onehipcat

It is seemingly gone. No more re-directs and no more "SSL Search is off" via Chrome. When I first got it, I had no clue, then I don't remember if I manually removed the software or used "Remove Programs" via the control panel, but the registry values got stuck in there, and well, I finally got them out. All of them. Thank you for all of your help, and please, get MBAM to get this in their database.

Maniac, I do apologize, but I already was working on it, because I was so mad about this. I ran RegEdit and deleted the files. I kept Spyhunter open and looked up the registry files and deleted them. Hopefully, after uninstalling the software, running literally 12 different scans and removal tools, I have removed a lot of junk. However, hopefully on the isafe virus, aka searchsafe. com virus level, hopefully I just removed the registry files to keep this from returning. I do appreciate your help, but this iSafe, aka searchsafe. com virus has been around for a while, and needs to be put in the MBAM database. Thanks again!

Here is a screenshot, it found a Rival Gaming and "Focus base", with all the same type of registry keys notated.

I think I found that SpyHunter 4 will catch what I need but makes you pay for the removal. I am going to run it again and post a screenshot of what it spits out. hopefully you can guide me through the manual removal. Thanks.

Ok, it's back again!!!!!! GRRRRRR!!!!! I don't know what to do now. This aint going away, and I tried to partition my hard drive so they wouldn't overlap, but apparently that don't matter. I don't want to wipe my HD, I have 4 years worth of work and no where to copy it too.

I ran JRT, nothing came up. And so far we have gone about a whole week and it has not returned. Thank you for your help with this, it was getting frustrating. We can close it out now, if it comes back, I will message you privately or start a new topic, ok? And thank you again!

1 part of the avast scan screenshot.

I am going to pop in an example screenshot of what it kicked out. There were no threats found, and I adjusted the settings as high as I could find to scrub everything it gives me an option for, and it didn't find anything. However, I have a Spybot directory that is showing "password protected" though I have not set a password. I also thought I uninstalled my old version of Spybot but I have 2 directories. Any thoughts? I also thought I had stopped auto backup (which I have it written to another partitioned drive on the same hard drive), but I had not, and I deleted the whole backup and anything else that was showing on that particular letter Drive, I have not reformatted it. And right now, things are well, as in I go to Chrome, search, and it is a normal Google search. But this has kept coming back, even without a backup, so any thoughts? Or just another wait and see for a few days? And thank you for your help on this, as you know it can get frustrating.

Worked for 2 days, and it's baaaaaackkkk... This thing has more lives than a Freddie or Jason movie!

All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-549523805-167737923-3235466408-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. HKU\S-1-5-21-549523805-167737923-3235466408-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-549523805-167737923-3235466408-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-549523805-167737923-3235466408-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. HKEY_USERS\S-1-5-21-549523805-167737923-3235466408-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKU\S-1-5-21-549523805-167737923-3235466408-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-549523805-167737923-3235466408-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: links@rivalgaming.com:1.0.0 removed from extensions.enabledItems Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to remove the default_search_provider items. C:\Users\Nate\AppData\Roaming\qBittorrent folder moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Nate\Downloads\cmd.bat deleted successfully. C:\Users\Nate\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Admin ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1111053 bytes User: All Users User: Angela ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 895699 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 465501855 bytes ->Flash cache emptied: 1556 bytes User: AppData ->Temp folder emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Dennis ->Temp folder emptied: 0 bytes User: Nate ->Temp folder emptied: 19339323 bytes ->Temporary Internet Files folder emptied: 85146784 bytes ->Java cache emptied: 137 bytes ->FireFox cache emptied: 57146824 bytes ->Google Chrome cache emptied: 386478872 bytes ->Flash cache emptied: 58195 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 8768 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 6943600 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67825 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 975.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11162014_170610 Files\Folders moved on Reboot... C:\Users\Nate\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Nate\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot. C:\Windows\temp\vmware-SYSTEM-2405924255\vmware-usbarb-SYSTEM-2672.log moved successfully. File\Folder C:\Windows\temp\hsperfdata_ADMIN-AMD$\1892 not found! PendingFileRenameOperations files... Registry entries deleted on Reboot...

I re-did the scan, and here is the OTL file. With "all" clicked. OTL.Txt

OTL Extras logfile created on: 11/13/2014 11:09:21 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nate\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17420) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 52.58% Memory free 7.50 Gb Paging File | 4.50 Gb Available in Paging File | 60.07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 390.53 Gb Total Space | 185.14 Gb Free Space | 47.41% Space Free | Partition Type: NTFS Drive E: | 151.03 Gb Total Space | 42.83 Gb Free Space | 28.36% Space Free | Partition Type: NTFS Drive M: | 156.98 Gb Total Space | 153.57 Gb Free Space | 97.83% Space Free | Partition Type: NTFS Computer Name: ADMIN-AMD | User Name: Nate | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-549523805-167737923-3235466408-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0215FFB4-7D18-4933-B9B1-B3769EC6D15E}" = lport=137 | protocol=17 | dir=in | app=system | "{02D111E1-4295-4E47-98E7-95D951868793}" = rport=138 | protocol=17 | dir=out | app=system | "{0451EB7F-EFFA-4E4C-8031-D775DD327E1A}" = rport=137 | protocol=17 | dir=out | app=system | "{053B5B1D-D2CB-413B-92A2-9F321A366BF2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{0A34065A-1088-406B-B0EE-91AB77087461}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0D7DBE49-CF2E-4E9A-BE4D-20E85104FF07}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{0F56DF5B-631F-4945-A9E9-D3A19E8A4171}" = lport=10243 | protocol=6 | dir=in | app=system | "{1EBE9B73-0C2B-49F2-A8CC-4731A12E6805}" = rport=445 | protocol=6 | dir=out | app=system | "{2891EF0E-B714-44F7-9FF0-50F35E37DD5E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{2CD0B752-B1F3-44DB-9822-1DAACB9E3566}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{33F267FC-0B19-40B9-BC5B-D146A318B29C}" = rport=139 | protocol=6 | dir=out | app=system | "{3482B119-4E1D-4C41-B54D-71BFE424EE0C}" = lport=49185 | protocol=6 | dir=in | name=akamai netsession interface | "{4B6068AF-1148-4589-80A0-1872BB349C2A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{501F4265-B5B0-46D1-BEAB-0EC074436A11}" = lport=2869 | protocol=6 | dir=in | app=system | "{5239B96C-3BB3-4899-9CC8-2ED80DB4EA86}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{5B166A88-DCF1-4B78-8FF6-968A53EC8487}" = lport=138 | protocol=17 | dir=in | app=system | "{65AAD040-12E7-4222-9832-29C807BAED88}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{6FA65EE8-43F0-4FAF-B855-3BCF7AC136FF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{72266655-BA55-4790-83B8-1FC96F404B27}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{73D3A677-0100-4221-9668-3AF52E1403B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{73D8AC28-4585-48D5-A3F0-AB0B80EF9305}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{766DF524-D750-4746-B23A-8D39A68F0597}" = lport=2869 | protocol=6 | dir=in | app=system | "{7C806AA2-C93E-4716-8BF4-0957CACF1CB3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7EBED219-EDEC-44D6-B515-41E7B9E3651A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8405A096-18E4-4663-B50C-34E64BB38A3B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8C7185F0-342C-4A3C-B6E9-FE940D0358EE}" = rport=10243 | protocol=6 | dir=out | app=system | "{A7DFF022-8B82-446F-A336-3308EF8221B7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{AAF06957-5B4D-427A-A882-2BC7B04E8617}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B3AF3925-E585-4A33-BB3C-8BA3F61F4E51}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{C932FAD0-54C1-40D0-B477-A0D2589DA88D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D08D828E-CFC0-4028-8602-06E39A5B7ECB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D1ADE2FF-9A66-469E-89A6-CC7AF9F5E3E6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DA844372-B656-43D2-A530-6DBFF6D0C491}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E26BCCE4-D58D-44C8-A586-9064D1517CA1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E52AE16B-D43A-48A0-82D4-4C07AB05C4CD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{E562C187-7328-4945-90F4-CC119ECE3CAC}" = lport=445 | protocol=6 | dir=in | app=system | "{E67D54C9-CF99-4A72-B0D2-5EC955C4E7C9}" = lport=139 | protocol=6 | dir=in | app=system | "{EDF3B42E-6CC3-4EA7-B154-E3F44F8CF734}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EECD8618-C422-4425-ACD9-04769C065352}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01CCAEA2-52D1-4F1B-B634-4FCCAA0E48DA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{03B0DC86-2F48-4C04-BD35-59745957D6F1}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicatorcom.exe | "{065E4F7C-182E-4354-BE75-C76DFA5DA826}" = protocol=6 | dir=in | app=c:\program files (x86)\aol 9.5\waol.exe | "{0E707256-77A5-4092-B4BD-AA141A077FEC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0FE905C3-51F2-4D8C-89C9-A652DD084A19}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{118443DB-3599-4BE0-AF2D-7A2B13ACD4A4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{13A947B2-A3C8-4AAF-AC29-EAEB9CC02B11}" = protocol=6 | dir=in | app=c:\users\nate\appdata\local\akamai\netsession_win.exe | "{1A6A9692-D0F9-437A-85A9-1D642C98D217}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | "{1A7E3DC8-A9EA-400E-82FE-599DAB1D073E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1F0CEED8-FE84-4F9D-98A6-CFD97C9349F7}" = protocol=6 | dir=in | app=c:\users\nate\appdata\local\temp\~os90cc.tmp\rlvknlg.exe | "{23824044-0010-4EE6-949E-B6F3245B4FD4}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe | "{25015370-A80B-46A5-A9EB-4756295F91B7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{2C56F56A-3C1D-4F6F-A5A7-1FABE98C0A80}" = protocol=6 | dir=in | app=c:\users\nate\appdata\local\temp\~os90cc.tmp\rlvknlg.exe | "{2D45BA54-2C77-4C57-BF90-49B77EC1BF63}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbfcoms.exe | "{2EB76295-BDB0-4F0F-A066-4EB949C06AE3}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | "{311D4654-32A5-4817-BFA6-079DFECDC85B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbfpswx.exe | "{31B94348-B94F-429E-9DEA-6CE5CA95CB11}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{3407390C-4580-4A53-B051-D8D8DBD00BA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{362AB26A-5A18-4E85-8722-63E4D764355A}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbfpswx.exe | "{37FB121C-A170-423F-9C6A-AF2E63333D09}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | "{3C9706D3-D16C-409B-BC6A-E698A42567DE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{3FBCFD67-5EA5-4A23-B050-EF079B66B691}" = protocol=6 | dir=out | app=system | "{41B713A0-4185-4E4D-B565-B481781BD8E4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{46C0382B-3872-4853-BF50-C8731AE246BB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{47B1FE8D-123C-4541-B0C0-6EEAE4352DD0}" = protocol=17 | dir=in | app=c:\program files (x86)\qbittorrent\qbittorrent.exe | "{47D9EA41-2C8D-4CB4-9899-239D1DDFA2AF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | "{4A48E48E-ECE9-4683-9F3E-3DE8E3731D82}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{5440458E-BD70-4DF5-BABB-397D1CF5F57A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{54B2EA6A-8FD1-4E3B-AE21-6E819C9271CA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd | "{54F8A697-3249-449B-8DE4-3373E0EFBA32}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\faxapplications.exe | "{5543C80A-5D39-46C6-85E3-AB15BBCC9735}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero8\nero mediahome\nmmediaserver.exe | "{55BD44A1-6E95-4435-8BAE-5E83C018D9DC}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\acrobat.com\acrobat.com.exe | "{5778797D-255F-4BA7-9F02-27CC1BA3F789}" = protocol=17 | dir=in | app=c:\program files (x86)\namo\webcanvas 2006\bin\webcanvas.exe | "{580E2D73-339A-4EAD-A9E9-36A04D1E9BE2}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero8\nero home\nerohome.exe | "{5911988C-221B-4986-8751-6B58049A3DA5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{5B36989D-1857-40D2-AD6A-F2404B8B389B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{5BDA3314-9F15-4B9C-93D7-C9CDD456960D}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | "{5D0454F4-BAB1-46E3-ADC2-9CDE71A004D6}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero8\nero mediahome\nmmediaserver.exe | "{5D848B69-BF94-46EF-A545-060ADF2BD97B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{64E1D659-54E6-46A2-AAAE-B1707774B127}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{66CAD457-48EA-42A7-8A12-B009788F66C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6BC6A7A2-21C2-42FE-BEDB-2DA675F8E854}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero8\nero home\nerohome.exe | "{6E095105-9208-46B8-80C4-D7EE786764E4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{6EEA8F0C-8A6E-49BC-A5EC-FBFE2F3BF9F5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{74776EFD-B0FA-49A0-BDD0-A1760070E23F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{755587BE-B55F-4AF5-8C19-B9FA6BD9C8EB}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\digitalwizards.exe | "{78AA970B-14CB-443A-B7D7-7722C0123296}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{7A35AFBB-5B0F-461F-9832-ABCA54100A66}" = protocol=17 | dir=in | app=c:\users\nate\appdata\local\temp\~os90cc.tmp\rlvknlg.exe | "{810AA327-D469-495C-A834-438D77E15CC3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | "{81F7543D-A7AD-4576-8549-D155E090BC4D}" = protocol=17 | dir=in | app=c:\users\nate\appdata\local\temp\~os90cc.tmp\rlvknlg.exe | "{889336A1-E0B5-4BFF-BDE6-5E979ADCBA84}" = protocol=17 | dir=in | app=d:\setup.exe | "{8987989E-3B58-4227-89C5-B85B3A7C9C4F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{8BFE8D59-85D1-41A4-9A1F-09C8B7DA140A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{90CD36DA-BFE9-48EA-9D27-B1B01A6C97D8}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | "{971F24BC-B58E-4761-AC14-B214F4A19938}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{97420AC1-6DD7-4DDA-915C-2254A110A12A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{98F3A00D-4D9C-4542-86A6-5A78620119C5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{98F688E9-B0ED-4FFC-85BA-A245285249E9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{9B85BD74-E290-4215-9809-DEC97ADC25CB}" = protocol=6 | dir=in | app=c:\program files (x86)\namo\webcanvas 2006\bin\webcanvas.exe | "{9B8EBD9B-25BF-4FAA-AA8B-00FE47D58F1B}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\sendafax.exe | "{9F278B08-4E59-465B-A1AD-8E4F97499E5B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{A55F1398-55EA-43D0-AE80-DF1C803A0533}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | "{A611AA9A-2CAC-46C3-A8F0-3ADA5E3773EB}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\acrobat.com\acrobat.com.exe | "{A6FD3170-B316-4041-8E00-5160260EAF09}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | "{A824B23A-93C5-4F98-AA1C-B058930E2622}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe | "{ACE3DB4C-496B-4443-AF58-5003BCC5C4AD}" = protocol=6 | dir=in | app=c:\program files (x86)\qbittorrent\qbittorrent.exe | "{B3B27D4F-7B85-4750-8B87-F91034BEB0FE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd | "{B7C4863F-1FF8-4F4A-AB8A-2D5433594819}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{BB08271B-0383-47C1-96AB-922178AE2361}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\devicesetup.exe | "{BDAE532F-D715-4CD4-82AD-02BDE3B8B9C6}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | "{BE57797E-EDEC-4B74-8C9A-80303C0605E3}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | "{BE88BA69-6E50-43BF-B495-2E5FC0CE9BD5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{C614A42A-4CBC-4DAE-B593-3D9F275EB094}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe | "{C679407A-B035-40FD-A7F0-C45312BA35E0}" = protocol=17 | dir=in | app=c:\windows\system32\lxbfcoms.exe | "{C7502F82-EFCD-4AE1-A1AC-3AE41339D890}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1268542844\ee\aolsoftware.exe | "{C7B9DD27-AC5D-4899-AA4A-78872E5C1E41}" = protocol=17 | dir=in | app=c:\program files (x86)\aol 9.5\waol.exe | "{C907A254-2F3C-41F5-9F8C-8D5A227CB6A9}" = protocol=6 | dir=in | app=d:\setup.exe | "{CA2C6C2B-D0CB-449F-AE4B-8E51E92F9EF1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | "{CD11067C-CC7C-40D4-95A2-4218B80DD07A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | "{CF6321EA-7945-4557-B125-6F6AA138267C}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "{CF6B01F3-8335-426D-8D45-8C970E00344F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{D0A32F5A-1A68-4BF8-AEFD-2C115FD70EB8}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbfpswx.exe | "{D2212F9C-D290-4B3D-B6F7-BC830D2E718F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1268542844\ee\aolsoftware.exe | "{D3D6F0A9-7130-4538-A511-4E1D83E55DC0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D3EAB5F6-C33C-485B-9F74-D6B12A7CF122}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D525CE45-4C3C-4F95-9E75-7E0A350EE674}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{DA587FFA-A0EB-4F9A-9211-FA178888993B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbfpswx.exe | "{DE0E1981-A816-4C3D-8B30-720D4F13EE7E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | "{E0541C19-03A4-423C-BE37-C2B259B64C03}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{E178B6E2-ABC3-4F83-800A-A85B0B1CC127}" = protocol=17 | dir=in | app=c:\users\nate\appdata\local\akamai\netsession_win.exe | "{E711DC1E-91C0-472E-9A52-1C2FE37D6634}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{E848458D-52AD-4873-A34F-8A59DB5C507D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E8DF5435-BBA0-45F5-8701-074192E3DF7A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{ECC26D29-4FBA-4F87-A66E-7545A01E08A1}" = protocol=17 | dir=in | app=c:\program files (x86)\namo\webeditor 2006\bin\webeditor.exe | "{EE7AFCAE-40E4-49B1-BBDF-0BC73E6AC040}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{EED409C0-E7AB-4D4B-8E61-158A51A0E5BD}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbfcoms.exe | "{F062ED1D-F78D-4DF6-B9AE-7623377DFA7F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F1D96548-6CFC-4C90-918D-37A1387DFB0B}" = protocol=6 | dir=in | app=c:\windows\system32\lxbfcoms.exe | "{F237F273-2DC2-4CAE-ADA8-FE4DAD1EAB0A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F6EBE7FD-FA5E-45D2-A5F3-AA8665611B07}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "{FB130A62-C17C-429B-8418-984FF0734685}" = protocol=6 | dir=in | app=c:\program files (x86)\namo\webeditor 2006\bin\webeditor.exe | "{FB66CBE8-C26E-4C1A-9E33-8A63ACAF44BC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "TCP Query User{049303CA-6704-4C8E-8672-998EFC821332}C:\program files (x86)\namo\webcanvas 2006\bin\webcanvas.exe" = protocol=6 | dir=in | app=c:\program files (x86)\namo\webcanvas 2006\bin\webcanvas.exe | "TCP Query User{3468D7B8-C100-41E2-B360-ABEEDBE790F6}C:\program files (x86)\qbittorrent\qbittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qbittorrent\qbittorrent.exe | "TCP Query User{36B5C5F7-9AD7-43DC-9381-7AC9C60A7A69}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{4B164C9D-3900-4F68-87F2-A036FCD74BA3}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd | "TCP Query User{6017DFFB-860A-4511-8A21-A7D2C0188FF9}C:\program files (x86)\nero\nero8\nero mediahome\nmmediaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero8\nero mediahome\nmmediaserver.exe | "TCP Query User{6869B386-56E4-4FD6-9A89-518267DF859D}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{A1B23107-C584-4466-A7CC-B7BC4B850585}C:\program files (x86)\nero\nero8\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero8\nero home\nerohome.exe | "TCP Query User{EA45B4E4-8F3A-4ABF-AE47-5BE86C16A337}C:\program files (x86)\namo\webeditor 2006\bin\webeditor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\namo\webeditor 2006\bin\webeditor.exe | "TCP Query User{FCBDBF04-42B3-4618-8998-46F184195649}D:\setup.exe" = protocol=6 | dir=in | app=d:\setup.exe | "UDP Query User{066C982D-1F0C-453F-992E-9DE536FE7F66}C:\program files (x86)\namo\webcanvas 2006\bin\webcanvas.exe" = protocol=17 | dir=in | app=c:\program files (x86)\namo\webcanvas 2006\bin\webcanvas.exe | "UDP Query User{17554A1A-6CC6-442D-AAC4-8D1BE0D6F6D9}C:\program files (x86)\namo\webeditor 2006\bin\webeditor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\namo\webeditor 2006\bin\webeditor.exe | "UDP Query User{1B41E439-04B9-41CA-89FE-A477F01AB5B7}C:\program files (x86)\qbittorrent\qbittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qbittorrent\qbittorrent.exe | "UDP Query User{26907F1C-4538-4EF4-8AE6-2BA94E95470C}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{726E0C42-2D7B-4787-B56F-BC8A8643B5C5}D:\setup.exe" = protocol=17 | dir=in | app=d:\setup.exe | "UDP Query User{736AA735-5E93-410C-AC4D-4D2B5F91FE7C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{78B44464-1F84-4FE3-AF62-F42BD0BA33D2}C:\program files (x86)\nero\nero8\nero mediahome\nmmediaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero8\nero mediahome\nmmediaserver.exe | "UDP Query User{91F00020-EE33-4749-97A7-7EA28BB5CDC2}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd | "UDP Query User{B507D855-93A1-4E93-8797-5CA0F748F79A}C:\program files (x86)\nero\nero8\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero8\nero home\nerohome.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1F6306D6-FB66-10D2-D474-5ADE4D57EE6B}" = AMD Fuel "{1F85668C-CEB7-7A2E-356C-C42F950A982C}" = AMD Accelerated Video Transcoding "{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft Mouse and Keyboard Center "{4161341F-AE84-E404-4291-4E0322CCE809}" = AMD Media Foundation Decoders "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1 "{7FD0FD0D-AC40-A3BF-F2D4-54EFEDB0008F}" = AMD Drag and Drop Transcoding "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{AB58402A-43DE-551C-2B40-DD1CF0E21240}" = ccc-utility64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B407F586-D027-45C3-9109-CC2943E839FA}" = HP Officejet 6600 Basic Device Software "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}" = AMD Catalyst Install Manager "Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2 "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{095EEF8C-F689-6A5A-0367-15DE9404F5EB}" = Application Profiles "{0B03071A-C96E-34CA-E5A3-4D8DA8ACCB3D}" = CCC Help Polish "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C432DEB-FBF2-A5E0-FDB7-4B39F7FAF0D4}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7 "{1472627A-6E9F-DCB1-8894-E2BD249FD5E4}" = CCC Help Thai "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1A2C316B-F842-6FB3-3C87-6FE02861F396}" = AMD VISION Engine Control Center "{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet "{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{218BE476-B206-2879-B912-971E6E89E44D}" = CCC Help Finnish "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2DFFE333-1B60-4CAA-F836-3CF0C99777CA}" = CCC Help Norwegian "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{3356EDC7-9373-4D5D-852D-9AB7DBB5A7FC}" = GPU NOS "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{364374D2-FE10-2170-2397-5B01F9D00093}" = CCC Help Spanish "{38D95956-E92C-4473-904B-CD877EA04410}" = Philips SPC210NC Webcam "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10 "{40786C7F-7078-5147-444E-D45DE808B684}" = CCC Help Portuguese "{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10 "{43D3EA3E-2B72-57F3-40E0-318A614D0FDD}" = CCC Help Czech "{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11 "{4F7823C4-BB28-A63E-CE08-1B463D4682DE}" = CCC Help Dutch "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1" = Trend Micro RUBotted 2.0 Beta "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6D7B8E2C-4356-619D-134F-FB36B0809958}" = CCC Help German "{6F173E00-2766-E174-C2E0-AD88F24685BD}" = CCC Help Swedish "{6FAEC41D-0654-12C1-0068-770D19FC2446}" = CCC Help Italian "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility "{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2 "{73D239CC-D6B1-ADEC-A7BE-E100C7112004}" = CCC Help Korean "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III "{7BBAEC47-1CC0-4CB8-ADB4-531B78DBD1DD}" = Adobe AIR "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8D3D92F0-852F-D832-FD8B-029C8C231C13}" = CCC Help Russian "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer "{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007 "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{963FFEAB-16E5-EB69-4E64-338B3D319FB4}" = CCC Help Chinese Standard "{980A3C34-1652-472D-84AC-2A4D3D4955BF}" = Namo WebEditor 2006 "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C5B9ED6-0344-4550-A4AB-C4499EB36053}" = SPC 700NC PC Camera "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9F7E9D7B-3291-96CE-A27F-DD4F6EB230EA}" = CCC Help Chinese Traditional "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A11E24AD-A7EB-78C9-F792-AD9CDDB8B651}" = Catalyst Control Center InstallProxy "{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player "{A6FDE264-C48D-36CE-CFA7-ABBEB861AC10}" = Catalyst Control Center Localization All "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7B5CF5F-6BB3-4616-950E-0CF3C9A023AD}" = Namo WebUtilities 2006 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{A9DE7D74-A4D9-465A-9EE1-49D1577983AA}" = Namo WebCanvas 2006 "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09) "{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2 "{B31A9284-632D-683E-3BD0-F6926D445A7B}" = CCC Help Danish "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0 "{B7A75523-3D7F-CF23-12F7-999EAF6C7167}" = CCC Help Japanese "{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}" = Turbo Key "{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer "{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C821D689-95BE-0D60-255E-D9B89CB3019F}" = Catalyst Control Center Graphics Previews Common "{C9FFC925-E27E-436E-A2DF-652324D51033}" = Nero 8 Essentials "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE1458AA-23A7-332D-68D9-86B799898DA6}" = CCC Help Greek "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{ced7d84f-76e6-4ae6-8de8-4501b4755bd7}" = DIRECTV Player "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E0655E94-1D4D-8484-64C6-E6F847B7BE92}" = CCC Help Turkish "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E555950B-1496-C37C-CA2C-2DF8745A5BE9}" = CCC Help English "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0 "{EA57A1B9-0DD2-44DD-9B70-64E8DA553F6F}" = Philips VLounge "{EB0F4554-AD4F-4C8C-9764-66AC2CF8D184}" = AMD OverDrive "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE229D0E-3D9E-636C-6E75-9436A87C7E49}" = CCC Help French "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F536CCF1-C4C1-5FB9-6B17-F883DFFAE569}" = CCC Help Hungarian "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin "Adobe Illustrator CS2" = Adobe Illustrator CS2 "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "Age of Empires 2.0" = Microsoft Age of Empires II "avast" = avast! Free Antivirus "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Diablo" = Diablo "FileZilla Client" = FileZilla Client 3.7.3 "Google Chrome" = Google Chrome "Hoyle Board Games 4" = Hoyle Board Games 4 "ImgBurn" = ImgBurn "InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III "InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17) "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Picasa 3" = Picasa 3 "PictureItPrem_v10" = Microsoft Picture It! Premium 10 "ULTIMATER" = Microsoft Office Ultimate 2007 "VMware_Player" = VMware Player "WinLiveSuite" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.3 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-549523805-167737923-3235466408-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "Dropbox" = Dropbox "Facebook Plug-In" = Facebook Plug-In "Google Chrome" = Google Chrome "IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software "RivalGaming" = RivalGaming ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-549523805-167737923-3235466408-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "Facebook Plug-In" = Facebook Plug-In "Sansa Updater" = Sansa Updater ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-549523805-167737923-3235466408-1020\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/5/2014 1:02:24 AM | Computer Name = Admin-AMD | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 11/5/2014 1:02:24 AM | Computer Name = Admin-AMD | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 11/5/2014 3:53:10 AM | Computer Name = Admin-AMD | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 11/5/2014 3:53:10 AM | Computer Name = Admin-AMD | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 11/8/2014 2:04:40 AM | Computer Name = Admin-AMD | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 11/8/2014 2:04:40 AM | Computer Name = Admin-AMD | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 11/11/2014 2:12:59 AM | Computer Name = Admin-AMD | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary 6891467drv. System Error: The system cannot find the file specified. . Error - 11/11/2014 3:59:10 AM | Computer Name = Admin-AMD | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 11/11/2014 3:59:10 AM | Computer Name = Admin-AMD | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 11/11/2014 11:33:49 PM | Computer Name = Admin-AMD | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary 6891467drv. System Error: The system cannot find the file specified. . [ OSession Events ] Error - 10/18/2011 6:41:18 PM | Computer Name = Admin-AMD | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. Error - 2/14/2012 1:12:17 PM | Computer Name = Admin-AMD | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23 seconds with 0 seconds of active time. This session ended with a crash. Error - 2/16/2012 3:48:51 PM | Computer Name = Admin-AMD | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 55 seconds with 0 seconds of active time. This session ended with a crash. Error - 2/20/2012 11:50:09 PM | Computer Name = Admin-AMD | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 87 seconds with 60 seconds of active time. This session ended with a crash. Error - 4/2/2012 1:59:56 AM | Computer Name = Admin-AMD | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 32 seconds with 0 seconds of active time. This session ended with a crash. Error - 4/8/2012 12:03:37 AM | Computer Name = Admin-AMD | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17 seconds with 0 seconds of active time. This session ended with a crash. Error - 7/29/2012 10:14:34 AM | Computer Name = Admin-AMD | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 12 seconds with 0 seconds of active time. This session ended with a crash. Error - 5/11/2013 1:18:12 PM | Computer Name = Admin-AMD | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23 seconds with 0 seconds of active time. This session ended with a crash. Error - 5/12/2013 5:37:03 PM | Computer Name = Admin-AMD | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 37 seconds with 0 seconds of active time. This session ended with a crash. Error - 5/14/2013 2:29:11 PM | Computer Name = Admin-AMD | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 226 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 10/30/2014 4:00:17 AM | Computer Name = Admin-AMD | Source = SNMP | ID = 16713180 Description = The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration. Error - 11/2/2014 9:33:41 PM | Computer Name = Admin-AMD | Source = SNMP | ID = 16713180 Description = The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration. Error - 11/3/2014 7:06:48 PM | Computer Name = Admin-AMD | Source = Service Control Manager | ID = 7034 Description = The ASUS System Control Service service terminated unexpectedly. It has done this 1 time(s). Error - 11/3/2014 7:12:14 PM | Computer Name = Admin-AMD | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 11/3/2014 7:15:57 PM | Computer Name = Admin-AMD | Source = Application Popup | ID = 1060 Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 11/3/2014 7:17:14 PM | Computer Name = Admin-AMD | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 11/4/2014 3:09:11 PM | Computer Name = Admin-AMD | Source = SNMP | ID = 16713180 Description = The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration. Error - 11/11/2014 11:46:53 PM | Computer Name = Admin-AMD | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. Error - 11/11/2014 11:46:53 PM | Computer Name = Admin-AMD | Source = Service Control Manager | ID = 7000 Description = The Windows Search service failed to start due to the following error: %%1053 Error - 11/11/2014 11:58:07 PM | Computer Name = Admin-AMD | Source = SNMP | ID = 16713180 Description = The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration. < End of report >

OTL.txt info OTL logfile created on: 11/13/2014 11:09:21 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nate\Downloads64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.11.9600.17420)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 52.58% Memory free7.50 Gb Paging File | 4.50 Gb Available in Paging File | 60.07% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 390.53 Gb Total Space | 185.14 Gb Free Space | 47.41% Space Free | Partition Type: NTFSDrive E: | 151.03 Gb Total Space | 42.83 Gb Free Space | 28.36% Space Free | Partition Type: NTFSDrive M: | 156.98 Gb Total Space | 153.57 Gb Free Space | 97.83% Space Free | Partition Type: NTFS Computer Name: ADMIN-AMD | User Name: Nate | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/11/13 23:09:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nate\Downloads\OTL.exePRC - [2014/10/21 23:05:02 | 000,854,344 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exePRC - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2014/08/01 06:13:26 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exePRC - [2014/08/01 06:12:36 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exePRC - [2014/07/28 15:25:46 | 001,723,760 | ---- | M] (NDS Technologies) -- C:\Users\Nate\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exePRC - [2014/07/28 15:25:38 | 001,523,560 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\NDSPCShowServer.exePRC - [2014/04/17 20:07:28 | 004,672,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Nate\AppData\Local\Akamai\netsession_win.exePRC - [2013/07/25 17:11:38 | 000,443,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exePRC - [2013/07/25 17:11:36 | 001,102,872 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exePRC - [2010/01/22 20:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exePRC - [2010/01/22 20:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exePRC - [2010/01/22 20:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exePRC - [2010/01/22 20:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exePRC - [2009/07/17 15:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exePRC - [2009/04/01 23:27:28 | 000,090,112 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exePRC - [2009/03/16 00:47:28 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exePRC - [2009/03/16 00:47:24 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exePRC - [2009/03/16 00:47:22 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exePRC - [2009/03/16 00:47:20 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exePRC - [2006/12/19 08:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe ========== Modules (No Company Name) ========== MOD - [2014/10/21 23:04:57 | 008,910,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dllMOD - [2014/10/21 23:04:51 | 001,042,760 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dllMOD - [2014/10/21 23:04:49 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dllMOD - [2014/10/21 23:04:48 | 001,681,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dllMOD - [2014/08/01 06:12:38 | 019,329,904 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dllMOD - [2014/08/01 06:12:36 | 000,301,152 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\aswProperty.dllMOD - [2014/07/28 15:27:28 | 000,091,976 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\z.dllMOD - [2014/07/28 15:27:14 | 000,338,784 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\ndsLogStore.dllMOD - [2014/07/28 15:27:10 | 001,403,224 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\libxml2-2.dllMOD - [2014/07/28 15:26:54 | 000,043,880 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\libgstvideo-0.10.dllMOD - [2014/07/28 15:26:50 | 000,689,000 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\libgstreamer-0.10.dllMOD - [2014/07/28 15:26:46 | 000,060,272 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\libgstinterfaces-0.10.dllMOD - [2014/07/28 15:26:30 | 000,205,672 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\libgstbase-0.10.dllMOD - [2014/07/28 15:26:08 | 007,742,304 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\gsttspplugin.dllMOD - [2014/07/28 15:25:42 | 005,979,488 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\PCShowServer.dllMOD - [2014/07/28 15:25:38 | 001,523,560 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\NDSPCShowServer.exeMOD - [2014/07/28 15:25:32 | 003,261,280 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\DrmSingleton.dllMOD - [2014/07/28 15:25:26 | 002,229,096 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\DiscoveryManager.dllMOD - [2013/08/07 14:25:24 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dllMOD - [2013/07/10 17:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLLMOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dllMOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll ========== Services (SafeList) ========== SRV:64bit: - [2014/11/05 22:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)SRV:64bit: - [2014/08/01 06:12:36 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2012/11/16 15:44:58 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)SRV:64bit: - [2012/11/16 14:27:28 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)SRV:64bit: - [2010/11/20 08:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2010/05/20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)SRV:64bit: - [2009/07/13 20:41:10 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iprip.dll -- (iprip)SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)SRV:64bit: - [2009/07/13 20:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)SRV - [2014/11/11 22:51:13 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2013/07/25 17:11:38 | 000,443,416 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)SRV - [2013/02/28 20:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)SRV - [2012/04/20 20:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2010/11/20 07:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)SRV - [2010/01/22 20:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)SRV - [2010/01/22 20:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)SRV - [2010/01/22 20:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)SRV - [2010/01/22 20:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)SRV - [2009/10/12 13:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)SRV - [2009/07/17 15:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)SRV - [2009/07/13 20:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)SRV - [2009/04/22 12:01:30 | 000,124,256 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)SRV - [2009/04/01 23:27:28 | 000,090,112 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)SRV - [2009/03/16 00:47:22 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)SRV - [2008/02/29 01:07:18 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)SRV - [2006/12/19 08:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2014/08/01 06:13:22 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)DRV:64bit: - [2014/08/01 06:12:41 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)DRV:64bit: - [2014/08/01 06:12:40 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)DRV:64bit: - [2014/08/01 06:12:40 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)DRV:64bit: - [2014/08/01 06:12:40 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)DRV:64bit: - [2014/08/01 06:12:40 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)DRV:64bit: - [2014/08/01 06:12:40 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)DRV:64bit: - [2014/08/01 06:12:40 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2013/02/28 20:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)DRV:64bit: - [2013/02/11 23:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)DRV:64bit: - [2012/11/16 16:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)DRV:64bit: - [2012/11/16 16:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)DRV:64bit: - [2012/11/16 14:39:12 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)DRV:64bit: - [2012/03/05 14:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 05:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)DRV:64bit: - [2010/05/20 14:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)DRV:64bit: - [2010/05/10 09:44:46 | 000,028,984 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\DVDSYS64_100507.sys -- (MSI_DVD_010507)DRV:64bit: - [2010/05/10 09:44:40 | 000,033,592 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\msibios64_100507.sys -- (MSI_MSIBIOS_010507)DRV:64bit: - [2010/05/10 09:44:18 | 000,014,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\VGASYS64_100507.sys -- (MSI_VGASYS_010507)DRV:64bit: - [2010/04/27 21:02:24 | 000,783,360 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WN111v2w7x.sys -- (WN111v2)DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)DRV:64bit: - [2010/01/22 20:58:24 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)DRV:64bit: - [2010/01/22 20:58:22 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)DRV:64bit: - [2010/01/22 20:58:20 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)DRV:64bit: - [2010/01/22 20:58:16 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)DRV:64bit: - [2010/01/22 20:58:16 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)DRV:64bit: - [2010/01/22 20:00:44 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)DRV:64bit: - [2010/01/22 16:12:58 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)DRV:64bit: - [2010/01/22 16:12:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)DRV:64bit: - [2009/07/15 22:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/07/09 22:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)DRV:64bit: - [2009/06/24 05:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/05/04 23:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)DRV:64bit: - [2008/10/23 21:55:28 | 000,043,008 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)DRV:64bit: - [2008/10/23 21:55:28 | 000,043,008 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)DRV:64bit: - [2008/10/01 16:44:06 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)DRV:64bit: - [2007/12/10 21:49:54 | 000,026,624 | R--- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)DRV:64bit: - [2007/12/02 21:20:54 | 000,024,064 | R--- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)DRV:64bit: - [2006/11/28 21:46:20 | 000,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCAMp50a64.sys -- (PCAMp50a64)DRV:64bit: - [2006/11/28 21:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCASp50a64.sys -- (PCASp50a64)DRV:64bit: - [2006/10/16 09:35:50 | 000,867,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\phc700.sys -- (phc700)DRV - [2010/01/28 16:46:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)DRV - [2010/01/28 16:46:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)DRV - [2009/10/12 13:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.comIE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.comIE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-549523805-167737923-3235466408-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/IE - HKU\S-1-5-21-549523805-167737923-3235466408-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usIE - HKU\S-1-5-21-549523805-167737923-3235466408-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DF B1 0C F5 10 C2 CA 01 [binary data]IE - HKU\S-1-5-21-549523805-167737923-3235466408-1000\..\URLSearchHook: - No CLSID value foundIE - HKU\S-1-5-21-549523805-167737923-3235466408-1000\..\SearchScopes,DefaultScope = {17E5E1D0-E848-46A0-8664-EAD13704F731}IE - HKU\S-1-5-21-549523805-167737923-3235466408-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-549523805-167737923-3235466408-1000\..\SearchScopes\{17E5E1D0-E848-46A0-8664-EAD13704F731}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}IE - HKU\S-1-5-21-549523805-167737923-3235466408-1000\..\SearchScopes\{E5EC57EE-7BEB-4CB1-ADD5-7CB74D18E48E}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms} IE - HKU\S-1-5-21-549523805-167737923-3235466408-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-549523805-167737923-3235466408-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;127.0.0.1:9421; IE - HKU\S-1-5-21-549523805-167737923-3235466408-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKU\S-1-5-21-549523805-167737923-3235466408-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usIE - HKU\S-1-5-21-549523805-167737923-3235466408-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DF B1 0C F5 10 C2 CA 01 [binary data]IE - HKU\S-1-5-21-549523805-167737923-3235466408-1001\..\URLSearchHook: - No CLSID value foundIE - HKU\S-1-5-21-549523805-167737923-3235466408-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-549523805-167737923-3235466408-1001\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}IE - HKU\S-1-5-21-549523805-167737923-3235466408-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-549523805-167737923-3235466408-1001\..\SearchScopes\{17E5E1D0-E848-46A0-8664-EAD13704F731}: "URL" = https://www.google.com/search?q={searchTerms}IE - HKU\S-1-5-21-549523805-167737923-3235466408-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-549523805-167737923-3235466408-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;127.0.0.1:9421; IE - HKU\S-1-5-21-549523805-167737923-3235466408-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/IE - HKU\S-1-5-21-549523805-167737923-3235466408-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpIE - HKU\S-1-5-21-549523805-167737923-3235466408-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USIE - HKU\S-1-5-21-549523805-167737923-3235466408-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 2A 38 A1 D0 78 CD 01 [binary data]IE - HKU\S-1-5-21-549523805-167737923-3235466408-1020\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKU\S-1-5-21-549523805-167737923-3235466408-1020\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SRIE - HKU\S-1-5-21-549523805-167737923-3235466408-1020\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7NNVC_enUS496IE - HKU\S-1-5-21-549523805-167737923-3235466408-1020\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search"FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"FF - prefs.js..browser.search.param.yahoo-type: "${8}"FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1456FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.1FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2FF - prefs.js..extensions.enabledItems: 5FF - prefs.js..extensions.enabledItems: 3FF - prefs.js..extensions.enabledItems: 1FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1426FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31FF - prefs.js..extensions.enabledItems: links@rivalgaming.com:1.0.0FF - prefs.js..browser.search.defaultengine: "Microsoft (Bing)"FF - prefs.js..browser.search.defaultthis.engineName: "Microsoft (Bing)"FF - prefs.js..keyword.URL: "http://www.bing.com/search"FF - prefs.js..browser.startup.homepage: "http://www.google.com"FF - prefs.js..browser.search.defaultenginename: "Google"FF - prefs.js..browser.search.order.1: "Google"FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.search.selectedEngine: "Google"FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not foundFF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.7\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.7\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not foundFF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Nate\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Users\Nate\AppData\Local\DIRECTV Player\npPCShowPlugin.dll File not foundFF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Nate\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin64: C:\Users\Nate\AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll (DIRECTV)FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\Nate\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2014/08/01 06:12:43 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Users\Nate\AppData\Local\Mozilla Firefox\components [2014/04/23 19:26:40 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Users\Nate\AppData\Local\Mozilla Firefox\pluginsFF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/08/29 01:35:03 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/10/10 12:35:28 | 000,000,000 | ---D | M] [2010/03/15 21:11:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nate\AppData\Roaming\Mozilla\Extensions[2014/10/18 12:27:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\k7og3s3k.default\extensions[2010/04/27 10:35:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\k7og3s3k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2010/07/03 23:00:31 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\k7og3s3k.default\extensions\firefox@tvunetworks.com[2014/08/02 12:25:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\kinvk3dd.default\extensions[2014/08/03 03:12:59 | 000,005,830 | ---- | M] () -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\k7og3s3k.default\searchplugins\bing-avast.xml[2010/10/28 07:37:30 | 000,001,832 | ---- | M] () -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\k7og3s3k.default\searchplugins\bing.xml[2014/08/31 12:51:05 | 000,000,609 | ---- | M] () -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\k7og3s3k.default\searchplugins\Google.xml[2012/03/14 13:22:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2010/05/13 22:55:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}[2010/08/09 12:50:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}[2010/11/12 13:07:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}[2010/12/22 00:08:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}[2011/04/11 19:35:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}[2011/06/22 12:09:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}[2012/02/23 15:27:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}[2014/08/01 06:12:43 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF[2012/02/23 15:27:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll ========== Chrome ========== CHR - default_search_provider: (Enabled)CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - plugin: Error reading preferences fileCHR - Extension: No name found = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\CHR - Extension: No name found = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\CHR - Extension: No name found = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\CHR - Extension: No name found = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\CHR - Extension: No name found = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: No name found = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: No name found = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\CHR - Extension: No name found = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\CHR - Extension: No name found = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia\1.5_0\CHR - Extension: No name found = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\CHR - Extension: No name found = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2014/11/03 18:17:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)O2:64bit: - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not foundO3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKU\S-1-5-21-549523805-167737923-3235466408-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.O3 - HKU\S-1-5-21-549523805-167737923-3235466408-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.O3 - HKU\S-1-5-21-549523805-167737923-3235466408-1020\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)O4 - HKU\S-1-5-21-549523805-167737923-3235466408-1000..\Run: [Akamai NetSession Interface] C:\Users\Nate\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)O4 - HKU\S-1-5-21-549523805-167737923-3235466408-1000..\Run: [Facebook Update] "C:\Users\Nate\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not foundO4 - HKU\S-1-5-21-549523805-167737923-3235466408-1000..\Run: [Google Update] "C:\Users\Nate\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not foundO4 - HKU\S-1-5-21-549523805-167737923-3235466408-1000..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)O4 - HKU\S-1-5-21-549523805-167737923-3235466408-1000..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)O4 - HKU\S-1-5-21-549523805-167737923-3235466408-1000..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 File not foundO4 - HKU\S-1-5-21-549523805-167737923-3235466408-1001..\Run: [Akamai NetSession Interface] C:\Users\Nate\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)O4 - HKU\S-1-5-21-549523805-167737923-3235466408-1001..\Run: [PCShowServer] C:\Users\Nate\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe (NDS Technologies)O4 - HKU\S-1-5-21-549523805-167737923-3235466408-1020..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" File not foundO4 - HKU\S-1-5-21-549523805-167737923-3235466408-1020..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)O4 - HKU\S-1-5-21-549523805-167737923-3235466408-1020..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not foundO4 - Startup: C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-549523805-167737923-3235466408-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-549523805-167737923-3235466408-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-549523805-167737923-3235466408-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1O7 - HKU\S-1-5-21-549523805-167737923-3235466408-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221O7 - HKU\S-1-5-21-549523805-167737923-3235466408-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKU\S-1-5-21-549523805-167737923-3235466408-1020\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not foundO8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not foundO9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not foundO13 - gopher Prefix: missingO15 - HKU\S-1-5-21-549523805-167737923-3235466408-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)O15 - HKU\S-1-5-21-549523805-167737923-3235466408-1000\..Trusted Domains: com ([www.msi] http in Trusted sites)O15 - HKU\S-1-5-21-549523805-167737923-3235466408-1000\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)O15 - HKU\S-1-5-21-549523805-167737923-3235466408-1000\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)O15 - HKU\S-1-5-21-549523805-167737923-3235466408-1001\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)O15 - HKU\S-1-5-21-549523805-167737923-3235466408-1001\..Trusted Domains: com ([www.msi] http in Trusted sites)O15 - HKU\S-1-5-21-549523805-167737923-3235466408-1001\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)O15 - HKU\S-1-5-21-549523805-167737923-3235466408-1001\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} https://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control) O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control) O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.226O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A4B01F0-FD66-4CAB-94EA-6057AB9DC64E}: NameServer = 208.69.150.250,208.69.150.252O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49B78FDB-3395-4DF5-9A17-FDDDF67F6B09}: DhcpNameServer = 192.168.42.129O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49B78FDB-3395-4DF5-9A17-FDDDF67F6B09}: NameServer = 208.69.150.250,208.69.150.252O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A5FCB0C-F7C9-4603-B465-F79427CE7ED6}: DhcpNameServer = 192.168.0.1 205.171.2.226O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{835D3CF6-13C7-45CB-96CC-0D76846F6FAD}: DhcpNameServer = 192.168.0.1 205.171.2.226O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{835D3CF6-13C7-45CB-96CC-0D76846F6FAD}: NameServer = 208.69.150.250,208.69.150.252O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8C944E4-F889-46A2-B738-A628A8C87211}: NameServer = 208.69.150.250,208.69.150.252O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value foundO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not foundO20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O34 - HKLM BootExecute: (bootdelete)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014/11/11 22:48:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi[2014/11/09 22:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab[2014/11/03 18:20:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2014/11/03 18:02:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2014/11/03 18:02:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2014/11/03 18:02:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2014/11/03 18:01:52 | 000,000,000 | ---D | C] -- C:\Qoobox[2014/11/01 11:46:53 | 000,000,000 | ---D | C] -- C:\FRST[2014/10/26 23:02:33 | 000,000,000 | ---D | C] -- C:\Users\Nate\Desktop\The Kids Files[2014/10/25 10:43:17 | 001,706,144 | ---- | C] (Thisisu) -- C:\Users\Nate\Desktop\JRT_NEW.exe[2014/10/18 13:56:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java[2014/10/18 13:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java[2014/10/18 12:16:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner[2014/10/18 11:55:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2014/10/18 11:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro[2014/10/18 02:15:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT[2014/10/17 19:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap[2014/10/17 19:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap[2014/10/17 19:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted[2014/10/17 19:27:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro[2014/10/17 19:08:45 | 000,175,528 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014/11/13 23:11:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2014/11/13 22:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2014/11/13 22:48:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-549523805-167737923-3235466408-1020UA.job[2014/11/13 14:48:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-549523805-167737923-3235466408-1020Core.job[2014/11/13 10:08:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Angela.job[2014/11/13 09:11:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2014/11/13 09:08:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Angela.job[2014/11/13 02:24:21 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys[2014/11/13 02:13:49 | 001,399,020 | ---- | M] () -- C:\Users\Nate\Desktop\Label-315770431 (1).pdf[2014/11/12 02:43:50 | 000,026,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2014/11/12 02:43:50 | 000,026,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2014/11/11 23:07:52 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx[2014/11/11 23:04:47 | 000,804,158 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2014/11/11 23:04:47 | 000,676,794 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2014/11/11 23:04:47 | 000,128,386 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2014/11/11 22:59:46 | 000,001,912 | ---- | M] () -- C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6600.lnk[2014/11/11 22:59:31 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Angela.job[2014/11/11 22:57:44 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl[2014/11/11 22:57:33 | 005,028,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2014/11/11 22:57:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2014/11/11 22:56:22 | 3019,247,616 | -HS- | M] () -- C:\hiberfil.sys[2014/11/03 18:17:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2014/10/28 08:13:25 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk[2014/10/28 00:37:49 | 000,817,100 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2014/10/25 12:04:21 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2014/10/21 13:25:16 | 001,706,144 | ---- | M] (Thisisu) -- C:\Users\Nate\Desktop\JRT_NEW.exe[2014/10/17 19:25:35 | 000,134,437 | ---- | M] () -- C:\Users\Nate\AppData\Local\census.cache[2014/10/17 19:25:25 | 000,202,855 | ---- | M] () -- C:\Users\Nate\AppData\Local\ars.cache[2014/10/17 19:16:45 | 000,000,010 | ---- | M] () -- C:\Users\Nate\AppData\Local\sponge.last.runtime.cache[2014/10/17 19:08:16 | 000,000,036 | ---- | M] () -- C:\Users\Nate\AppData\Local\housecall.guid.cache[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2014/11/13 02:13:49 | 001,399,020 | ---- | C] () -- C:\Users\Nate\Desktop\Label-315770431 (1).pdf[2014/11/03 18:02:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2014/11/03 18:02:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2014/11/03 18:02:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2014/11/03 18:02:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2014/11/03 18:02:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2014/10/17 19:25:35 | 000,134,437 | ---- | C] () -- C:\Users\Nate\AppData\Local\census.cache[2014/10/17 19:25:25 | 000,202,855 | ---- | C] () -- C:\Users\Nate\AppData\Local\ars.cache[2014/10/17 19:16:45 | 000,000,010 | ---- | C] () -- C:\Users\Nate\AppData\Local\sponge.last.runtime.cache[2014/10/17 19:08:16 | 000,000,036 | ---- | C] () -- C:\Users\Nate\AppData\Local\housecall.guid.cache[2014/08/30 10:35:02 | 000,010,797 | ---- | C] () -- C:\Users\Nate\10006249_259757174198444_1442326992_n.jpg[2014/08/03 20:39:56 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini[2013/11/14 18:37:26 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini[2013/09/30 23:07:02 | 000,000,600 | ---- | C] () -- C:\Users\Nate\AppData\Local\PUTTY.RND[2013/02/28 20:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll[2012/11/16 15:01:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat[2012/11/16 15:01:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat[2011/10/18 17:39:44 | 000,000,128 | ---- | C] () -- C:\Users\Nate\AppData\Roaming\default.pls[2011/01/03 18:26:43 | 000,000,092 | ---- | C] () -- C:\Users\Nate\AppData\Local\fusioncache.dat[2010/11/15 14:44:01 | 008,673,792 | ---- | C] () -- C:\ProgramData\atscie.msi[2010/05/14 11:17:39 | 000,007,606 | ---- | C] () -- C:\Users\Nate\AppData\Local\Resmon.ResmonCfg[2010/04/15 13:24:26 | 000,001,472 | ---- | C] () -- C:\Users\Nate\.recently-used.xbel[2010/03/16 21:51:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat[2010/03/12 14:43:45 | 000,001,024 | ---- | C] () -- C:\Users\Nate\.rnd[2010/02/04 18:23:15 | 000,001,024 | ---- | C] () -- C:\Users\Nate\ (1).rnd[2009/08/23 17:53:51 | 000,000,176 | ---- | C] () -- C:\Users\Nate\.packettracer[2009/02/01 02:04:49 | 029,873,247 | ---- | C] () -- C:\Users\Nate\mob.zip ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2014/05/21 01:14:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AVAST Software[2013/11/25 12:46:41 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\AVAST Software[2010/03/14 00:07:41 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\acccore[2013/11/25 02:46:43 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\AVAST Software[2010/08/25 00:41:50 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1[2011/08/18 02:57:32 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\CupidChat[2010/05/25 21:39:25 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Facebook[2014/02/11 02:39:57 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\FileZilla[2013/10/30 16:28:59 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Free-backup.info[2010/04/15 13:24:26 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\gtk-2.0[2010/07/01 13:54:53 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\ImgBurn[2014/07/27 19:38:43 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Opera[2012/04/27 19:06:28 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\qBittorrent[2014/10/24 17:31:28 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\SanDisk[2012/05/11 16:20:16 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\WeatherBug[2010/12/18 21:48:04 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 741 bytes -> C:\Users\Nate\Documents\Hi, It's me again.eml:OECustomProperty@Alternate Data Stream - 304 bytes -> C:\Users\Nate\Desktop\usmcguideon.jpg:Updt_SummaryInformation@Alternate Data Stream - 304 bytes -> C:\Users\Nate\Desktop\clonewarsconf.png:Updt_SummaryInformation@Alternate Data Stream - 1001 bytes -> C:\Users\Nate\Documents\Do whatever ya want, if it eases your soul.eml:OECustomProperty < End of report >

Basically, I have no problem getting into the registry or whatnot, if that's what keeps calling this stuff up. Or doing any of that. You just might have to guide me so I don't screw up. lol

Ok, I went to reset the Chrome setting via "advanced settings", and I did it 3 times. Ironically, it didn't do it. I then reset browsing history, and it seemed to reset there. (I had already closed the browsing window, and re-opened, each time) And now, still redirected. Just FYI, I am not someone who is slow about how this stuff works. I have some IT experience, some. But when it comes to this, I am at a loss. At this point I am thinking the best way to get rid of it, is reformatting, and that is a "worst case scenario", as the access to a plug n play hard drive to back things up is none, for now. And I am not trying to play "know it all", I am just frustrated. When I have ran some of these, I have had "this file is password protected", "file is not found", and several others. I do not password protect, that shouldn't be able to be deleted by admin privileges. Frustrated, and thanks for the continued help.