater 2.1.7.1 "Smart Defrag 2_is1" = Smart Defrag 2 "SpywareBlaster_is1" = SpywareBlaster 5.0 "Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One) "What's Running_is1" = What's Running 3.0 "WildTangent dell Master Uninstall" = WildTangent Games "WinGimp-2.0_is1" = GIMP 2.6.10 "WinLiveSuite" = Windows Live Essentials "Wisdom-soft ScreenHunter 6.0 Free" = Wisdom-soft ScreenHunter 6.0 Free "Xvid_is1" = Xvid 1.2.2 final uninstall ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1571865198-2256230166-3563497380-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "PhotoFiltre" = PhotoFiltre "WinDirStat" = WinDirStat 1.1.2 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 8/19/2013 6:18:43 PM | Computer Name = Clem-PC | Source = Application Hang | ID = 1002 Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: dd4 Start Time: 01ce9d29dba0388a Termination Time: 16 Application Path: C:\Users\Clem\Downloads\OTL.exe Report Id: 4534e539-091d-11e3-a00d-842b2bb895ed [ Dell Events ] Error - 2/23/2011 2:41:08 PM | Computer Name = Clem-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 3/1/2011 5:39:30 PM | Computer Name = Clem-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 3/1/2011 5:39:30 PM | Computer Name = Clem-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 3/1/2011 5:43:44 PM | Computer Name = Clem-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 3/1/2011 5:43:44 PM | Computer Name = Clem-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 3/1/2011 10:10:59 PM | Computer Name = Clem-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 3/1/2011 10:10:59 PM | Computer Name = Clem-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 3/22/2011 9:18:35 PM | Computer Name = Clem-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 3/22/2011 9:18:35 PM | Computer Name = Clem-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 3/26/2011 10:46:07 AM | Computer Name = Clem-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. < End of report >
×