Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Havin' Problems


  • Please log in to reply
16 replies to this topic

#1 MyCrappyComputer

MyCrappyComputer

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 22 July 2013 - 05:40 PM

Hi people,
I am requesting assistance because my computer has major, major issues. Some of these are even comical but true, nonetheless. Also, for some reason I can only post text and not screenshots.
1) When I visit certain websites, I see strange characters. Usually an "A" with a carrot over it. 
2) My internet connection works fine but in the lower right hand corner of my computer there is always the network icon with a big red "X"
3) I have a folder on my desktop entitled, and I kid you not, "TheBestBabes", that I constantly delete but it returns every time I connect to the internet.
4) I downloaded MS Office and the log, which I can post, says the installation was corrupt, but yet it was almost a year before I read this log and everything functioned 
perfectly in MS Office. It wasn't until I started having computer problems that I began to search for logs and found it. It was one of the very first things I downloaded 
when I reformatted my computer, so if it contained an infection, almost everything on my computer was downloaded after this corrupt download.
5) While using a program on Safari, I clicked on view activity and there were so many scripts being executed and errors occurring.
6) In firefox and IE, I have a ton of invalid and expired certificates that are listed as valid.
7) Google Chrome just installed by itself one day. I was just looking at my computer and all of a sudden google chrome starts installing all by itself.
8) I ran sfc/ scannow from the commandline and it told me that there are many corrupt files that cannot be fixed. 
9) I have a ton of logs that contain very strange characters. (see text below as examples).
 
9a)
 
Ú
¤%»         /mkfokfffehpeedafpekjeddnmnjhmcmk.browser_action}{"appearance":2,"badge_background_color":"0","badge_text":"","badge_text_color":"0","poupup_url":"","title":"Norton Toolbar"}¬ÇF           ¬ÇF           ¬ÇF           ¬ÇF           ¬ÇF           ¬ÇF           ¬ÇF           ¬ÇF           ¬ÇF           ¬ÇF           ¬ÇF           )MÕc         Raohghmighlieiainnegkcijnfilokake.declarative_rules.declarativeWebRequest.onRequest[]©&f           ©&f           ©&f           ©&f           ©&f           ¢º8,c         Rapdfllckaahabafndbhieahigkjlhalf.declarative_rules.declarativeWebRequest.onRequest[]

 

 

 

9b)
 
regf     m¢ñ÷Í              P     \ ? ? \ C : \ W i n d o w s \ p s s \ b o o t . b a c k u p     #¹ˆaâ¯N„i´Ig#¹ˆaâ¯N„i´Ig    $¹ˆaâ¯N„i´Igrmtm                                                                                                                                                                                                                                                                                                                                                    £/ÇDIRTÿÿÿÿÿ   m¢ñ÷Í              P     \ ? ? \ C : \ W i n d o w s \ p s s \ b o o t . b a c k u p     #¹ˆaâ¯N„i´Ig#¹ˆaâ¯N„i´Ig    $¹ˆaâ¯N„i´Igrmtm                                                                                                                                                                                                                                                                                                                                                    £/Çhbin              m¢ñ÷Í     ÿÿÿnk, ¬ßýð÷Í             p  ÿÿÿÿ    ÿÿÿÿ€   ÿÿÿÿ                   NewStoreRoot57-4pÿÿÿsk  ˆ  x     t   €H   X         4     ?             ?                       ©Äc›¥üþÐ9¤á      ¨ÿÿÿnk  m¢ñ÷Í        
       X7  ÿÿÿÿ    ÿÿÿÿˆ  ÿÿÿÿL                     Objects      øÿÿÿX  hÿÿÿsk  €   ¸4     |   €P   `         <                 ?       utSigned                 ©Äc›¥üþÐ9¤á       ÿÿÿnk  m¢ñ÷Í                ÿÿÿÿÿÿÿÿ   ¨E  ˆ  ÿÿÿÿ                   Description     èÿÿÿlf  Desc  Objehÿÿÿsk  ¸4  €   O   |   €P   `         <                 ?                             ©Äc›¥üþÐ9¤á      àÿÿÿvk   @       KeyName àÿÿÿB C D 0 0 0 0 0 0 0 1       ˆÿÿÿnk  m¢ñ÷Í             Ð  ÿÿÿÿ    ÿÿÿÿˆ  ÿÿÿÿ                   &   {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}  ðÿÿÿlf ð  1400 ÿÿÿnk  
A ñ÷Í    `          ÿÿÿÿÿÿÿÿ   p  x  ÿÿÿÿ                   Description     ðÿÿÿlf è  1600àÿÿÿvk  €       Type    ¨ÿÿÿnk  m¢ñ÷Í    `         H  ÿÿÿÿ    ÿÿÿÿˆ  ÿÿÿÿ                     Elementsèÿÿÿlf è  Descx  Elem¨ÿÿÿnk  m¢ñ÷Í    x          ÿÿÿÿÿÿÿÿ   `  ˆ  ÿÿÿÿ                   16000020àÿÿÿvk  €       Element øÿÿÿ@  ˆÿÿÿnk  
A ñ÷Í             Ø  ÿÿÿÿ    ÿÿÿÿˆ  ÿÿÿÿ                   &   {1afa9c49-16ab-4a5c-901b-212802da9460}  ðÿÿÿlf X  1400øÿÿÿÈ   ÿÿÿnk  
A ñ÷Í    h          ÿÿÿÿÿÿÿÿ   x  x  ÿÿÿÿ                   Description     àÿÿÿvk  €       Type    øÿÿÿX  ¨ÿÿÿnk  
A ñ÷Í    h         Ø  ÿÿÿÿ    ÿÿÿÿˆ  ÿÿÿÿ                     Elementsèÿÿÿlf ø  Desc€  Elem¨ÿÿÿnk  
A ñ÷Í    €          ÿÿÿÿÿÿÿÿ   À  ˆ  ÿÿÿÿ           P         14000006àÿÿÿvk P   h       Element ¨ÿÿÿ{ 7 e a 2 e 1 a c - 2 e 6 1 - 4 7 2 8 - a a a 3 - 8 9 6 d 9 d 0 a 9 f 0 e }         øÿÿÿH  ˆÿÿÿnk  m¢ñ÷Í             @  ÿÿÿÿ    ÿÿÿÿˆ  ÿÿÿÿ                   &   {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}  øÿÿÿ¸  øÿÿÿ  èÿÿÿlf    Desc  Elem ÿÿÿnk  
A ñ÷Í    È          ÿÿÿÿÿÿÿÿ   ð  x  ÿÿÿÿ                   Description     àÿÿÿvk  €       Type    ¨ÿÿÿnk  m¢ñ÷Í    È         à  ÿÿÿÿ    ÿÿÿÿˆ  ÿÿÿÿ                     Elementsèÿÿÿlf h  Descè  Elem¨ÿÿÿnk  m¢ñ÷Í    è          ÿÿÿÿÿÿÿÿ   À
  ˆ  ÿÿÿÿ           ì         14000006àÿÿÿvk ì   Ð       Element ÿÿÿ{ 4 6 3 6 8 5 6 e - 5 4 0 f - 4 1 7 0 - a 1 3 0 - a 8 4 7 7 6 f 4 c 6 5 4 }   { 0 c e 4 9 9 1 b - e 6 b 3 - 4 b 1 6 - b 2 3 c - 5 e 0 d 9 2 5 0 e 5 d 9 }   { 5 1 8 9 b 2 5 c - 5 5 5 8 - 4 b f 2 - b c a 4 - 2 8 9 b 1 1 b d 2 9 e 2 }     øÿÿÿ°  ˆÿÿÿnk  m¢ñ÷Í             0  ÿÿÿÿ    ÿÿÿÿˆ  ÿÿÿÿ                   &   {4636856e-540f-4170-a130-a84776f4c654}   ÿÿÿnk  
A ñ÷Í    È
          ÿÿÿÿÿÿÿÿ   Ð  x  ÿÿÿÿ                   Description     ðÿÿÿ       1500àÿÿÿvk  €       Type    øÿÿÿ°  ¨ÿÿÿnk  m¢ñ÷Í    È
        `  ÿÿÿÿ    ÿÿÿÿ¸4  ÿÿÿÿ                     Elementsèÿÿÿlf @  DescØ  Elem¨ÿÿÿnk  m¢ñ÷Í    Ø          ÿÿÿÿÿÿÿÿ   Ð  ¸4  ÿÿÿÿ                   15000011àÿÿÿvk   À       Element ðÿÿÿ            øÿÿÿ  ˜   sk  €   x     |   €P   `         <     ?             ?                             ©Äc›¥üþÐ9¤á      ¨ÿÿÿnk  m¢ñ÷Í    Ø          ÿÿÿÿÿÿÿÿ      ¸4  ÿÿÿÿ                   15000013ðÿÿÿ      1500øÿÿÿˆ  àÿÿÿvk           Element øÿÿÿà
  ¨ÿÿÿnk  m¢ñ÷Í    Ø          ÿÿÿÿÿÿÿÿ   Ø
  ¸4  ÿÿÿÿ                   15000014Øÿÿÿlf H  1500p
  1500  1500        àÿÿÿvk   È
      Element ˆÿÿÿnk  m¢ñ÷Í             `8  ÿÿÿÿ    ÿÿÿÿˆ  ÿÿÿÿ                  &   {9dea862c-5cdd-4e70-acc1-f32b344d4795}  àÿÿÿvk X   Ð8     ¤áElement ˆÿÿÿnk  m¢ñ÷Í             P  ÿÿÿÿ    ÿÿÿÿˆ  ÿÿÿÿ                   &   {5189b25c-5558-4bf2-bca4-289b11bd29e2}  ðÿÿÿlf €  1400àÿÿÿvk  €     92Type{492øÿÿÿÈ  øÿÿÿØ  øÿÿÿ€  hbin                         ÿÿÿnk  
A ñ÷Í    @          ÿÿÿÿÿÿÿÿ   ø  ˆ  ÿÿÿÿ                   Description     àÿÿÿvk  €       Type    ¨ÿÿÿnk  
A ñ÷Í    @          ÿÿÿÿÿÿÿÿ    ÿÿÿÿˆ  ÿÿÿÿ                       Elementsˆÿÿÿnk  
A ñ÷Í             P  ÿÿÿÿ    ÿÿÿÿˆ  ÿÿÿÿ                  &   {492f42f6-df54-11e1-8047-aebee288889e}   ÿÿÿnk  
A ñ÷Í    ø          ÿÿÿÿÿÿÿÿ   ð  ˆ  ÿÿÿÿ                   Description     àÿÿÿvk  €       Type    øÿÿÿÐ  ¨ÿÿÿnk  
A ñ÷Í    ø         @  ÿÿÿÿ    ÿÿÿÿˆ  ÿÿÿÿ                     Elementsèÿÿÿlf p  Descø  Elem¨ÿÿÿnk  
A ñ÷Í    ø          ÿÿÿÿÿÿÿÿ   @  ˆ  ÿÿÿÿ           X         11000001àÿÿÿvk X   à       Element  ÿÿÿ                       H         P                   z¬I‚                                øÿÿÿÀ  ¨ÿÿÿnk  
A ñ÷Í    ø          ÿÿÿÿÿÿÿÿ   @  ˆ  ÿÿÿÿ           @         12000002ðÿÿÿe n - U S   øÿÿÿX  àÿÿÿvk @   Ø       Element ¸ÿÿÿ\ W i n d o w s \ s y s t e m 3 2 \ w i n r e s u m e . e x e       ¨ÿÿÿnk  
A ñ÷Í    ø          ÿÿÿÿÿÿÿÿ   H  ˆ  ÿÿÿÿ           6         12000004àÿÿÿvk P       00Element0øÿÿÿx  àÿÿÿvk 6   À       Element ÀÿÿÿW i n d o w s   R e s u m e   A p p l i c a t i o n         ¨ÿÿÿnk  
A ñ÷Í    ø          ÿÿÿÿÿÿÿÿ   °  ˆ  ÿÿÿÿ                   12000005àÿÿÿvk           Element ¨ÿÿÿnk  
A ñ÷Í    ø          ÿÿÿÿÿÿÿÿ   ˜  ˆ  ÿÿÿÿ           P         14000006àÿÿÿvk  €       00Element0øÿÿÿÐ  øÿÿÿX  øÿÿÿ8  øÿÿÿx  ¨ÿÿÿ{ 1 a f a 9 c 4 9 - 1 6 a b - 4 a 5 c - 9 0 1 b - 2 1 2 8 0 2 d a 9 4 6 0 }         ¨ÿÿÿnk  
A ñ÷Í    ø          ÿÿÿÿÿÿÿÿ   @  ˆ  ÿÿÿÿ           X         21000001àÿÿÿvk X   à      Element  ÿÿÿ                       H         P                   z¬I‚                                øÿÿÿÀ  ¨ÿÿÿnk  
A ñ÷Í    ø          ÿÿÿÿÿÿÿÿ   à  ˆ  ÿÿÿÿ                   22000002àÿÿÿvk   À       Element àÿÿÿ\ h i b e r f i l . s y s   øÿÿÿ  ¨ÿÿÿnk  
A ñ÷Í    ø          ÿÿÿÿÿÿÿÿ   ð  ˆ  ÿÿÿÿ                   26000006 ÿÿÿlf h  1100H  1200  1200  1200x  1400h  2100H  2200è  2600                        ˆÿÿÿnk  
A ñ÷Í             ð  ÿÿÿÿ    ÿÿÿÿˆ  ÿÿÿÿ                   &   {492f42f7-df54-11e1-8047-aebee288889e}   ÿÿÿnk  
A ñ÷Í              ÿÿÿÿÿÿÿÿ    ˆ  ÿÿÿÿ                   Description     àÿÿÿvk  €       Type    ¨ÿÿÿnk  
A ñ÷Í             ¸(  ÿÿÿÿ    ÿÿÿÿˆ  ÿÿÿÿ                     Elementsèÿÿÿlf  Desc˜  Elem¨ÿÿÿnk  
A ñ÷Í    ˜          ÿÿÿÿÿÿÿÿ   à  ˆ  ÿÿÿÿ           X         11000001àÿÿÿvk X   €       Element  ÿÿÿ                       H         P                   z¬I‚                                øÿÿÿ`  ¨ÿÿÿnk  
A ñ÷Í    ˜          ÿÿÿÿÿÿÿÿ   ø  ˆ  ÿÿÿÿ           <         12000002èÿÿÿW i n d o w s   7   àÿÿÿvk <   x       Element Àÿÿÿ\ W i n d o w s \ s y s t e m 3 2 \ w i n l o a d . e x e   ¨ÿÿÿnk  
A ñ÷Í    ˜          ÿÿÿÿÿÿÿÿ      ˆ  ÿÿÿÿ                   12000004àÿÿÿvk P   €     00Element0øÿÿÿ  àÿÿÿvk   @       Element ¨ÿÿÿnk  
A ñ÷Í    ˜          ÿÿÿÿÿÿÿÿ   à  ˆ  ÿÿÿÿ                   12000005àÿÿÿvk   Ð       Element ðÿÿÿe n - U S   øÿÿÿ°  ¨ÿÿÿnk  
A ñ÷Í    ˜          ÿÿÿÿÿÿÿÿ   0  ˆ  ÿÿÿÿ           P         14000006àÿÿÿvk X   &     00Element0øÿÿÿ@  èÿÿÿ\ W i n d o w s   00¨ÿÿÿ{ 6 e f b 5 2 b f - 1 7 6 6 - 4 1 d b - a 6 b 3 - 0 e e 5 e f f 7 2 b d 7 }         ˆÿÿÿnk  m¢ñ÷Í             h  ÿÿÿÿ    ÿÿÿÿˆ  ÿÿÿÿ                   &   {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}   ÿÿÿnk  m¢ñ÷Í    ¨          ÿÿÿÿÿÿÿÿ   ¨5  ˆ  ÿÿÿÿ             Ø     Description {7ff ÿÿÿnk  
A ñ÷Í    Ø          ÿÿÿÿÿÿÿÿ   è  ˆ  ÿÿÿÿ                   Description     ¨ÿÿÿnk  m¢ñ÷Í    Ø         ¸  ÿÿÿÿ    ÿÿÿÿ¸4  ÿÿÿÿ                     Elementsèÿÿÿlf °  Desc  Elem¨ÿÿÿnk  m¢ñ÷Í              ÿÿÿÿÿÿÿÿ   ð  ¸4  ÿÿÿÿ           ž         14000006àÿÿÿvk ž           Element øÿÿÿ°!  hbin                          Xÿÿÿ{ 7 e a 2 e 1 a c - 2 e 6 1 - 4 7 2 8 - a a a 3 - 8 9 6 d 9 d 0 a 9 f 0 e }   { 7 f f 6 0 7 e 0 - 4 3 9 5 - 1 1 d b - b 0 d e - 0 8 0 0 2 0 0 c 9 a 6 6 }           ˆÿÿÿnk  m¢ñ÷Í             ("  ÿÿÿÿ    ÿÿÿÿˆ  ÿÿÿÿ                  &   {7ff607e0-4395-11db-b0de-0800200c9a66}   ÿÿÿnk  
A ñ÷Í    È           ÿÿÿÿÿÿÿÿ   ø  ˆ  ÿÿÿÿ                   Description     ðÿÿÿ       2500àÿÿÿvk  €       Type    ¨ÿÿÿnk  m¢ñ÷Í    È         À#  ÿÿÿÿ    ÿÿÿÿ¸4  ÿÿÿÿ                     Elementsèÿÿÿlf @!  DescÐ!  Elem¨ÿÿÿnk  m¢ñ÷Í    Ð!          ÿÿÿÿÿÿÿÿ   È"  ¸4  ÿÿÿÿ                   250000f3àÿÿÿvk   ¸"       Element ðÿÿÿ            øÿÿÿ˜"  ¨ÿÿÿnk  m¢ñ÷Í    Ð!          ÿÿÿÿÿÿÿÿ   `#  ¸4  ÿÿÿÿ                   250000f4ðÿÿÿ      2500øÿÿÿè#  àÿÿÿvk    !       Element øÿÿÿ@#  ¨ÿÿÿnk  m¢ñ÷Í    Ð!          ÿÿÿÿÿÿÿÿ   8#  ¸4  ÿÿÿÿ                   250000f5Øÿÿÿlf @"  2500Ð"  2500h#  2500        àÿÿÿvk   (#       Element ¨ÿÿÿnk  
A ñ÷Í    ˜          ÿÿÿÿÿÿÿÿ   Ø$  ˆ  ÿÿÿÿ           P         14000008àÿÿÿvk P   €$       Element ¨ÿÿÿ{ 4 9 2 f 4 2 f 8 - d f 5 4 - 1 1 e 1 - 8 0 4 7 - a e b e e 2 8 8 8 8 9 e }         øÿÿÿ`$  ¨ÿÿÿnk  
A ñ÷Í    ˜          ÿÿÿÿÿÿÿÿ   X%  ˆ  ÿÿÿÿ                   16000009àÿÿÿvk  €       Element øÿÿÿ8%  ¨ÿÿÿnk  
A ñ÷Í    ˜          ÿÿÿÿÿÿÿÿ   `  ˆ  ÿÿÿÿ           X         21000001àÿÿÿvk  €       00Element0øÿÿÿ¸%  øÿÿÿˆ,  øÿÿÿh-  àÿÿÿvk  €     00Type2300øÿÿÿð%   ÿÿÿ                       H         P                   z¬I‚                                ¨ÿÿÿnk  
A ñ÷Í    ˜          ÿÿÿÿÿÿÿÿ   ð&  ˆ  ÿÿÿÿ                   22000002àÿÿÿvk   h       Element øÿÿÿÐ&  ¨ÿÿÿnk  
A ñ÷Í    ˜          ÿÿÿÿÿÿÿÿ   È'  ˆ  ÿÿÿÿ           N         23000003àÿÿÿvk N   p'       Element ¨ÿÿÿ{ 4 9 2 f 4 2 f 6 - d f 5 4 - 1 1 e 1 - 8 0 4 7 - a e b e e 2 8 8 8 8 9 e }         øÿÿÿP'  ¨ÿÿÿnk  
A ñ÷Í    ˜          ÿÿÿÿÿÿÿÿ   X(  ˆ  ÿÿÿÿ                   25000020àÿÿÿvk   H(       Element ðÿÿÿ           øÿÿÿ((  ¨ÿÿÿnk  
A ñ÷Í    ˜          ÿÿÿÿÿÿÿÿ   Ø%  ˆ  ÿÿÿÿ                   26000090pÿÿÿlf  1100è  1200¸  1200X  1200è  1400$  1400à$  1600`%  2100x&  2200ø&  2300Ð'  2500`(  2600                                        ˆÿÿÿnk  m¢ñ÷Í             x*  ÿÿÿÿ    ÿÿÿÿˆ  ÿÿÿÿ                   &   {492f42f8-df54-11e1-8047-aebee288889e}   ÿÿÿnk  
A ñ÷Í    H)          ÿÿÿÿÿÿÿÿ   &  ˆ  ÿÿÿÿ                   Description     ¨ÿÿÿnk  m¢ñ÷Í    H)         Ø1  ÿÿÿÿ    ÿÿÿÿˆ  ÿÿÿÿ                     Elementsèÿÿÿlf À)  Desc *  Elem¨ÿÿÿnk  
A ñ÷Í     *          ÿÿÿÿÿÿÿÿ   ,  ˆ  ÿÿÿÿ           þ         11000001àÿÿÿvk þ   +       Element øþÿÿùB/ITßá€G®¾âˆˆž       î                               Æ           H         P                   z¬I‚                            \ R e c o v e r y \ 4 9 2 f 4 2 f 8 - d f 5 4 - 1 1 e 1 - 8 0 4 7 - a e b e e 2 8 8 8 8 9 e \ W i n r e . w i m         øÿÿÿè*  ¨ÿÿÿnk  
A ñ÷Í     *          ÿÿÿÿÿÿÿÿ   à%  ˆ  ÿÿÿÿ           <         12000002øÿÿÿ .  øÿÿÿˆ/  øÿÿÿÀ/  àÿÿÿvk <   ¨,       Element Àÿÿÿ\ w i n d o w s \ s y s t e m 3 2 \ w i n l o a d . e x e   ¨ÿÿÿnk  
A ñ÷Í     *          ÿÿÿÿÿÿÿÿ   è%  ˆ  ÿÿÿÿ           <         12000004àÿÿÿvk þ    0     00Element0øÿÿÿ@-  àÿÿÿvk <   ˆ-       Element ÀÿÿÿW i n d o w s   R e c o v e r y   E n v i r o n m e n t     ¨ÿÿÿnk  
A ñ÷Í     *          ÿÿÿÿÿÿÿÿ   p,  ˆ  ÿÿÿÿ           P         14000006àÿÿÿvk P   @.       Element ¨ÿÿÿ{ 6 e f b 5 2 b f - 1 7 6 6 - 4 1 d b - a 6 b 3 - 0 e e 5 e f f 7 2 b d 7 }         ¨ÿÿÿnk  m¢ñ÷Í     *          ÿÿÿÿÿÿÿÿ   `-  ˆ  ÿÿÿÿ           þ         21000001àÿÿÿvk  €     00Element0àÿÿÿvk  €     00Element0¨ÿÿÿnk  m¢ñ÷Í     *          ÿÿÿÿÿÿÿÿ   x,  ˆ  ÿÿÿÿ                   22000002àÿÿÿvk   ¨/       Element èÿÿÿ\ w i n d o w s     àÿÿÿvk   à/       Element ðÿÿÿ            øÿÿÿð.  øÿÿÿ/  hbin 0                        øþÿÿùB/ITßá€G®¾âˆˆž       î                               Æ           H         P                   z¬I‚                            \ R e c o v e r y \ 4 9 2 f 4 2 f 8 - d f 5 4 - 1 1 e 1 - 8 0 4 7 - a e b e e 2 8 8 8 8 9 e \ W i n r e . w i m         ¨ÿÿÿnk  m¢ñ÷Í     *          ÿÿÿÿÿÿÿÿ   €,  ˆ  ÿÿÿÿ                   25000020¨ÿÿÿnk  m¢ñ÷Í     *          ÿÿÿÿÿÿÿÿ   ð/  ˆ  ÿÿÿÿ                   26000022 ÿÿÿlf *  1100,  1200è,  1200È-  1400˜.  21000/  2200(1  2500€1  260082  4600                ¨ÿÿÿnk  m¢ñ÷Í     *          ÿÿÿÿÿÿÿÿ   ø/  ˆ  ÿÿÿÿ                   46000010ˆÿÿÿnk  m¢ñ÷Í             ø3  ÿÿÿÿ    ÿÿÿÿ¸4  ÿÿÿÿ                   &   {492f42f9-df54-11e1-8047-aebee288889e}   ÿÿÿnk  m¢ñ÷Í    2          ÿÿÿÿÿÿÿÿ   ˜3  ˆ  ÿÿÿÿ                   Description     øÿÿÿÀ5  øÿÿÿÀ6  àÿÿÿvk  €   0     Type    øÿÿÿx3  ¨ÿÿÿnk  m¢ñ÷Í    2         ˜6  ÿÿÿÿ    ÿÿÿÿ¸4  ÿÿÿÿ                     Elementsèÿÿÿlf 3  Desc 3  Elem¨ÿÿÿnk  m¢ñ÷Í     3          ÿÿÿÿÿÿÿÿ   °4  ¸4  ÿÿÿÿ           "         12000004àÿÿÿvk "   ˆ4       Element ØÿÿÿR a m d i s k   O p t i o n s     øÿÿÿh4  hÿÿÿsk  x  ˆ     |   €P   `         <                 ?       \ b o o                 ©Äc›¥üþÐ9¤á      ¨ÿÿÿnk  m¢ñ÷Í     3          ÿÿÿÿÿÿÿÿ   h3  ¸4  ÿÿÿÿ           X         31000003øÿÿÿè7  øÿÿÿ¨9  øÿÿÿx:  àÿÿÿvk X   à5       Element  ÿÿÿ                       H         P                   z¬I‚                                ¨ÿÿÿnk  m¢ñ÷Í     3          ÿÿÿÿÿÿÿÿ   p3  ¸4  ÿÿÿÿ           p         32000004Øÿÿÿlf 4  1200P5  3100@6  3200        àÿÿÿvk p   à6       Element ˆÿÿÿ\ R e c o v e r y \ 4 9 2 f 4 2 f 8 - d f 5 4 - 1 1 e 1 - 8 0 4 7 - a e b e e 2 8 8 8 8 9 e \ b o o t . s d i       pÿÿÿlf
 `  {0ceh  {1afÈ
  {463ø  {492  {492H)  {4922  {492@  {518Ø  {6efÈ  {7eaÈ   {7ff¨  {9de @  {b27             ©Äc›¥üþÐ9¤áàÿÿÿvk  €     Type    ¨ÿÿÿnk  m¢ñ÷Í    ¨         `>  ÿÿÿÿ    ÿÿÿÿˆ  ÿÿÿÿ                     Elementsèÿÿÿlf P  Desc8  Elem¨ÿÿÿnk  m¢ñ÷Í    8          ÿÿÿÿÿÿÿÿ   09  ˆ  ÿÿÿÿ           X         11000001 ÿÿÿ                       H                           z¬I‚                                øÿÿÿ  ¨ÿÿÿnk  m¢ñ÷Í    8          ÿÿÿÿÿÿÿÿ   °5  ˆ  ÿÿÿÿ           *         12000004ðÿÿÿe n - U S   øÿÿÿð:  àÿÿÿvk *   È9       Element ÐÿÿÿW i n d o w s   B o o t   M a n a g e r     ¨ÿÿÿnk  m¢ñ÷Í    8          ÿÿÿÿÿÿÿÿ   ¸5  ˆ  ÿÿÿÿ                   12000005àÿÿÿvk N    <     00Element0øÿÿÿP:  àÿÿÿvk   9       Element ¨ÿÿÿnk  m¢ñ÷Í    8          ÿÿÿÿÿÿÿÿ    9  ˆ  ÿÿÿÿ           P         14000006àÿÿÿvk P   ;       Element ¨ÿÿÿ{ 7 e a 2 e 1 a c - 2 e 6 1 - 4 7 2 8 - a a a 3 - 8 9 6 d 9 d 0 a 9 f 0 e }         ¨ÿÿÿnk  m¢ñ÷Í    8          ÿÿÿÿÿÿÿÿ   p:  ˆ  ÿÿÿÿ           N         23000003àÿÿÿvk P   À>     00Element0øÿÿÿÀ;  ðÿÿÿ       2300øÿÿÿp?  ¨ÿÿÿ{ 4 9 2 f 4 2 f 7 - d f 5 4 - 1 1 e 1 - 8 0 4 7 - a e b e e 2 8 8 8 8 9 e }         ¨ÿÿÿnk  m¢ñ÷Í    8          ÿÿÿÿÿÿÿÿ   (=  ˆ  ÿÿÿÿ           N         23000006àÿÿÿvk N   Ð<       Element ¨ÿÿÿ{ 4 9 2 f 4 2 f 6 - d f 5 4 - 1 1 e 1 - 8 0 4 7 - a e b e e 2 8 8 8 8 9 e }         øÿÿÿ°<  ¨ÿÿÿnk  m¢ñ÷Í    8          ÿÿÿÿÿÿÿÿ    >  ˆ  ÿÿÿÿ           P         24000001àÿÿÿvk P   ¨=       Element ¨ÿÿÿ{ 4 9 2 f 4 2 f 7 - d f 5 4 - 1 1 e 1 - 8 0 4 7 - a e b e e 2 8 8 8 8 9 e }         øÿÿÿˆ=  ¨ÿÿÿnk  m¢ñ÷Í    8          ÿÿÿÿÿÿÿÿ   à;  ˆ  ÿÿÿÿ           P         24000010 ÿÿÿlf x8  110089  1200ø9  1200˜:  1400h;  2300X<  23000=  2400>  2400?  2500                ¨ÿÿÿ{ b 2 7 2 1 d 7 3 - 1 d b 4 - 4 c 6 2 - b f 7 8 - c 5 4 8 a 8 8 0 1 4 2 d }         ¨ÿÿÿnk  m¢ñ÷Í    8          ÿÿÿÿÿÿÿÿ   ø;  ˆ  ÿÿÿÿ                   25000004àÿÿÿvk   è;       Element  ÿÿÿnk  m¢ñ÷Í     @          ÿÿÿÿÿÿÿÿ   ¸@  ˆ  ÿÿÿÿ                   Description     øÿÿÿ€B  øÿÿÿHC  hbin @                        ˆÿÿÿnk  m¢ñ÷Í             A  ÿÿÿÿ    ÿÿÿÿˆ  ÿÿÿÿ                   &   {b2721d73-1db4-4c62-bf78-c548a880142d}  àÿÿÿvk  €       Type    øÿÿÿ˜@  ¨ÿÿÿnk  m¢ñ÷Í     @         pD  ÿÿÿÿ    ÿÿÿÿˆ  ÿÿÿÿ                     Elementsèÿÿÿlf ?  DescÀ@  Elem¨ÿÿÿnk  m¢ñ÷Í    À@          ÿÿÿÿÿÿÿÿ   B  ˆ  ÿÿÿÿ           X         11000001àÿÿÿvk X   ¨A       Element  ÿÿÿ                       H                           z¬I‚                                øÿÿÿˆA  ¨ÿÿÿnk  m¢ñ÷Í    À@          ÿÿÿÿÿÿÿÿ   ð?  ˆ  ÿÿÿÿ           $         12000002ðÿÿÿe n - U S   øÿÿÿøC  àÿÿÿvk $    B       Element Øÿÿÿ\ b o o t \ m e m t e s t . e x e   ¨ÿÿÿnk  m¢ñ÷Í    À@          ÿÿÿÿÿÿÿÿ   ø?  ˆ  ÿÿÿÿ           4         12000004àÿÿÿvk P   °D     00Element0øÿÿÿ C  àÿÿÿvk 4   hC       Element ÈÿÿÿW i n d o w s   M e m o r y   D i a g n o s t i c   ¨ÿÿÿnk  m¢ñ÷Í    À@          ÿÿÿÿÿÿÿÿ   xB  ˆ  ÿÿÿÿ                   12000005àÿÿÿvk   hB       Element ¨ÿÿÿnk  m¢ñ÷Í    À@          ÿÿÿÿÿÿÿÿ   @C  ˆ  ÿÿÿÿ           P         14000006Àÿÿÿlf 0A  1100B  1200ÈB  1200 C  1200D  1400E  1600        ¨ÿÿÿ{ 7 e a 2 e 1 a c - 2 e 6 1 - 4 7 2 8 - a a a 3 - 8 9 6 d 9 d 0 a 9 f 0 e }         ¨ÿÿÿnk  m¢ñ÷Í    À@          ÿÿÿÿÿÿÿÿ   €E  ˆ  ÿÿÿÿ                   1600000bàÿÿÿvk  €      Element øÿÿÿ`E  àÿÿÿvk  €       System  ðÿÿÿ  ˆE      H
 
9c)
 
 o]‹È     €-
q q   x     ~V 1+q                 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\                                                                                                                                                                                                           C:\ProgramData\Microsoft\Search\Data\Applications\Windows\                                                                                                                                                                                                           €   ,            @                     Ç                       Œ xo     ;       €ú š  % ú š  5÷ 6+q                 C : \ P r o g r a m D a t a \ M i c r o s o f t \ S e a r c h \ D a t a \ A p p l i c a t i o n s \ W i n d o w s \ W i n d o w s . e d b                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        *    êO  xQ  ö—Ã\T¼š  Gwo     *wo     ‚
_ Ù (¬ ä  *   ÎVÓ~a0h€ B|" –  Hwo     Fwo     ‚
_ )¬ É     €©   ) @****ÎVÓ~a0h  Ö " –  Iwo     Hwo     ‚
_ +¬ É     q€©Ù)  <8< R š Ÿ ¡ Í ù ?¼ÝÿGpsqxs¤lA,h:®{½î÷»+,çïi7½,Ÿ»Æïö+ÜÓËuùü5G¿ßôù˶—ç " –  Jwo     Iwo     ‚
_ -¬ É     «€Ù?)  @<@ V ž £ ¥ Ñ ý ?h¼nÝwÿ­pÙqÞs
+Abé2:=§¿åyÝ뵟¶b­ZKkÅl·n&»Ár-šìvËÝ`³Y¬5»áj¶™m£µb0¬ÿBÓépÝëu¿ß]a±8O»éeùÜ5~·_áv˜^®Ëç¯9úý¦Ï_æ°½< " –  Kwo     Jwo     ‚
_ /¬ É     O€?E)  D@D Z ¢ § © Õ
?l³r¼tÝ}ÿ‡³pßqäs—A   " –  Lwo     Kwo     ‚
_ 1¬ É     Z€ER)  HDH ^ ¦ « ­ Ù ?pSv³¼ÝŠÿ”Àpìqñs›A Îa
¥¿úŸ E  Mwo     /wo     ‚
_ G3¬ Ë     ÎVÓBR€ B|" –  Nwo     Lwo     ‚
_ 4¬ É     €RR  ÎVÓBR(  Ò " –  Owo     Nwo     ‚
_ 6¬ É     €RR  @ " –  Pwo     Owo     ‚
_ 8¬ É     Z€R[)  LHL b ª ¯ ± ¶ â ?yS³ˆ¼ŠÝ“ÿÉpõqús&Ö @     " –  Qwo     Pwo     ‚
_ :¬ É     €[[  @ " –  Rwo     Qwo     ‚
_ <¬ É     …€[‹)  PLP f ® ³ µ º æ ?}Sƒ³Œ¼ŽÝ—ÿ¡ÍYùp%q*sVB,h:®{½î÷»+,çïi7½,Ÿ»Æïö+ÜÓËuùü5G¿ßôù˶—ç " –  Swo     Rwo     ‚
_ >¬ É     ‰€‹»)  TPT j ² · ¹ ¾ ê ?S‡³¼’Ý›ÿ¥ÑýY)pUqZs†"B,h:®{½î÷»+,çïi7½,Ÿ»Æïö+ÜÓËuùü5G¿ßôù˶—ç  „
_  Š
_   é  Two     ?wo     Š
_ [@¬ é  :     5  Uwo     6wo     Š
_ ¨A¬ 5  8      Vwo     Gwo     Š
_ › B¬ ä  *      Wwo     Bwo     Š
_ ZC¬ ã  )     +  Xwo     ;wo     Š
_ r D¬ â  (     W  Ywo     4wo     Š
_ ™ E¬ Ù       t  Zwo     Dwo     Š
_ ¨ F¬ Ì       E  [wo     Mwo     Š
_ G¬ Ë       œ  \wo     ûho     Š
_ H¬ É     œ  ]wo     \wo     Š
_ I¬ É     J¬ € BJ JB  þ " œ  ^wo     ]wo     Š
_ L¬ É     € @ @         " œ  _wo     ^wo     Š
_ N¬ É     €  
 
 @   W  `wo     Ywo     Š
_ × P¬ Ù     ÎVÓiuT”€ BJ" œ  awo     _wo     Š
_ Q¬ É     € )   ¼ @ ÎVÓiuT” 5  bwo     Uwo     Š
_ ¨S¬ 5  8     € BJ" œ  cwo     awo     Š
_ T¬ É     €) 2   ¼ p$ ) @   " œ  dwo     cwo     Š
_ V¬ É     G€2 `   ¼ p( q- 2 @*h:®{½î÷»+,çïi7½,Ÿ»ÆïöË]'—¿ç´œ=…Ýçtù› Œ
_ # é  ewo     Two     Œ
_ Þ     é  :   " œ  fwo     dwo     Š
_ X¬ É     -€` p   ¼# p, q1 s[ ` @a±8O»éeù# é  gwo     ewo     Œ
_     é  :   # é  hwo     gwo     Œ
_ "     é  :    
_ " œ  iwo     fwo     Š
_ Z¬ É     8€p ‡   / 1 ¼: pC qH sr ! @/w\þžÓröüvŸÓåo +  jwo     Xwo     Š
_ r \¬ â  (   c ,™™~755¤¤¤3 §¤2p™!Š‘3
|Q5pŸ!D%2ŠH‘5p%2!D
+þ € BJ" œ  kwo     iwo     Š
_ ]¬ É     S€‡ µ    3 5 ¼> ÿG pq qv s  L @*h:®{½î÷»+,çïi7½,Ÿ»ÆïöË]'—¿ç´œ=…Ýçtù› Ž
_ #  lwo     Vwo     Ž
_ ×      ä  *   #  mwo     lwo     Ž
_ #      ä  *  
 ”
_ #
 W  nwo     `wo     ”
_ Õ      Ù     #  owo     mwo     Ž
_      ä  *    –
_ #
 W  pwo     nwo     ”
_ !      Ù     #
 W  qwo     pwo     ”
_      Ù     " œ  rwo     kwo     Š
_ _¬ É     N€µ Ú  $ $ 7 X Z ¼c ÿl p– q› sÅ < @!Î:¹:¦åì¹tŸÓe‹ó÷´›^–Ï]ãw
  š
_ " œ  swo     rwo     Š
_ a¬ É     ;€Ú è  ($( ; \ ^ ¼g Ýp ÿz p¤ q© sÓ u @
é2:=§¿åy é  two     hwo     Š
_ Çc¬ é  :       € BJ" œ  uwo     swo     Š
_ d¬ É     :€è ñ  ,(, ? ` e g ¼p Ýy ÿƒ p­ q² sÜ e @   " œ  vwo     uwo     Š
_ f¬ É     ?€ñ û  0,0 C d i k ?t ¼z ݃ ÿ p· q¼ sæ y @Ty½  wwo     Wwo     Š
_ Zh¬ ã  )          € BJ" œ  xwo     vwo     Š
_ i¬ É     %€û   @************          ö t  ywo     Zwo     Š
_ ¨ k¬ Ì     c ,™™~755¤¤¤3 §¤2p™!Š‘3
|Q5pŸ!D%2ŠH‘5p%2!D
+þ € BJ" œ  zwo     xwo     Š
_ l¬ É     g€=  404 G h m o ™ ?¢ ¼¨ ݱ ÿ» på qê sˆ @*h:®{½î÷»+,çïi7½,Ÿ»ÆïöË]'—¿ç´œ=…Ýçtù› ž
_ # E  {wo     [wo     ž
_ F     Ë     # E  |wo     {wo     ž
_ ‘     Ë     # E  }wo     |wo     ž
_     Ë     " œ  ~wo     zwo     Š
_ n¬ É     k€=k  848 K l q s Ç ?Ð ¼Ö Ýß ÿé pqsB¶ @*h:®{½î÷»+,çïi7½,Ÿ»ÆïöË]'—¿ç´œ=…Ýçtù›   
_  wo     owo     Š
_ Ö p¬ ä  *   ÎVÓiuT”€ BJ" œ  €wo     ~wo     Š
_ q¬ É     €kw   ) @****ÎVÓiuT”  Ö " œ  wo     €wo     Š
_ s¬ É     o€w¥)  <8< O p u w ¡ Ë ?Ô ¼Ú Ýã ÿí pAqFsp<A*h:®{½î÷»+,çïi7½,Ÿ»ÆïöË]'—¿ç´œ=…Ýçtù› " œ  ‚wo     wo     Š
_ u¬ É     ¨€¥)  @<@ S t y { ¥ Ï Ø ?7¼=ÝFÿPzp¤q©sÓý @_é2:=§¿åyÝ뵟¶b­ZKkÅl·n&»Ár-šìvËÝ`³Y¬5»áj¶™m£µb0¬ÿBÓépÝëu¿ß]a±8O»éeùÜ5~·_î:¹ü=§åìù+ì>§Ëß " œ  ƒwo     ‚wo     Š
_ w¬ É     O€)  D@D W x } © Ó Ü ?;³A¼CÝLÿV€pªq¯sÙfA   " œ  „wo     ƒwo     Š
_ y¬ É     Z€)  HDH [ | ƒ ­ × à ??SE³N¼PÝYÿcp·q¼sæjA Îa
ÔË E  …wo     }wo     Š
_ D{¬ Ë     ÎVÓBR€ BJ" œ  †wo     „wo     Š
_ |¬ É     €  ÎVÓBR(  Ò " œ  ‡wo     †wo     Š
_ ~¬ É     €  @ " œ  ˆwo     ‡wo     Š
_ €¬ É     Z€$)  LHL _ € … ‡ Œ ¶ à é ?HSN³W¼YÝbÿl–pÀqÅsï¬ @     " œ  ‰wo     ˆwo     Š
_ ‚¬ É     €$$  @ " œ  Šwo     ‰wo     Š
_ „¬ É     ƒ€$R)  PLP c „ ‰ ‹ º ä í ?LSR³[¼]ÝfÿpšYÄpîqóséA*h:®{½î÷»+,çïi7½,Ÿ»ÆïöË]'—¿ç´œ=…Ýçtù› " œ  ‹wo     Šwo     Š
_ †¬ É     ‡€R€)  TPT g ˆ ” ¾ è ñ ?PSV³_¼aÝjÿtžÈYòpq!sKíA*h:®{½î÷»+,çïi7½,Ÿ»ÆïöË]'—¿ç´œ=…Ýçtù›  ¤
_  ª
_   é  Œwo     two     ª
_ Iˆ¬ é  :     5  wo     bwo     ª
_ „‰¬ 5  8      Žwo     wo     ª
_ t Š¬ ä  *      wo     wwo     ª
_ 6‹¬ ã  )     +  wo     jwo     ª
_ ž Œ¬ â  (     W  ‘wo     qwo     ª
_ s ¬ Ù       t  ’wo     ywo     ª
_ Ô Ž¬ Ì       E  “wo     …wo     ª
_ â¬ Ë       —  ”wo     –Uo     ª
_ ¬ É     —  •wo     ”wo     ª
_ ‘¬ É     ’¬ € B B  þ $  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿª
_   ‹¬ ã  )                € B " —  –wo     •wo     ª
_ ”¬ É     € @ @ =¿ƒúñò? $ t  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿª
_   Ž¬ Ì     g       ,™™~755¤¤¤3 §¤2p™!Š‘3
|Q5pŸ!D%2ŠH‘5p2662D‘D
&þ € B$ é  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿª
_   ˆ¬ é  :           € B$  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿª
_   Š¬ ä  *         ÎVËHmi%€ B " —  —wo     –wo     ª
_ –¬ É     €  
 
 @   W  ˜wo     ‘wo     ª
_ Ö ˜¬ Ù     ÎVÓ:ñ2€ B" —  ™wo     —wo     ª
_ ™¬ É     € )   ¼ @ ÎVÓ:ñ2 5  šwo     wo     ª
_ „›¬ 5  8     € B" —  ›wo     ™wo     ª
_ œ¬ É     €) 2   ¼ p$ ) @   " —  œwo     ›wo     ª
_ ž¬ É     I€2 b   ¼ p( q- 2 @,h:®{½î÷»+,çïi7½,Ÿ»ÆïöË]'—¿ç´œ=¹Óëuú;ÿÒ " —  wo     œwo     ª
_ ¬ É     -€b r   ¼# p, q1 s] b @a±8O»éeù " —  žwo     wo     ª
_ ¢¬ É     :€r ‹   1 3 ¼< pE qJ sv ! @/w\þžÓröüåN¯×éïüK +  Ÿwo     wo     ª
_ ž ¤¬ â  (   g ,™™~755¤¤¤3 §¤2p™!Š‘3
|Q5pŸ!D%2ŠH‘5p2662D‘D
&þ € B" —   wo     žwo     ª
_ ¥¬ É     U€‹ »    5 7 ¼@ ÿI pu qz s¦ N @,h:®{½î÷»+,çïi7½,Ÿ»ÆïöË]'—¿ç´œ=¹Óëuú;ÿÒ " —  ¡wo      wo     ª
_ §¬ É     P€» â  $ $ 9 \ ^ ¼g ÿp pœ q¡ sÍ > @#Î:¹:¦åì¹äL¯×iÐÄ…Åâü=í¦—ås×øÝ " —  ¢wo     ¡wo     ª
_ ©¬ É     ;€â ð  ($( = ` b ¼k Ýt ÿ~ pª q¯ sÛ y @
é2:=§¿åy é  £wo     Œwo     ª
_ º«¬ é  :       € B" —  ¤wo     ¢wo     ª
_ ¬¬ É     :€ð ù  ,(, A d i k ¼t Ý} ÿ‡ p³ q¸ sä i @   " —  ¥wo     ¤wo     ª
_ ®¬ É     ?€ù  0,0 E h m o ?x ¼~ ݇ ÿ‘ p½ q sî } @Ty½  ¦wo     wo     ª
_ 6°¬ ã  )          € B" —  §wo     ¥wo     ª
_ ±¬ É     %€   @************          ö t  ¨wo     ’wo     ª
_ Ô ³¬ Ì     g ,™™~755¤¤¤3 §¤2p™!Š‘3
|Q5pŸ!D%2ŠH‘5p2662D‘D
&þ € B" —  ©wo     §wo     ª
_ ´¬ É     i€G  404 I l q s Ÿ ?¨ ¼® Ý· ÿÁ pí qò sŒ @,h:®{½î÷»+,çïi7½,Ÿ»ÆïöË]'—¿ç´œ=¹Óëuú;ÿÒ " —  ªwo     ©wo     ª
_ ¶¬ É     m€Gw  848 M p u w £ Ï ?Ø ¼Þ Ýç ÿñ pq"sN¼ @,h:®{½î÷»+,çïi7½,Ÿ»ÆïöË]'—¿ç´œ=¹Óëuú;ÿÒ  «wo     Žwo     ª
_ Ø ¸¬ ä  *   ÎVÓ:ñ2€ B" —  ¬wo     ªwo     ª
_ ¹¬ É     €wƒ   ) @****ÎVÓ:ñ2  Ö " —  ­wo     ¬wo     ª
_ »¬ É     q€ƒ³)  <8< Q t y { § Ó ?Ü ¼â Ýë ÿõ !pMqRs~FA,h:®{½î÷»+,çïi7½,Ÿ»ÆïöË]'—¿ç´œ=¹Óëuú;ÿÒ " —  ®wo     ­wo     ª
_ ½¬ É     ª€³)  @<@ U x } « × à ?A¼GÝPÿZ†p²q·sãAaé2:=§¿åyÝ뵟¶b­ZKkÅl·n&»Ár-šìvËÝ`³Y¬5»áj¶™m£µb0¬ÿBÓépÝëu¿ß]a±8O»éeùÜ5~·_î:¹ü=§åìùË^¯Óßù— " —  ¯wo     ®wo     ª
_ ¿¬ É     O€)  D@D Y | ƒ ¯ Û ä ?E³K¼MÝVÿ`Œp¸q½sépA   " —  °wo     ¯wo     ª
_ Á¬ É     Z€+)  HDH ] € … ‡ ³ ß è ?ISO³X¼ZÝcÿm™pÅqÊsötA Îa
¨™»i E  ±wo     “wo     ª
_ Dì Ë     ÎVÓBR€ B" —  ²wo     °wo     ª
_ Ĭ É     €++  ÎVÓBR(  Ò " —  ³wo     ²wo     ª
_ Ƭ É     €++  @ " —  ´wo     ³wo     ª
_ Ȭ É     Z€+4)  LHL a „ ‰ ‹ ¼ è ñ ?RSX³a¼cÝlÿv¢pÎqÓsÿ° @     " —  µwo     ´wo     ª
_ ʬ É     €44  @ " —  ¶wo     µwo     ª
_ ̬ É     …€4d)  PLP e ˆ ” À ì õ ?VS\³e¼gÝpÿz¦YÒpþqs/÷A,h:®{½î÷»+,çïi7½,Ÿ»ÆïöË]'—¿ç´œ=¹Óëuú;ÿÒ " —  ·wo     ¶wo     ª
_ ά É     ‰€d”)  TPT i Œ ‘ “ ˜ Ä ð ù ?ZS`³i¼kÝtÿ~ªÖYp.q3s_ûA,h:®{½î÷»+,çïi7½,Ÿ»ÆïöË]'—¿ç´œ=¹Óëuú;ÿÒ  ¬
_  ²
_   é  ¸wo     £wo     ²
_ &Ь é  :     5  ¹wo     šwo     ²
_ 9Ѭ 5  8      ºwo     «wo     ²
_ ( Ò¬ ä  *      »wo     ¦wo     ²
_ ë Ó¬ ã  )     +  ¼wo     Ÿwo     ²
_ l Ô¬ â  (     W  ½wo     ˜wo     ²
_ & Õ¬ Ù       t  ¾wo     ¨wo     ²
_ ¢ Ö¬ Ì       E  ¿wo     ±wo     ²
_ –׬ Ë       ¹  Àwo     övo     ²
_ ج É     ¹  Áwo     Àwo     ²
_ Ù¬ É     Ú¬ € ?Ï Ï?  þ " ¹  Âwo     Áwo     ²
_ ܬ É     € @ @         " ¹  Ãwo     Âwo     ²
_ Þ¬ É     €  
 
 @   W  Äwo     ½wo     ²
_ Ô à¬ Ù     ÎVÓ]\¸©€ ?Ï" ¹  Åwo     Ãwo     ²
_ á¬ É     € )   ¼ @ ÎVÓ]\¸© 5  Æwo     ¹wo     ²
_ 9㬠5  8     € ?Ï" ¹  Çwo     Åwo     ²
_ ä¬ É     €) 2   ¼ p$ ) @   " ¹  Èwo     Çwo     ²
_ æ¬ É     D€2 ]   ¼ p( q- 2 @'h:®{½î÷»+,çïi7½,Ÿ»ÆïöË]'—¿ç´œ=…Óí2 " ¹  Éwo     Èwo     ²
_ è¬ É     -€] m   ¼# p, q1 sX ] @a±8O»éeù " ¹  Êwo     Éwo     ²
_ ê¬ É     5€m   , . ¼7 p@ qE sl ! @/w\þžÓröüN·Ë +  Ëwo     ¼wo     ²
_ l ì¬ â  (   Z ,™™~755¤¤¤3 §¤2p™!Š‘3
|Q5pŸ!D%2ŠH‘52Q! € ?Ï" ¹  Ìwo     Êwo     ²
_ í¬ É     P€ ¬    0 2 ¼; ÿD pk qp s— I @'h:®{½î÷»+,çïi7½,Ÿ»ÆïöË]'—¿ç´œ=…Óí2 " ¹  Íwo     Ìwo     ²
_ ï¬ É     M€¬ Ð  $ $ 4 T V ¼_ ÿh p q” s» 

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  

 

10) When I ran "tracerroute", it took 19 hops to get from their server to my computer. Is that normal?

11) When I send and receive certain emails, there are about 6 hops, and the email is usually spam.
12) I always get fake emails or spam from a lot of my friends on facebook, that they never sent.
13) recently I got 12 "svchosts" running in task manager and 12 or so "Acroreader32" running in task manager also. 
14) every time i go onto a website, a new survey pops up instantaneously. that cannot be normal.
15) every time I open a browser, the font is totally different than it was 5 minutes ago, and the position of the browser is constantly changing.
16) I have many more issues but this is just not to innundate you guys.


BC AdBot (Login to Remove)

 


#2 MyCrappyComputer

MyCrappyComputer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 22 July 2013 - 05:43 PM

I forgot to mention, I run Windows 7 64-bit.



#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:41 PM

Posted 22 July 2013 - 08:18 PM

Welcome aboard p22002758.gif

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size

Click Go and post the result.

p22002970.gif Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#4 MyCrappyComputer

MyCrappyComputer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 22 July 2013 - 10:30 PM

 Results of screen317's Security Check version 0.99.70  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Symantec Endpoint Protection   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Adobe Flash Player 11.8.800.94  
 Adobe Reader XI  
 Mozilla Firefox (22.0) 
 Google Chrome 27.0.1453.116  
 Google Chrome 27.0.1453.94  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log`````````````````````` 
 

 

 

Farbar Service Scanner Version: 13-07-2013
Ran by el guapo y el fuerte (administrator) on 22-07-2013 at 22:27:29
Running from "C:\Users\el guapo y el fuerte\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.
 
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****

 

 

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by el guapo y el fuerte (administrator) on 22-07-2013 at 22:30:38
Running from "C:\Users\el guapo y el fuerte\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.type", 0
========================= Hosts content: =================================
 
127.0.0.1       localhost
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
127.0.0.1 0scan.com
127.0.0.1 www.0scan.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-domains-registrations.com
127.0.0.1 www.1-domains-registrations.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
 
There are 15462 more lines starting with "127.0.0.1"
 
========================= IP Configuration: ================================
 
Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Connected)
Intel® Centrino® Advanced-N 6230 = Wireless Network Connection (Hardware not present)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : elguapoyelfuert
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.nj.comcast.net.
   System Quarantine State . . . . . : Not Restricted
 
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : hsd1.nj.comcast.net.
   Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 84-8F-69-B4-49-67
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:558:6026:48:96c:35d3:576:8899(Preferred) 
   Lease Obtained. . . . . . . . . . : Monday, July 22, 2013 10:07:59 PM
   Lease Expires . . . . . . . . . . : Friday, July 26, 2013 4:55:15 PM
   Link-local IPv6 Address . . . . . : fe80::b54e:acd7:b2b2:43c0%13(Preferred) 
   IPv4 Address. . . . . . . . . . . : 68.39.176.212(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.248.0
   Lease Obtained. . . . . . . . . . : Monday, July 22, 2013 10:07:58 PM
   Lease Expires . . . . . . . . . . : Friday, July 26, 2013 7:03:12 PM
   Default Gateway . . . . . . . . . : fe80::201:5cff:fe22:50c1%13
                                       68.39.176.1
   DHCP Server . . . . . . . . . . . : 69.252.208.68
   DHCPv6 IAID . . . . . . . . . . . : 293900137
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-B0-82-FE-84-8F-69-B4-49-67
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3cc0:52f:bbd8:4f2b(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::3cc0:52f:bbd8:4f2b%15(Preferred) 
   Default Gateway . . . . . . . . . : 
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.hsd1.nj.comcast.net.:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.nj.comcast.net.
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  cdns01.comcast.net
Address:  2001:558:feed::1
 
Name:    google.com
Addresses:  2607:f8b0:4006:800::1008
 74.125.226.224
 74.125.226.238
 74.125.226.230
 74.125.226.227
 74.125.226.226
 74.125.226.232
 74.125.226.233
 74.125.226.229
 74.125.226.225
 74.125.226.231
 74.125.226.228
 
 
Pinging google.com [2607:f8b0:4006:801::1000] with 32 bytes of data:
Reply from 2607:f8b0:4006:801::1000: time=17ms 
Reply from 2607:f8b0:4006:801::1000: time=16ms 
 
Ping statistics for 2607:f8b0:4006:801::1000:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 16ms, Maximum = 17ms, Average = 16ms
Server:  cdns01.comcast.net
Address:  2001:558:feed::1
 
Name:    yahoo.com
Addresses:  206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=103ms TTL=50
Reply from 206.190.36.45: bytes=32 time=89ms TTL=50
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 89ms, Maximum = 103ms, Average = 96ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...84 8f 69 b4 49 67 ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      68.39.176.1    68.39.176.212     10
      68.39.176.0    255.255.248.0         On-link     68.39.176.212    266
    68.39.176.212  255.255.255.255         On-link     68.39.176.212    266
    68.39.183.255  255.255.255.255         On-link     68.39.176.212    266
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     68.39.176.212    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     68.39.176.212    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 13    266 ::/0                     fe80::201:5cff:fe22:50c1
  1    306 ::1/128                  On-link
 15     58 2001::/32                On-link
 15    306 2001:0:4137:9e76:3cc0:52f:bbd8:4f2b/128
                                    On-link
 13    266 2001:558:6026:48:96c:35d3:576:8899/128
                                    On-link
 13    266 fe80::/64                On-link
 15    306 fe80::/64                On-link
 15    306 fe80::3cc0:52f:bbd8:4f2b/128
                                    On-link
 13    266 fe80::b54e:acd7:b2b2:43c0/128
                                    On-link
  1    306 ff00::/8                 On-link
 15    306 ff00::/8                 On-link
 13    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (07/22/2013 10:31:51 PM) (Source: Symantec AntiVirus) (User: elguapoyelfuert)
Description: Security Risk Found!Hosts File Change in File: c:\windows\syswow64\ping.exe by: SONAR scan.  Action: Leave Alone succeeded.  Action Description: The file was left unchanged.
 
Error: (07/22/2013 10:31:50 PM) (Source: Symantec AntiVirus) (User: elguapoyelfuert)
Description: Security Risk Found!Hosts File Change in File: c:\windows\syswow64\ping.exe by: SONAR scan.  Action: Leave Alone succeeded.  Action Description: The file was left unchanged.
 
Error: (07/22/2013 10:14:31 PM) (Source: Symantec AntiVirus) (User: NT AUTHORITY)
Description: Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe by: SONAR scan.  Action: Leave Alone succeeded.  Action Description: The file was left unchanged.
 
Error: (07/22/2013 10:09:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/22/2013 10:09:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/22/2013 10:09:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/22/2013 09:02:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/22/2013 08:59:34 PM) (Source: Symantec AntiVirus) (User: elguapoyelfuert)
Description: Security Risk Found!Hosts File Change in File: c:\program files (x86)\safari\apple application support\webkit2webprocess.exe by: SONAR scan.  Action: Leave Alone succeeded.  Action Description: The file was left unchanged.
 
Error: (07/22/2013 08:54:12 PM) (Source: Symantec AntiVirus) (User: elguapoyelfuert)
Description: Security Risk Found!Hosts File Change in File: c:\program files (x86)\safari\apple application support\webkit2webprocess.exe by: SONAR scan.  Action: Leave Alone succeeded.  Action Description: The file was left unchanged.
 
Error: (07/22/2013 08:54:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: WebKit2WebProcess.exe, version: 7534.57.2.4, time stamp: 0x4f97642d
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0x80000003
Fault offset: 0x00013219
Faulting process id: 0xad4
Faulting application start time: 0xWebKit2WebProcess.exe0
Faulting application path: WebKit2WebProcess.exe1
Faulting module path: WebKit2WebProcess.exe2
Report Id: WebKit2WebProcess.exe3
 
 
System errors:
=============
Error: (07/22/2013 10:11:13 PM) (Source: Service Control Manager) (User: )
Description: The WMPNetworkSvc service failed to start due to the following error: 
%%2
 
Error: (07/22/2013 10:11:02 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2
 
Error: (07/22/2013 10:08:12 PM) (Source: Service Control Manager) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service failed to start due to the following error: 
%%2
 
Error: (07/22/2013 10:08:10 PM) (Source: Service Control Manager) (User: )
Description: The Remote Desktop Configuration service depends on the Workstation service which failed to start because of the following error: 
%%1058
 
Error: (07/22/2013 10:08:01 PM) (Source: Service Control Manager) (User: )
Description: The SAS Core Service service failed to start due to the following error: 
%%2
 
Error: (07/22/2013 10:08:01 PM) (Source: Service Control Manager) (User: )
Description: The Netlogon service depends on the Workstation service which failed to start because of the following error: 
%%1058
 
Error: (07/22/2013 09:01:41 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (07/22/2013 09:01:41 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (07/22/2013 09:01:38 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (07/22/2013 09:01:33 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
Microsoft Office Sessions:
=========================
Error: (07/22/2013 10:31:51 PM) (Source: Symantec AntiVirus)(User: elguapoyelfuert)
Description: Security Risk Found!Hosts File Change in File: c:\windows\syswow64\ping.exe by: SONAR scan.  Action: Leave Alone succeeded.  Action Description: The file was left unchanged.
 
Error: (07/22/2013 10:31:50 PM) (Source: Symantec AntiVirus)(User: elguapoyelfuert)
Description: Security Risk Found!Hosts File Change in File: c:\windows\syswow64\ping.exe by: SONAR scan.  Action: Leave Alone succeeded.  Action Description: The file was left unchanged.
 
Error: (07/22/2013 10:14:31 PM) (Source: Symantec AntiVirus)(User: NT AUTHORITY)
Description: Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe by: SONAR scan.  Action: Leave Alone succeeded.  Action Description: The file was left unchanged.
 
Error: (07/22/2013 10:09:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/22/2013 10:09:25 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL
 
Error: (07/22/2013 10:09:25 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Canon\Solution Menu EX\MFC80U.DLL
 
Error: (07/22/2013 09:02:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/22/2013 08:59:34 PM) (Source: Symantec AntiVirus)(User: elguapoyelfuert)
Description: Security Risk Found!Hosts File Change in File: c:\program files (x86)\safari\apple application support\webkit2webprocess.exe by: SONAR scan.  Action: Leave Alone succeeded.  Action Description: The file was left unchanged.
 
Error: (07/22/2013 08:54:12 PM) (Source: Symantec AntiVirus)(User: elguapoyelfuert)
Description: Security Risk Found!Hosts File Change in File: c:\program files (x86)\safari\apple application support\webkit2webprocess.exe by: SONAR scan.  Action: Leave Alone succeeded.  Action Description: The file was left unchanged.
 
Error: (07/22/2013 08:54:08 PM) (Source: Application Error)(User: )
Description: WebKit2WebProcess.exe7534.57.2.44f97642dKERNELBASE.dll6.1.7601.1801550b83c8a8000000300013219ad401ce86efc248750aC:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exeC:\Windows\syswow64\KERNELBASE.dll61015aea-f332-11e2-8cee-848f69b44967
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-07-08 21:19:09.965
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-08 21:19:09.933
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-22 11:00:34.863
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-22 11:00:34.832
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-22 11:00:34.769
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-22 11:00:34.738
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-22 11:00:21.805
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-22 11:00:21.789
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-22 11:00:21.742
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-22 11:00:21.711
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\shell32.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.37)
Belarc Advisor 8.2 (Version: 8.2.7.15)
Bonjour (Version: 3.0.0.10)
Canon Easy-PhotoPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG2100 series MP Drivers
Canon MG2100 series On-screen Manual
Canon MG2100 series User Registration
Canon MP Navigator EX 5.0
Canon My Printer
Canon Solution Menu EX
CCleaner (Version: 4.02)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ESET Online Scanner v3
Google Chrome (Version: 27.0.1453.116)
Google Update Helper (Version: 1.3.21.145)
HiJackThis (Version: 1.0.0)
iCloud (Version: 2.1.2.8)
Intel PROSet Wireless
Intel® Processor Graphics (Version: 9.17.10.2932)
Intel® PROSet/Wireless WiFi Software (Version: 14.2.0000)
iTunes (Version: 11.0.4.4)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel Viewer (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
NVIDIA 3D Vision Driver 306.97 (Version: 306.97)
NVIDIA Control Panel 306.97 (Version: 306.97)
NVIDIA Graphics Driver 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0697)
Origin90 (Version: 9.00.00)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 6.0.1.6383)
RegAlyzer (Version: 1.6.2.16)
Safari (Version: 5.34.57.2)
Sophos Virus Removal Tool (Version: 2.3)
Spybot - Search & Destroy (Version: 1.6.2)
SterJo NetStalker (Version: 1.0)
swMSM (Version: 12.0.0.1)
Symantec Endpoint Protection (Version: 12.1.2015.2015)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
 
========================= Devices: ================================
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Intel® Centrino® Advanced-N 6230
Description: Intel® Centrino® Advanced-N 6230
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 21%
Total physical RAM: 8086.17 MB
Available physical RAM: 6384.27 MB
Total Pagefile: 16170.52 MB
Available Pagefile: 14448.2 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.56 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:698.54 GB) (Free:320.51 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\
 
Administrator            corleone                 el guapo y el fuerte     
Guest                    UpdatusUser              
 
 
**** End of log ****
 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.07.23.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
el guapo y el fuerte :: ELGUAPOYELFUERT [administrator]
 
7/22/2013 10:38:55 PM
mbam-log-2013-07-22 (22-38-55).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 284504
Time elapsed: 2 minute(s), 24 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org
 
Database version: v2013.07.23.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
el guapo y el fuerte :: ELGUAPOYELFUERT [administrator]
 
7/22/2013 10:49:29 PM
mbar-log-2013-07-22 (22-49-29).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 314107
Time elapsed: 9 minute(s), 30 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16635
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 8478961664, free: 6574673920
 
Downloaded database version: v2013.07.23.02
Downloaded database version: v2013.07.15.01
Initializing...
------------ Kernel report ------------
     07/22/2013 22:49:25
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\gfibto.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys
\SystemRoot\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSP64.SYS
\SystemRoot\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSPX64.SYS
\SystemRoot\system32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130722.003\EX64.SYS
\??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130722.003\ENG64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\nvkflt.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20130719.012\IDSvia64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20130620.011\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\AMPPAL.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\comdlg32.dll
\Windows\System32\difxapi.dll
\Windows\System32\sechost.dll
\Windows\System32\clbcatq.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007dc5060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8007a2a060
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007dc5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007dc5b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007dc5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007a2a060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8249AC7A
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 1464938496
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 750156374016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
 

 

Rkill 2.5.7 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 07/22/2013 11:03:31 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Disabled
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Disabled
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  127.0.0.1 007guard.com
  127.0.0.1 www.007guard.com
  127.0.0.1 008i.com
  127.0.0.1 008k.com
  127.0.0.1 www.008k.com
  127.0.0.1 00hq.com
  127.0.0.1 www.00hq.com
  127.0.0.1 010402.com
  127.0.0.1 032439.com
  127.0.0.1 www.032439.com
  127.0.0.1 0scan.com
  127.0.0.1 www.0scan.com
  127.0.0.1 1-2005-search.com
  127.0.0.1 www.1-2005-search.com
  127.0.0.1 1-domains-registrations.com
  127.0.0.1 www.1-domains-registrations.com
  127.0.0.1 1000gratisproben.com
  127.0.0.1 www.1000gratisproben.com
  127.0.0.1 1001namen.com
 
  20 out of 15482 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 07/22/2013 11:04:10 PM
Execution time: 0 hours(s), 0 minute(s), and 38 seconds(s)


#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:41 PM

Posted 22 July 2013 - 10:34 PM

Looks clean so far...

 

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


=============================================================================

p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


=======================================

p22002970.gif Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#6 MyCrappyComputer

MyCrappyComputer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 23 July 2013 - 12:26 AM

# AdwCleaner v2.306 - Logfile created 07/22/2013 at 23:44:54
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : el guapo y el fuerte - ELGUAPOYELFUERT
# Boot Mode : Normal
# Running from : C:\Users\el guapo y el fuerte\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16635
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v22.0 (en-US)
 
File : C:\Users\el guapo y el fuerte\AppData\Roaming\Mozilla\Firefox\Profiles\kd3qgoyi.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v27.0.1453.116
 
File : C:\Users\el guapo y el fuerte\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [764 octets] - [24/05/2013 05:22:19]
AdwCleaner[R2].txt - [3447 octets] - [08/07/2013 21:03:29]
AdwCleaner[S1].txt - [355 octets] - [24/05/2013 05:23:04]
AdwCleaner[S2].txt - [3400 octets] - [08/07/2013 21:04:37]
AdwCleaner[S3].txt - [1115 octets] - [22/07/2013 23:44:54]
 
########## EOF - C:\AdwCleaner[S3].txt - [1175 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows 7 Home Premium x64
Ran by el guapo y el fuerte on Tue 07/23/2013 at  1:19:34.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\el guapo y el fuerte\AppData\Roaming\mozilla\firefox\profiles\kd3qgoyi.default\minidumps [13 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/23/2013 at  1:22:56.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:41 PM

Posted 23 July 2013 - 06:33 PM

Eset?


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#8 MyCrappyComputer

MyCrappyComputer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 24 July 2013 - 07:09 PM

The eset scan came up clean but I really hope were not done because my computer still has major issues.
1) I have folders that appear on my desktop after I repeatedly delete them, but if I don't connect to the internet the folder remains deleted and off my screen, if that tells 
you anything.
2) I have internet explorer settings that it says "are controlled by your system's administrator". I'm the only one who uses this computer.
3) I have expired certificates in the trusted cerificates folder.
4) I have tons of locked folders.
5) I have tons of ntuser.dat files.
6) my registry has tons of ridiculous information.
7) I have files, that using other tools, are constantly writing or editing the registry. I mean so much that I can hear my drive racing constantly.
8) I have pictures to show you these things, but I can't figure out how to paste pictures.
 
Thank you,
MCC


#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:41 PM

Posted 24 July 2013 - 08:18 PM

You have to give me some examples for each case.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#10 MyCrappyComputer

MyCrappyComputer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 25 July 2013 - 09:38 PM

      Today, my computer acted strange again. I can open any file on my desktop, except for any anti-virus or anti-spyware program. The same scans that I was able to run 
and posted the last few days will not run anymore on my computer. When I try to run them I get this pop-up message, "The specified service does not exist as an installed 
service." However, they will run in "Safe Mode."  As a result in safe mode, I ran a few additional scans with other products and a lot of things came up as 
malware/viruses. I will list the scans I ran. I will post the two GMER logs for you to look at and please request any of the others if you would like to see them.
 
1) aswMBR.
2) online ESET scan that produced 5 entries.
3) GMER list of Autostart Entries.
4) GMER list of Rootkits/malware.
5) Show Hidden that had an enormous amount of entries.
6) HijackThis which also had a ton of entries.
7) A file from system Volume information folder on my computer, which has an enormous amount of strange looking characters, similar to the ones I posted in my 
initial correspondence.
 
Lastly, why do I not see anyplace to post photos. How would I post photos/screenshots in my post?
 
Thanks again for your help,
MCC
 
1) GMER rootkit/malware scan
 
GMER 2.1.19163 - http://www.gmer.net
3rd party scan 2013-07-25 00:30:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD7500BPKT-75PK4T0 rev.01.01A01 698.64GB
Running: 4o2o7gcv.exe; Driver: C:\Users\ELGUAP~1\AppData\Local\Temp\fwaiiuoc.sys
 
 
---- Kernel code sections - GMER 2.1 ----
 
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                           fffff80002606000 63 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 624                                                                           fffff80002606040 1 byte [01]
 
---- Registry - GMER 2.1 ----
 
Reg       HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0016\Ndi\IHVExtensions@ExtensibilityDLL                   C:\Windows\System32\IWMSSvc.dll (Intel® Wireless Management Service/Intel® Corporation)(2011-07-28 00:59:26)
Reg       HKLM\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\528259f7-7bae-4f30-8321-8afa6e155c4c@FriendlyName                                  C:\Windows\system32\NVSVCR.DLL (NVIDIA Driver Helper Service, Version 306.97/NVIDIA Corporation SIGNED)(2013-04-20 16:57:47)
Reg       HKLM\SYSTEM\CurrentControlSet\Control\StillImage\Events\STIProxyEvent\{82AFE91F-C8EB-40FD-A331-0D296770E749}@Cmdline                         C:\Program Files (x86)\Canon\MP Navigator EX 5.0\mpnex50.exe (Canon MP Navigator EX/CANON INC. SIGNED)(2012-09-30 04:26:23)
Reg       HKLM\SYSTEM\CurrentControlSet\Enum\USB\VID_05AC&PID_1265&MI_00\000A270020AC186E&AAPL0\Device Parameters@Icons                                C:\Windows\system32\usbaaplrc.dll (Apple Mobile Device USB Driver Resource DLL/Apple, Inc. SIGNED)(2012-09-28 15:32:56)
Reg       HKLM\SYSTEM\CurrentControlSet\services\AdobeFlashPlayerUpdateSvc@ImagePath                                                                   C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe® Flash® Player Update Service 11.8 r800/Adobe Systems Incorporated SIGNED)(2012-08-07 19:12:15)
Reg       HKLM\SYSTEM\CurrentControlSet\services\AMPPALR3@ImagePath                                                                                    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter/Intel Corporation SIGNED)(2011-08-08 11:39:18)
Reg       HKLM\SYSTEM\CurrentControlSet\services\BHDrvx64@ImagePath                                                                                    C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20130620.011\BHDrvx64.sys (BASH Driver/Symantec Corporation SIGNED)(2013-06-21 03:22:26)
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHSSecurityMgr@ImagePath                                                                             C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® BlueTooth® HS Security Manager Service/Intel® Corporation SIGNED)(2011-06-03 16:51:38)
Reg       HKLM\SYSTEM\CurrentControlSet\services\ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553}@ImagePath                                           C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys (Common Client Settings Driver/Symantec Corporation SIGNED)(2012-11-03 11:23:00)
Reg       HKLM\SYSTEM\CurrentControlSet\services\EapHost\Methods\8086\18@PeerConfigUIPath                                                              C:\Program Files\Intel\WiFi\bin\eapui.dll (Intel® PROSet/Wireless EAP UI Module/Intel® Corporation)(2011-07-28 01:01:02)
Reg       HKLM\SYSTEM\CurrentControlSet\services\EapHost\Methods\8086\18@PeerDllPath                                                                   C:\Program Files\Intel\WiFi\bin\eh_eap_sim.dll (EAP-SIM Plugin/Intel® Corporation)(2011-07-28 00:19:32)
Reg       HKLM\SYSTEM\CurrentControlSet\services\EapHost\Methods\8086\21@PeerInteractiveUIPath                                                         C:\Program Files\Intel\WiFi\bin\eapui.dll (Intel® PROSet/Wireless EAP UI Module/Intel® Corporation)(2011-07-28 01:01:02)
Reg       HKLM\SYSTEM\CurrentControlSet\services\EapHost\Methods\8086\21@PeerDllPath                                                                   C:\Program Files\Intel\WiFi\bin\eh_eap_ttls.dll (EAP-TTLS Plugin/Intel® Corporation)(2011-07-28 00:19:08)
Reg       HKLM\SYSTEM\CurrentControlSet\services\EapHost\Methods\8086\21@PeerIdentityPath                                                              C:\Program Files\Intel\WiFi\bin\eapui.dll (Intel® PROSet/Wireless EAP UI Module/Intel® Corporation)(2011-07-28 01:01:02)
Reg       HKLM\SYSTEM\CurrentControlSet\services\EapHost\Methods\8086\23@PeerDllPath                                                                   C:\Program Files\Intel\WiFi\bin\eh_eap_aka.dll (EAP-AKA Plugin/Intel® Corporation)(2011-07-28 00:19:32)
Reg       HKLM\SYSTEM\CurrentControlSet\services\EapHost\Methods\8086\23@PeerInteractiveUIPath                                                         C:\Program Files\Intel\WiFi\bin\eapui.dll (Intel® PROSet/Wireless EAP UI Module/Intel® Corporation)(2011-07-28 01:01:02)
Reg       HKLM\SYSTEM\CurrentControlSet\services\EapHost\Methods\9\17@PeerDllPath                                                                      C:\Program Files (x86)\Cisco\Cisco LEAP Module\CiscoEapLeap.dll (Cisco LEAP Module/Cisco Systems, Inc.)(2009-04-01 21:41:36)
Reg       HKLM\SYSTEM\CurrentControlSet\services\EapHost\Methods\9\25@PeerDllPath                                                                      C:\Program Files (x86)\Cisco\Cisco PEAP Module\CiscoEapPeap.dll (Cisco PEAP Module/Cisco Systems, Inc.)(2009-04-01 22:29:16)
Reg       HKLM\SYSTEM\CurrentControlSet\services\EapHost\Methods\9\43@PeerDllPath                                                                      C:\Program Files (x86)\Cisco\Cisco EAP-FAST Module\CiscoEapFast.dll (Cisco EAP-FAST Module/Cisco Systems, Inc.)(2009-05-01 16:00:38)
Reg       HKLM\SYSTEM\CurrentControlSet\services\eeCtrl@ImagePath                                                                                      C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Eraser Control Driver/Symantec Corporation SIGNED)(2013-07-18 19:46:06)
Reg       HKLM\SYSTEM\CurrentControlSet\services\EraserUtilRebootDrv@ImagePath                                                                         C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Eraser Utility Driver/Symantec Corporation SIGNED)(2013-07-18 19:48:25)
Reg       HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\Symantec AntiVirus@EventMessageFile                                              C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Res\1033\PScanRes.dll (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:58)
Reg       HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\Symantec Endpoint Protection@EventMessageFile                                    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Res\09\01\rcSvcHst.dll (Symantec ccServiceHost Resources/Symantec Corporation SIGNED)(2012-11-03 11:22:58)
Reg       HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\Symantec Network Protection@EventMessageFile                                     C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Res\1033\CIDSManRes.dll (CidsManRes/Symantec Corporation SIGNED)(2012-11-03 11:22:58)
Reg       HKLM\SYSTEM\CurrentControlSet\services\eventlog\Symantec Endpoint Protection Client\Symantec Endpoint Protection Client@CategoryMessageFile  C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Res\1033\SepWin32EventLogApenderRes.dll (Symantec CMC EventLog Helper/Symantec Corporation SIGNED)(2012-11-03 11:22:58)
Reg       HKLM\SYSTEM\CurrentControlSet\services\eventlog\System\SRTSP@EventMessageFile                                                                C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSP64.SYS (Symantec AutoProtect/Symantec Corporation SIGNED)(2012-11-03 11:23:00)
Reg       HKLM\SYSTEM\CurrentControlSet\services\gfiark@ImagePath                                                                                      C:\Windows\system32\drivers\gfiark.sys (gfiark64.sys/ThreatTrack Security SIGNED)(2013-05-28 04:41:37)
Reg       HKLM\SYSTEM\CurrentControlSet\services\gfibto@ImagePath                                                                                      C:\Windows\system32\drivers\gfibto.sys (GFI Boot Time Operations Driver/GFI Software SIGNED)(2013-05-28 04:29:21)
Reg       HKLM\SYSTEM\CurrentControlSet\services\HitmanProScheduler@ImagePath                                                                          C:\Program Files\HitmanPro\hmpsched.exe (HitmanPro Scheduler/SurfRight B.V. SIGNED)(2013-07-25 01:50:43)
Reg       HKLM\SYSTEM\CurrentControlSet\services\ICCS@ImagePath                                                                                        C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel® Integrated Clock Controller Service - Intel® ICCS/Intel Corporation SIGNED)(2013-02-22 02:01:21)
Reg       HKLM\SYSTEM\CurrentControlSet\services\IDSVia64@ImagePath                                                                                    C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20130723.011\IDSvia64.sys (IDS Core Driver/Symantec Corporation SIGNED)(2013-07-24 14:04:10)
Reg       HKLM\SYSTEM\CurrentControlSet\services\iPod Service@ImagePath                                                                                C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (64-bit)/Apple Inc. SIGNED)(2013-05-31 15:56:06)
Reg       HKLM\SYSTEM\CurrentControlSet\services\MozillaMaintenance@ImagePath                                                                          C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation SIGNED)(2013-05-29 07:00:53)
Reg       HKLM\SYSTEM\CurrentControlSet\services\MyWiFiDHCPDNS@ImagePath                                                                               C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe(2011-07-28 00:48:34)
Reg       HKLM\SYSTEM\CurrentControlSet\services\NAVENG@ImagePath                                                                                      C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130724.016\ENG64.SYS (AV Engine/Symantec Corporation SIGNED)(2013-07-25 00:43:27)
Reg       HKLM\SYSTEM\CurrentControlSet\services\NAVEX15@ImagePath                                                                                     C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20130724.016\EX64.SYS (AV Engine/Symantec Corporation SIGNED)(2013-07-25 00:43:29)
Reg       HKLM\SYSTEM\CurrentControlSet\services\nvUpdatusService@ImagePath                                                                            C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Settings Update Manager/NVIDIA Corporation SIGNED)(2013-04-20 16:59:02)
Reg       HKLM\SYSTEM\CurrentControlSet\services\RasMan\PPP\EAP\13@Path                                                                                C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SymRasMan64.dll (Symantec Network Access Control/Symantec Corporation SIGNED)(2012-11-03 11:22:58)
Reg       HKLM\SYSTEM\CurrentControlSet\services\RegSrvc@ImagePath                                                                                     C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® PROSet/Wireless Registry Service/Intel® Corporation SIGNED)(2011-07-28 00:44:18)
Reg       HKLM\SYSTEM\CurrentControlSet\services\SepMasterService@ImagePath                                                                            C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe (Symantec Service Framework/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SYSTEM\CurrentControlSet\services\SmcService@ImagePath                                                                                  C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe (Symantec CMC Smc/Symantec Corporation SIGNED)(2012-11-03 11:22:58)
Reg       HKLM\SYSTEM\CurrentControlSet\services\SNAC@ImagePath                                                                                        C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\snac64.exe (Symantec Network Access Control/Symantec Corporation SIGNED)(2012-11-03 11:22:58)
Reg       HKLM\SYSTEM\CurrentControlSet\services\SnacNp\NetworkProvider@AuthentProviderPath                                                            C:\Windows\system32\snacnp.dll (Symantec Network Provider/Symantec Corporation SIGNED)(2013-07-18 19:38:11)
Reg       HKLM\SYSTEM\CurrentControlSet\services\SRTSP@ImagePath                                                                                       C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSP64.SYS (Symantec AutoProtect/Symantec Corporation SIGNED)(2012-11-03 11:23:00)
Reg       HKLM\SYSTEM\CurrentControlSet\services\SRTSPX@ImagePath                                                                                      C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSPX64.SYS (Symantec AutoProtect/Symantec Corporation SIGNED)(2012-11-03 11:23:00)
Reg       HKLM\SYSTEM\CurrentControlSet\services\SymDS@ImagePath                                                                                       C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS (Symantec Data Store/Symantec Corporation SIGNED)(2012-11-03 11:23:00)
Reg       HKLM\SYSTEM\CurrentControlSet\services\SymEFA@ImagePath                                                                                      C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS (Symantec Extended File Attributes/Symantec Corporation SIGNED)(2012-11-03 11:23:00)
Reg       HKLM\SYSTEM\CurrentControlSet\services\SymEvent@ImagePath                                                                                    C:\Windows\system32\Drivers\SYMEVENT64x86.SYS (Symantec Event Library/Symantec Corporation SIGNED)(2013-07-18 19:43:18)
Reg       HKLM\SYSTEM\CurrentControlSet\services\SymIRON@ImagePath                                                                                     C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS (Iron Driver/Symantec Corporation SIGNED)(2012-11-03 11:23:00)
Reg       HKLM\SYSTEM\CurrentControlSet\services\SYMNETS@ImagePath                                                                                     C:\Windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS (Network Security Driver/Symantec Corporation SIGNED)(2012-11-03 11:23:00)
Reg       HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008@LibraryPath                       C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc. SIGNED)(2011-08-31 03:05:02)
Reg       HKLM\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008@LibraryPath                     C:\Program Files\Bonjour\mdnsNSP.dll (Bonjour Namespace Provider/Apple Inc. SIGNED)(2011-08-31 03:05:32)
Reg       HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon@command                                                                   C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Push/Apple Inc. SIGNED)(2013-04-22 01:43:52)
Reg       HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper@command                                                                C:\Program Files (x86)\iTunes\iTunesHelper.exe (iTunesHelper/Apple Inc. SIGNED)(2013-05-31 15:56:02)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AcroRd32.exe@                                                                       C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Reader /Adobe Systems Incorporated SIGNED)(2013-05-11 10:37:30)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BJMYDGN.EXE@                                                                        C:\Program Files\Canon\MyPrinter\BJMyDgn.exe (Canon My Printer/CANON INC. SIGNED)(2012-09-30 04:26:06)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ccleaner.exe@                                                                       C:\Program Files\CCleaner\CCleaner64.exe (CCleaner/Piriform Ltd SIGNED)(2013-05-24 14:03:48)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe@                                                                         C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc. SIGNED)(2013-05-27 21:39:48)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\cmview.exe@                                                                         C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe (Easy Guide Viewer/CANON INC. SIGNED)(2012-09-30 04:25:26)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\CNELMAIN.EXE@                                                                       C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\CNELMAIN.EXE (CNELMAIN/CANON INC. SIGNED)(2012-09-30 04:27:11)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\CNEZMAIN.EXE@                                                                       C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\CNEZMAIN.EXE (Canon Easy-PhotoPrint EX/CANON INC. SIGNED)(2012-09-30 04:27:13)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\CNSEMAIN.EXE@                                                                       C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (Canon Solution Menu EX/CANON INC. SIGNED)(2012-09-30 04:28:14)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ewpexdl.exe@                                                                        C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexdl.exe (Easy-WebPrint EX Downloader/Canon.inc SIGNED)(2012-09-30 04:28:45)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe@                                                                        C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation SIGNED)(2013-07-03 15:56:52)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\iTunes.exe@                                                                         C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mbam.exe@                                                                           C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Anti-Malware/Malwarebytes Corporation SIGNED)(2013-07-23 02:38:04)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mpnex.exe@                                                                          C:\Program Files (x86)\Canon\MP Navigator EX 5.0\mpnex50.exe (Canon MP Navigator EX/CANON INC. SIGNED)(2012-09-30 04:26:23)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PictureViewer.exe@                                                                  C:\Program Files (x86)\QuickTime\PictureViewer.exe (PictureViewer/Apple Inc.)(2013-05-01 07:58:48)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\QuickTimePlayer.exe@                                                                C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (QuickTime Player/Apple Inc. SIGNED)(2013-05-01 08:44:26)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Safari.exe@                                                                         C:\Program Files (x86)\Safari\Safari.exe (Safari/Apple Inc. SIGNED)(2012-04-25 15:36:36)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Smc.exe@                                                                            C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe (Symantec CMC Smc/Symantec Corporation SIGNED)(2012-11-03 11:22:58)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\wordview.exe@                                                                       C:\Users\ELGUAP~1\Desktop\OFFICE11\WORDVIEW.EXE (Microsoft Office Word Viewer/Microsoft Corporation)(2013-03-29 20:20:38)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls@PROSet Tools                                                               C:\Program Files\Intel\WiFi\bin\iproset.cpl (Intel PROSet/Wireless Control Panel Applet/Intel® Corporation)(2011-07-28 00:56:10)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\iTunesBurnCDOnArrival@DefaultIcon                          C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@IntelPAN                                                                                  C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® PROSet/Wireless Framework/Intel® Corporation SIGNED)(2011-07-28 00:51:58)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@CCE                                                                                       C:\Users\el guapo y el fuerte\Desktop\DDownloads\cce_2.5.242177.201_x64\CCE\CCE.exe (COMODO Cleaning Essentials/COMODO SIGNED)(2012-07-09 06:46:08)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\StillImage\Registered Applications@MP Navigator EX Ver5.0                                     C:\Program Files (x86)\Canon\MP Navigator EX 5.0\mpnex50.exe (Canon MP Navigator EX/CANON INC. SIGNED)(2012-09-30 04:26:23)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner@UninstallString                                                            C:\Program Files\CCleaner\uninst.exe (CCleaner Installer/Piriform Ltd SIGNED)(2013-05-24 14:36:12)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner@DisplayIcon                                                                C:\Program Files\CCleaner\CCleaner64.exe (CCleaner/Piriform Ltd SIGNED)(2013-05-24 14:03:48)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HitmanPro37@DisplayIcon                                                             C:\Program Files\HitmanPro\HitmanPro.exe (HitmanPro 3.7/SurfRight B.V. SIGNED)(2013-07-25 01:50:42)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sevinst@QuietUninstallString                                                        C:\Program Files\Common Files\Symantec Shared\SEVINST64x86.EXE (Symantec Symevent Installer/Symantec Corporation SIGNED)(2013-07-18 19:43:18)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series@DisplayIcon              C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series\DelDrv64.exe (Canon IJ Driver Uninstaller/CANON INC. SIGNED)(2012-09-30 04:25:03)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision@DisplayIcon                 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstreg.exe (Stereoscpic 3D Registry Tool/NVIDIA Corporation SIGNED)(2012-10-02 17:15:54)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2103AF2-E66C-446B-9791-9207840EC821}@DisplayIcon                                  C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SymCorpUI.exe (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{5e425eda-7bcc-4f89-bde7-11e00861ca43}@ResourceFileName                     C:\Program Files (x86)\Cisco\Cisco LEAP Module\CiscoEapLeap.dll (Cisco LEAP Module/Cisco Systems, Inc.)(2009-04-01 21:41:36)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{88c9ad91-30ca-473f-917b-5e78fabd4c81}@ResourceFileName                     C:\Program Files (x86)\Cisco\Cisco EAP-FAST Module\CiscoEapFast.dll (Cisco EAP-FAST Module/Cisco Systems, Inc.)(2009-05-01 16:00:38)
Reg       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{a3e99773-83d7-460b-b69d-1af477e37a63}@ResourceFileName                     C:\Program Files (x86)\Cisco\Cisco PEAP Module\CiscoEapPeap.dll (Cisco PEAP Module/Cisco Systems, Inc.)(2009-04-01 22:29:16)
Reg       HKLM\SOFTWARE\Classes\*\shell\sdfiles\command@                                                                                               C:\Program Files (x86)\Spybot - Search & Destroy\SDFiles.exe (Single file on-demand scanner/Safer Networking Limited)(2013-05-28 03:56:46)
Reg       HKLM\SOFTWARE\Classes\acrobat\shell\open\command@                                                                                            C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Reader /Adobe Systems Incorporated SIGNED)(2013-05-11 10:37:30)
Reg       HKLM\SOFTWARE\Classes\AppID\{163A15AA-F8B0-4A44-8B5D-8C40F9B46E66}@DllSurrogate                                                              C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ProtectionUtilSurrogate.exe (Symantec Client Management Component/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Applications\AcroRD32.exe\shell\Read\command@                                                                          C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Reader /Adobe Systems Incorporated SIGNED)(2013-05-11 10:37:30)
Reg       HKLM\SOFTWARE\Classes\Applications\iTunes.exe\shell\open\command@                                                                            C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\Applications\wordview.exe\shell\Open\command@                                                                          C:\Users\el guapo y el fuerte\Desktop\OFFICE11\WORDVIEW.EXE (Microsoft Office Word Viewer/Microsoft Corporation)(2013-03-29 20:20:38)
Reg       HKLM\SOFTWARE\Classes\AudioCD\shell\play\command@                                                                                            C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\cclaunch\shell\open\command@                                                                                           C:\Program Files\CCleaner\ccleaner.exe (CCleaner/Piriform Ltd SIGNED)(2013-05-24 14:03:48)
Reg       HKLM\SOFTWARE\Classes\ChromeHTML\shell\open\command@                                                                                         C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc. SIGNED)(2013-05-27 21:39:48)
Reg       HKLM\SOFTWARE\Classes\CLSID\{059A5BAE-5D7A-4C5E-8F7A-BFD57D1D6AAA}\InprocServer32@                                                           C:\Program Files (x86)\Intel\Media SDK\mfx_mft_vc1vd_w7_64.dll (Intel® Hardware VC-1 Decoder MFT/Intel Corporation)(2013-02-22 02:00:58)
Reg       HKLM\SOFTWARE\Classes\CLSID\{063D34A4-BF84-4B8D-B699-E8CA06504DDE}\LocalServer32@                                                            C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (64-bit)/Apple Inc. SIGNED)(2013-05-31 15:56:06)
Reg       HKLM\SOFTWARE\Classes\CLSID\{0A25C695-3765-4B37-9455-4B1C113C2C04}\InprocServer32@                                                           C:\Program Files\iTunes\iTunesOutlookAddIn.dll (iTunes Outlook Add-in/Apple Inc. SIGNED)(2013-05-31 15:56:08)
Reg       HKLM\SOFTWARE\Classes\CLSID\{0E4ACE4C-DB4D-42C4-83A6-9A71D9C2CC1C}\InprocServer32@                                                           C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SymNAPSHAgent64.dll (Symantec Network Access Control Plug-in for Microsoft NAP/Symantec Corporation SIGNED)(2012-11-03 11:22:58)
Reg       HKLM\SOFTWARE\Classes\CLSID\{12E6A993-AE52-4F99-8B89-41F985E6C952}\InprocServer32@                                                           C:\Program Files\Common Files\Apple\Mobile Device Support\OutlookChangeNotifierAddIn.dll (OutlookChangeNotifier/Apple Inc. SIGNED)(2012-12-06 17:53:56)
Reg       HKLM\SOFTWARE\Classes\CLSID\{13118913-3B01-4C63-8E07-250EDDB71A2A}\InProcServer32@                                                           C:\PROGRA~2\Canon\EASY-P~2\x64\CNEZIEPI.DLL (CANON iMAGE GATEWAY Album Plugin Utility Module for IJ (x64)/CANON INC. SIGNED)(2012-09-30 04:27:51)
Reg       HKLM\SOFTWARE\Classes\CLSID\{1BF6CB2D-2AE0-4879-A7AA-A75834FBD0E3}\InprocServer32@                                                           C:\Windows\system32\WLIHVUI.dll (Intel® PROSet/Wireless WLIHVUI Module/Intel® Corporation)(2011-07-28 00:54:44)
Reg       HKLM\SOFTWARE\Classes\CLSID\{1CDDD0B9-03AA-4442-9A5B-AC98086513E1}\LocalServer32@                                                            C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SmcGui.exe (Symantec CMC SmcGui/Symantec Corporation SIGNED)(2012-11-03 11:22:58)
Reg       HKLM\SOFTWARE\Classes\CLSID\{1DC715B2-9126-4671-8086-299A44543E0F}\InprocServer32@                                                           C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation SIGNED)(2013-04-20 16:57:45)
Reg       HKLM\SOFTWARE\Classes\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\InprocServer32@                                                           C:\Windows\system32\dnssdX.dll (Bonjour COM Component Library/Apple Inc. SIGNED)(2011-08-31 03:05:32)
Reg       HKLM\SOFTWARE\Classes\CLSID\{26AFF61A-3282-4915-92C6-DCD3DB29BD5C}\InprocServer32@                                                           C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\rtvscanPS64.dll (RTVScanPS/Symantec Corporation SIGNED)(2012-11-03 11:22:56)
Reg       HKLM\SOFTWARE\Classes\CLSID\{2AA55A10-1373-499B-8485-561006D1A1B0}\LocalServer32@                                                            C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\smcgui.exe (Symantec CMC SmcGui/Symantec Corporation SIGNED)(2012-11-03 11:22:58)
Reg       HKLM\SOFTWARE\Classes\CLSID\{2F234A01-A4EB-4EAB-A130-A13C97953F0B}\LocalServer32@                                                            C:\Program Files\OriginLab\Origin9\Origin9_64.exe (Origin 9.0/OriginLab Corporation SIGNED)(2013-02-22 22:10:36)
Reg       HKLM\SOFTWARE\Classes\CLSID\{33C89616-F807-4957-BF34-A1C91D7A1A2E}\InprocServer32@                                                           C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation SIGNED)(2013-04-20 16:57:45)
Reg       HKLM\SOFTWARE\Classes\CLSID\{35AF7390-D827-4C1C-B7E0-8A26EC695AF5}\LocalServer32@                                                            C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SmcGui.exe (Symantec CMC SmcGui/Symantec Corporation SIGNED)(2012-11-03 11:22:58)
Reg       HKLM\SOFTWARE\Classes\CLSID\{368F81BC-9439-41A8-B532-39C8D7E7D147}\LocalServer32@                                                            C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (64-bit)/Apple Inc. SIGNED)(2013-05-31 15:56:06)
Reg       HKLM\SOFTWARE\Classes\CLSID\{37DDDC1B-9666-4746-AEA4-161863052FC5}@LocalizedString                                                           C:\Program Files\Intel\WiFi\bin\PanUI.exe (Intel® My WiFi Configuration Utility/Intel® Corporation SIGNED)(2011-07-28 00:54:46)
Reg       HKLM\SOFTWARE\Classes\CLSID\{3D1975AF-48C6-4f8e-A182-AC5012248AB5}\InProcServer32@                                                           C:\Windows\system32\nvshext.dll (NVIDIA Corporation SIGNED)(2013-04-20 16:57:47)
Reg       HKLM\SOFTWARE\Classes\CLSID\{45E5CE07-5AC7-4509-94E9-62DB27CF8F96}\InprocServer32@                                                           C:\Program Files (x86)\Intel\Media SDK\mfx_mft_h264vd_w7_64.dll (Intel® Hardware H.264 Decoder MFT/Intel Corporation)(2013-02-22 02:00:58)
Reg       HKLM\SOFTWARE\Classes\CLSID\{47CB7106-E15C-4c06-B5E8-5849936F2E3B}\InprocServer32@                                                           C:\PROGRA~2\Canon\EASY-P~2\x64\CNEZIEPI.DLL (CANON iMAGE GATEWAY Album Plugin Utility Module for IJ (x64)/CANON INC. SIGNED)(2012-09-30 04:27:51)
Reg       HKLM\SOFTWARE\Classes\CLSID\{4B37F436-A1C7-43D6-8B48-2578BFB82F9C}\LocalServer32@                                                            C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\smcgui.exe (Symantec CMC SmcGui/Symantec Corporation SIGNED)(2012-11-03 11:22:58)
Reg       HKLM\SOFTWARE\Classes\CLSID\{4BE8D3C0-0515-4A37-AD55-E4BAE19AF471}\InprocServer32@                                                           C:\Program Files (x86)\Intel\Media SDK\mfx_mft_h264ve_w7_64.dll (Intel® Quick Sync Video H.264 Encoder MFT/Intel Corporation)(2013-02-22 02:00:58)
Reg       HKLM\SOFTWARE\Classes\CLSID\{4FC7F090-041C-4730-BD24-AF4BA8A2A5E0}\InprocServer32@                                                           C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation SIGNED)(2013-04-20 16:57:45)
Reg       HKLM\SOFTWARE\Classes\CLSID\{501F9014-F64A-49AD-A36D-CB8F722D3739}\InprocServer32@                                                           C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\ProtectionProviderPS64.dll (ProtectionProvider/Symantec Corporation SIGNED)(2012-11-03 11:22:56)
Reg       HKLM\SOFTWARE\Classes\CLSID\{5387A36B-6F55-4C66-B085-E18393FCEA87}\InprocHandler32@                                                          C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation SIGNED)(2013-04-20 16:57:45)
Reg       HKLM\SOFTWARE\Classes\CLSID\{5697942D-8A7C-426d-B2BE-CD43C00765AC}\InprocServer32@                                                           C:\Windows\system32\WLIHVUI.dll (Intel® PROSet/Wireless WLIHVUI Module/Intel® Corporation)(2011-07-28 00:54:44)
Reg       HKLM\SOFTWARE\Classes\CLSID\{57B83450-FD6E-4A1E-8B53-1320576F8054}\InprocServer32@                                                           C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreamingIePlugin64.dll (NVIDIA 3D Vision 64bit Streaming IE plugin/NVIDIA Corporation)(2012-10-02 21:24:38)
Reg       HKLM\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32@                                                           C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Anti-Malware/Malwarebytes Corporation SIGNED)(2013-07-23 02:38:04)
Reg       HKLM\SOFTWARE\Classes\CLSID\{5DF4E7C5-78E3-4CCA-93CD-DF1639E165FB}\InprocServer32@                                                           C:\Program Files\NVIDIA Corporation\Display\nvxdapix.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation SIGNED)(2013-04-20 16:57:45)
Reg       HKLM\SOFTWARE\Classes\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\InprocServer32@                                                           C:\Windows\system32\dnssdX.dll (Bonjour COM Component Library/Apple Inc. SIGNED)(2011-08-31 03:05:32)
Reg       HKLM\SOFTWARE\Classes\CLSID\{61F6D8A0-2863-11D0-BBB6-00409512C43D}\LocalServer32@                                                            C:\Program Files\OriginLab\Origin9\Origin9_64.exe (Origin 9.0/OriginLab Corporation SIGNED)(2013-02-22 22:10:36)
Reg       HKLM\SOFTWARE\Classes\CLSID\{63530157-314D-473F-BB48-9B1B18908300}\InProcServer32@                                                           C:\Program Files\iTunes\iTunesOutlookAddIn.dll (iTunes Outlook Add-in/Apple Inc. SIGNED)(2013-05-31 15:56:08)
Reg       HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\Open CCleaner...\command@                                           C:\Program Files\CCleaner\ccleaner.exe (CCleaner/Piriform Ltd SIGNED)(2013-05-24 14:03:48)
Reg       HKLM\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}@LocalizedString                                                           C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe (Adobe® Flash® Player Installer/Uninstaller 11.8 r800/Adobe Systems Incorporated SIGNED)(2013-07-23 02:10:34)
Reg       HKLM\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\InprocServer32@                                                           C:\PROGRA~2\ESET\ESETON~1\ONLINE~2.OCX (Eset OnlineScanner ActiveX Control/ESET SIGNED)(2013-07-23 01:05:30)
Reg       HKLM\SOFTWARE\Classes\CLSID\{7A7FB085-6068-4898-8CCA-480A9187277C}\LocalServer32@                                                            C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (64-bit)/Apple Inc. SIGNED)(2013-05-31 15:56:06)
Reg       HKLM\SOFTWARE\Classes\CLSID\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\InprocServer32@                                                           C:\Windows\system32\dnssdX.dll (Bonjour COM Component Library/Apple Inc. SIGNED)(2011-08-31 03:05:32)
Reg       HKLM\SOFTWARE\Classes\CLSID\{81E8B13B-EDEA-FF08-90CB-47D97550AD14}\Shell\Open\Command@                                                       C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe (iCloud/Apple Inc. SIGNED)(2013-04-05 16:58:16)
Reg       HKLM\SOFTWARE\Classes\CLSID\{8630F7C0-73E6-4C27-80AF-6ED3A7152194}\LocalServer32@                                                            C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SmcGui.exe (Symantec CMC SmcGui/Symantec Corporation SIGNED)(2012-11-03 11:22:58)
Reg       HKLM\SOFTWARE\Classes\CLSID\{870B678D-913A-4ABC-81FC-9F380BB4B24D}\InprocServer32@                                                           C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVisionIePlugin64.dll (NVIDIA 3D Vision 64bit IE plugin/NVIDIA Corporation)(2012-10-02 21:25:50)
Reg       HKLM\SOFTWARE\Classes\CLSID\{89D984B3-813B-406A-8298-118AFA3A22AE}\InprocServer32@                                                           C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll(2013-04-05 16:58:30)
Reg       HKLM\SOFTWARE\Classes\CLSID\{8BEEE74D-455E-4616-A97A-F6E86C317F32}\InprocServer32@                                                           C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\vpshell2.dll (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:58)
Reg       HKLM\SOFTWARE\Classes\CLSID\{9FE89513-7A1C-4229-8DF1-AB272A668E52}\LocalServer32@                                                            C:\Program Files\OriginLab\Origin9\Origin9_64.exe (Origin 9.0/OriginLab Corporation SIGNED)(2013-02-22 22:10:36)
Reg       HKLM\SOFTWARE\Classes\CLSID\{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}\LocalServer32@                                                            C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® PROSet/Wireless Registry Service/Intel® Corporation SIGNED)(2011-07-28 00:44:18)
Reg       HKLM\SOFTWARE\Classes\CLSID\{A48C9174-9A40-475A-87DB-07CE895C624E}\LocalServer32@                                                            C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SmcGui.exe (Symantec CMC SmcGui/Symantec Corporation SIGNED)(2012-11-03 11:22:58)
Reg       HKLM\SOFTWARE\Classes\CLSID\{A70C977A-BF00-412C-90B7-034C51DA2439}\InprocServer32@                                                           C:\Program Files\NVIDIA Corporation\Display\nvui.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation SIGNED)(2013-04-20 16:57:45)
Reg       HKLM\SOFTWARE\Classes\CLSID\{A80E0FBA-4FDE-48F0-92F3-926B8EF0439F}\InprocServer32@                                                           C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsPS64.dll(2013-04-05 16:58:30)
Reg       HKLM\SOFTWARE\Classes\CLSID\{A929C4CE-FD36-4270-B4F5-34ECAC5BD63C}\InprocServer32@                                                           C:\Windows\system32\nv3dappshext.dll (NVIDIA Shell Extensions/NVIDIA Corporation SIGNED)(2013-04-20 16:57:47)
Reg       HKLM\SOFTWARE\Classes\CLSID\{AD374A9E-D7FC-453A-A146-16535FE9ECC1}\InprocServer32@                                                           C:\Program Files\NVIDIA Corporation\Display\nvxdplcy.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation SIGNED)(2013-04-20 16:57:45)
Reg       HKLM\SOFTWARE\Classes\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\InprocServer32@                                                           C:\Windows\system32\dnssdX.dll (Bonjour COM Component Library/Apple Inc. SIGNED)(2011-08-31 03:05:32)
Reg       HKLM\SOFTWARE\Classes\CLSID\{B0F21977-8AAB-4632-A73D-528B909C5663}\LocalServer32@                                                            C:\Program Files\OriginLab\Origin9\Origin9_64.exe (Origin 9.0/OriginLab Corporation SIGNED)(2013-02-22 22:10:36)
Reg       HKLM\SOFTWARE\Classes\CLSID\{B33927D0-89E6-45D8-87C7-27F3DE3EFDE6}\LocalServer32@                                                            C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (64-bit)/Apple Inc. SIGNED)(2013-05-31 15:56:06)
Reg       HKLM\SOFTWARE\Classes\CLSID\{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}\InprocServer32@                                                           C:\Program Files\iTunes\iTunesMiniPlayer.dll (iTunes Miniplayer DLL (64-bit)/Apple Inc. SIGNED)(2013-05-31 15:56:06)
Reg       HKLM\SOFTWARE\Classes\CLSID\{BEEB932A-8D4A-4619-AEFE-A836F988B221}\InprocServer32@                                                           C:\Windows\system32\dnssdX.dll (Bonjour COM Component Library/Apple Inc. SIGNED)(2011-08-31 03:05:32)
Reg       HKLM\SOFTWARE\Classes\CLSID\{CD5BA7FF-9071-40E9-A462-8DC5152B1776}\InprocServer32@                                                           C:\Program Files (x86)\Intel\Media SDK\mfx_mft_mp2vd_w7_64.dll (Intel® Hardware MPEG-2 Decoder MFT/Intel Corporation)(2013-02-22 02:00:58)
Reg       HKLM\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32@                                                           C:\Windows\system32\Macromed\Flash\Flash64_11_8_800_94.ocx (Adobe Flash Player 11.8 r800/Adobe Systems, Inc. SIGNED)(2013-07-23 02:10:34)
Reg       HKLM\SOFTWARE\Classes\CLSID\{D83B4606-0F74-49BE-8DD3-34A6BA5B3ED2}\InprocServer32@                                                           C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll(2013-04-05 16:58:30)
Reg       HKLM\SOFTWARE\Classes\CLSID\{DC09760E-9FDA-454A-B9D2-7E663E58C39D}\InProcServer32@                                                           C:\Program Files\NVIDIA Corporation\Display\nvxdbat.dll (NVIDIA User Experience Driver Component/NVIDIA Corporation SIGNED)(2013-04-20 16:57:45)
Reg       HKLM\SOFTWARE\Classes\CLSID\{DE2069CF-2AE3-4057-B17F-0206317935E3}\InprocServer32@                                                           C:\Program Files\Intel\WiFi\bin\iWMSProv.dll (Intel PROSet/Wireless IWMS Provider/Intel® Corporation)(2011-07-28 00:46:30)
Reg       HKLM\SOFTWARE\Classes\CLSID\{de5ff4be-6d05-4199-8edd-5bf7917fab0e}\Shell\Open\Command@                                                       C:\Program Files\Intel\WiFi\bin\PanUI.exe (Intel® My WiFi Configuration Utility/Intel® Corporation SIGNED)(2011-07-28 00:54:46)
Reg       HKLM\SOFTWARE\Classes\CLSID\{E17664B2-DFBE-4654-8E40-672EC40C0276}\LocalServer32@                                                            C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SmcGui.exe (Symantec CMC SmcGui/Symantec Corporation SIGNED)(2012-11-03 11:22:58)
Reg       HKLM\SOFTWARE\Classes\CLSID\{E28EE682-E406-4254-8CEB-736616138E89}\LocalServer32@                                                            C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® PROSet/Wireless Event Log Service/Intel® Corporation SIGNED)(2011-07-28 01:04:48)
Reg       HKLM\SOFTWARE\Classes\CLSID\{E765AEFA-961C-4643-8E78-8731CF0E660D}\LocalServer32@                                                            C:\PROGRA~1\Intel\WiFi\bin\PanUI.exe (Intel® My WiFi Configuration Utility/Intel® Corporation SIGNED)(2011-07-28 00:54:46)
Reg       HKLM\SOFTWARE\Classes\CLSID\{E97DEC16-A50D-49bb-AE24-CF682282E08D}\InprocServer32@                                                           C:\Windows\system32\nv3dappshext.dll (NVIDIA Shell Extensions/NVIDIA Corporation SIGNED)(2013-04-20 16:57:47)
Reg       HKLM\SOFTWARE\Classes\CLSID\{EE69B504-1CBF-4EA6-8137-BB10F806B014}\InprocServer32@                                                           C:\Program Files (x86)\Intel\Media SDK\mfx_mft_vpp_w7_64.dll (Intel® Hardware Preprocessing MFT/Intel Corporation)(2013-02-22 02:00:58)
Reg       HKLM\SOFTWARE\Classes\CLSID\{F0D63F85-37EC-4097-B30D-61B4A8917118}\InprocServer32@                                                           C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll(2013-04-05 16:58:30)
Reg       HKLM\SOFTWARE\Classes\CLSID\{F50BD50D-952E-4C4E-BF0E-C435015C6ADD}\LocalServer32@                                                            C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SmcGui.exe (Symantec CMC SmcGui/Symantec Corporation SIGNED)(2012-11-03 11:22:58)
Reg       HKLM\SOFTWARE\Classes\CLSID\{F7747266-777D-4F61-A175-DD5ADF1E37DF}\InprocServer32@                                                           C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming64.dll (NVIDIA 3D Vision 64bit plugin/NVIDIA Corporation)(2012-10-02 21:25:24)
Reg       HKLM\SOFTWARE\Classes\CLSID\{F7A782D3-2DDD-4327-BB70-0D1D0F1E38B0}\InprocServer32@                                                           C:\Program Files\iTunes\iPodUpdaterExt.dll (iPod Universal Updater Module/Apple Inc. SIGNED)(2013-05-31 15:56:06)
Reg       HKLM\SOFTWARE\Classes\CLSID\{F969D287-C839-43c2-97AB-E4B03FB3474D}\InprocServer32@                                                           C:\Windows\system32\WLIHVUI.dll (Intel® PROSet/Wireless WLIHVUI Module/Intel® Corporation)(2011-07-28 00:54:44)
Reg       HKLM\SOFTWARE\Classes\CLSID\{FFB699E0-306A-11d3-8BD1-00104B6F7516}\InProcServer32@                                                           C:\Windows\system32\nvcpl.dll (NVIDIA Display Properties Extension/NVIDIA Corporation SIGNED)(2013-04-20 16:57:47)
Reg       HKLM\SOFTWARE\Classes\daap\shell\open\command@                                                                                               C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\EGV\shell\open\command@                                                                                                C:\PROGRAM FILES (X86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe (Easy Guide Viewer/CANON INC. SIGNED)(2012-09-30 04:25:26)
Reg       HKLM\SOFTWARE\Classes\file.el1\shell\open\command@                                                                                           C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\CNEZMAIN.EXE (Canon Easy-PhotoPrint EX/CANON INC. SIGNED)(2012-09-30 04:27:13)
Reg       HKLM\SOFTWARE\Classes\FirefoxHTML\shell\open\command@                                                                                        C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation SIGNED)(2013-07-03 15:56:52)
Reg       HKLM\SOFTWARE\Classes\Folder\shell\sdfiles\command@                                                                                          C:\Program Files (x86)\Spybot - Search & Destroy\SDFiles.exe (Single file on-demand scanner/Safer Networking Limited)(2013-05-28 03:56:46)
Reg       HKLM\SOFTWARE\Classes\ftp\shell\open\command@                                                                                                C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc. SIGNED)(2013-05-27 21:39:48)
Reg       HKLM\SOFTWARE\Classes\Installer\Products\9040580900063D11C8EF10054038389C@ProductIcon                                                        C:\Windows\Installer\{90850409-6000-11D3-8CFE-0150048383C9}\wrdvicon.exe(2013-05-22 19:00:43)
Reg       HKLM\SOFTWARE\Classes\itls\shell\open\command@                                                                                               C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.aa@FriendlyTypeName                                                                                             C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.aa\shell\open\command@                                                                                          C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.aax@FriendlyTypeName                                                                                            C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.aax\shell\open\command@                                                                                         C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.aif@FriendlyTypeName                                                                                            C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.aif\shell\open\command@                                                                                         C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.aifc@FriendlyTypeName                                                                                           C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.aifc\shell\open\command@                                                                                        C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.aiff@FriendlyTypeName                                                                                           C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.aiff\shell\open\command@                                                                                        C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.AssocProtocol.daap@FriendlyTypeName                                                                             C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.AssocProtocol.daap\shell\open\command@                                                                          C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.AssocProtocol.itls@FriendlyTypeName                                                                             C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.AssocProtocol.itls\shell\open\command@                                                                          C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.AssocProtocol.itms@FriendlyTypeName                                                                             C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.AssocProtocol.itms\shell\open\command@                                                                          C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.AssocProtocol.itmss@FriendlyTypeName                                                                            C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.AssocProtocol.itmss\shell\open\command@                                                                         C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.AssocProtocol.itpc@FriendlyTypeName                                                                             C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.AssocProtocol.itpc\shell\open\command@                                                                          C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.AssocProtocol.pcast@FriendlyTypeName                                                                            C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.AssocProtocol.pcast\shell\open\command@                                                                         C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.cda@FriendlyTypeName                                                                                            C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.cda\shell\open\command@                                                                                         C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.cdda@FriendlyTypeName                                                                                           C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.cdda\shell\open\command@                                                                                        C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.ipa@FriendlyTypeName                                                                                            C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.ipa\shell\open\command@                                                                                         C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.ipg@FriendlyTypeName                                                                                            C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.ipg\shell\open\command@                                                                                         C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.ipsw@FriendlyTypeName                                                                                           C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.ipsw\shell\open\command@                                                                                        C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.itdb@FriendlyTypeName                                                                                           C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.itdb\shell\open\command@                                                                                        C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.ite@FriendlyTypeName                                                                                            C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.ite\shell\open\command@                                                                                         C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.itl@FriendlyTypeName                                                                                            C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.itl\shell\open\command@                                                                                         C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.itls@FriendlyTypeName                                                                                           C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.itls\shell\open\command@                                                                                        C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.itms@FriendlyTypeName                                                                                           C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.itms\shell\open\command@                                                                                        C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.itpc@FriendlyTypeName                                                                                           C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.itpc\shell\open\command@                                                                                        C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.m3u@FriendlyTypeName                                                                                            C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.m3u\shell\open\command@                                                                                         C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.m3u8@FriendlyTypeName                                                                                           C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.m3u8\shell\open\command@                                                                                        C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.m4a@FriendlyTypeName                                                                                            C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.m4a\shell\open\command@                                                                                         C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.m4b@FriendlyTypeName                                                                                            C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.m4b\shell\open\command@                                                                                         C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.m4p@FriendlyTypeName                                                                                            C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.m4p\shell\open\command@                                                                                         C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.m4r@FriendlyTypeName                                                                                            C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.m4r\shell\open\command@                                                                                         C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.m4v@FriendlyTypeName                                                                                            C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.m4v\shell\open\command@                                                                                         C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.mov@FriendlyTypeName                                                                                            C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.mov\shell\open\command@                                                                                         C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.mp2@FriendlyTypeName                                                                                            C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.mp2\shell\open\command@                                                                                         C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.mp3@FriendlyTypeName                                                                                            C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.mp3\shell\open\command@                                                                                         C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.mpeg@FriendlyTypeName                                                                                           C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.mpeg\shell\open\command@                                                                                        C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.mpg@FriendlyTypeName                                                                                            C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.mpg\shell\open\command@                                                                                         C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.pcast@FriendlyTypeName                                                                                          C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.pcast\shell\open\command@                                                                                       C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.pls@FriendlyTypeName                                                                                            C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.pls\shell\open\command@                                                                                         C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.rmp@FriendlyTypeName                                                                                            C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.rmp\shell\open\command@                                                                                         C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.wav@FriendlyTypeName                                                                                            C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.wav\shell\open\command@                                                                                         C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\iTunes.wave@FriendlyTypeName                                                                                           C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\iTunes.wave\shell\open\command@                                                                                        C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\jpsfile\shell\open\command@                                                                                            C:\Program Files (x86)\NVIDIA Corporation\3D Vision\NvStView.exe (NVIDIA 3D Vision Photo Viewer/NVIDIA Corporation SIGNED)(2012-10-02 17:15:58)
Reg       HKLM\SOFTWARE\Classes\MacromediaFlashPaper.MacromediaFlashPaper\shell\open\command@                                                          C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation SIGNED)(2013-07-03 15:56:52)
Reg       HKLM\SOFTWARE\Classes\mpofile\shell\open\command@                                                                                            C:\Program Files (x86)\NVIDIA Corporation\3D Vision\NvStView.exe (NVIDIA 3D Vision Photo Viewer/NVIDIA Corporation SIGNED)(2012-10-02 17:15:58)
Reg       HKLM\SOFTWARE\Classes\ORGABFFIO.Document\shell\open\command@                                                                                 C:\Program Files\OriginLab\Origin9\ORGABFFIO.exe (ORGABFFIO/TODO: <Company name>)(2013-02-22 22:10:38)
Reg       HKLM\SOFTWARE\Classes\Origin50.Graph\protocol\StdFileEditing\server@                                                                         C:\Program Files\OriginLab\Origin9\Origin9_64.exe (Origin 9.0/OriginLab Corporation SIGNED)(2013-02-22 22:10:36)
Reg       HKLM\SOFTWARE\Classes\pcast\shell\open\command@                                                                                              C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\PDXFileType\shell\Read\command@                                                                                        C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Reader /Adobe Systems Incorporated SIGNED)(2013-05-11 10:37:30)
Reg       HKLM\SOFTWARE\Classes\pnsfile\shell\open\command@                                                                                            C:\Program Files (x86)\NVIDIA Corporation\3D Vision\NvStView.exe (NVIDIA 3D Vision Photo Viewer/NVIDIA Corporation SIGNED)(2012-10-02 17:15:58)
Reg       HKLM\SOFTWARE\Classes\QuickTime.3g2\shell\open\command@                                                                                      C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (QuickTime Player/Apple Inc. SIGNED)(2013-05-01 08:44:26)
Reg       HKLM\SOFTWARE\Classes\QuickTime.bmp\shell\open\command@                                                                                      C:\Program Files (x86)\QuickTime\PictureViewer.exe (PictureViewer/Apple Inc.)(2013-05-01 07:58:48)
Reg       HKLM\SOFTWARE\Classes\QuickTime.bwf\shell\open\command@                                                                                      C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (QuickTime Player/Apple Inc. SIGNED)(2013-05-01 08:44:26)
Reg       HKLM\SOFTWARE\Classes\QuickTime.dib\shell\open\command@                                                                                      C:\Program Files (x86)\QuickTime\PictureViewer.exe (PictureViewer/Apple Inc.)(2013-05-01 07:58:48)
Reg       HKLM\SOFTWARE\Classes\QuickTime.dif\shell\open\command@                                                                                      C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (QuickTime Player/Apple Inc. SIGNED)(2013-05-01 08:44:26)
Reg       HKLM\SOFTWARE\Classes\QuickTime.jp2\shell\open\command@                                                                                      C:\Program Files (x86)\QuickTime\PictureViewer.exe (PictureViewer/Apple Inc.)(2013-05-01 07:58:48)
Reg       HKLM\SOFTWARE\Classes\QuickTime.kar\shell\open\command@                                                                                      C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (QuickTime Player/Apple Inc. SIGNED)(2013-05-01 08:44:26)
Reg       HKLM\SOFTWARE\Classes\QuickTime.mac\shell\open\command@                                                                                      C:\Program Files (x86)\QuickTime\PictureViewer.exe (PictureViewer/Apple Inc.)(2013-05-01 07:58:48)
Reg       HKLM\SOFTWARE\Classes\QuickTime.mid\shell\open\command@                                                                                      C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (QuickTime Player/Apple Inc. SIGNED)(2013-05-01 08:44:26)
Reg       HKLM\SOFTWARE\Classes\QuickTime.pct\shell\open\command@                                                                                      C:\Program Files (x86)\QuickTime\PictureViewer.exe (PictureViewer/Apple Inc.)(2013-05-01 07:58:48)
Reg       HKLM\SOFTWARE\Classes\QuickTime.qcp\shell\open\command@                                                                                      C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (QuickTime Player/Apple Inc. SIGNED)(2013-05-01 08:44:26)
Reg       HKLM\SOFTWARE\Classes\QuickTime.qti\shell\open\command@                                                                                      C:\Program Files (x86)\QuickTime\PictureViewer.exe (PictureViewer/Apple Inc.)(2013-05-01 07:58:48)
Reg       HKLM\SOFTWARE\Classes\QuickTime.qtl\shell\open\command@                                                                                      C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (QuickTime Player/Apple Inc. SIGNED)(2013-05-01 08:44:26)
Reg       HKLM\SOFTWARE\Classes\QuickTime.rgb\shell\open\command@                                                                                      C:\Program Files (x86)\QuickTime\PictureViewer.exe (PictureViewer/Apple Inc.)(2013-05-01 07:58:48)
Reg       HKLM\SOFTWARE\Classes\QuickTime.rts\shell\open\command@                                                                                      C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (QuickTime Player/Apple Inc. SIGNED)(2013-05-01 08:44:26)
Reg       HKLM\SOFTWARE\Classes\QuickTime.sgi\shell\open\command@                                                                                      C:\Program Files (x86)\QuickTime\PictureViewer.exe (PictureViewer/Apple Inc.)(2013-05-01 07:58:48)
Reg       HKLM\SOFTWARE\Classes\QuickTime.smf\shell\open\command@                                                                                      C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (QuickTime Player/Apple Inc. SIGNED)(2013-05-01 08:44:26)
Reg       HKLM\SOFTWARE\Classes\QuickTime.targa\shell\open\command@                                                                                    C:\Program Files (x86)\QuickTime\PictureViewer.exe (PictureViewer/Apple Inc.)(2013-05-01 07:58:48)
Reg       HKLM\SOFTWARE\Classes\QuickTime.ulw\shell\open\command@                                                                                      C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (QuickTime Player/Apple Inc. SIGNED)(2013-05-01 08:44:26)
Reg       HKLM\SOFTWARE\Classes\SafariDownload@FriendlyTypeName                                                                                        C:\Program Files (x86)\Safari\Safari.resources\SafariRegistry.dll (SafariRegistry.dll/Apple Inc. SIGNED)(2012-04-25 15:20:26)
Reg       HKLM\SOFTWARE\Classes\SafariDownload\shell\open\command@                                                                                     C:\Program Files (x86)\Safari\Safari.exe (Safari/Apple Inc. SIGNED)(2012-04-25 15:36:36)
Reg       HKLM\SOFTWARE\Classes\SafariExtension@FriendlyTypeName                                                                                       C:\Program Files (x86)\Safari\Safari.resources\SafariRegistry.dll (SafariRegistry.dll/Apple Inc. SIGNED)(2012-04-25 15:20:26)
Reg       HKLM\SOFTWARE\Classes\SafariExtension\shell\open\command@                                                                                    C:\Program Files (x86)\Safari\Safari.exe (Safari/Apple Inc. SIGNED)(2012-04-25 15:36:36)
Reg       HKLM\SOFTWARE\Classes\SafariHTML@FriendlyTypeName                                                                                            C:\Program Files (x86)\Safari\Safari.resources\SafariRegistry.dll (SafariRegistry.dll/Apple Inc. SIGNED)(2012-04-25 15:20:26)
Reg       HKLM\SOFTWARE\Classes\SafariHTML\shell\open\command@                                                                                         C:\Program Files (x86)\Safari\Safari.exe (Safari/Apple Inc. SIGNED)(2012-04-25 15:36:36)
Reg       HKLM\SOFTWARE\Classes\SafariURL@FriendlyTypeName                                                                                             C:\Program Files (x86)\Safari\Safari.resources\SafariRegistry.dll (SafariRegistry.dll/Apple Inc. SIGNED)(2012-04-25 15:20:26)
Reg       HKLM\SOFTWARE\Classes\SafariURL\shell\open\command@                                                                                          C:\Program Files (x86)\Safari\Safari.exe (Safari/Apple Inc. SIGNED)(2012-04-25 15:36:36)
Reg       HKLM\SOFTWARE\Classes\SOFTWARE\Adobe\Acrobat\Exe@                                                                                            C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Reader /Adobe Systems Incorporated SIGNED)(2013-05-11 10:37:30)
Reg       HKLM\SOFTWARE\Classes\SpybotSD.DisabledFile\shell\open\command@                                                                              C:\Program Files (x86)\Spybot - Search & Destroy\blindman.exe (Dummy/Safer Networking Limited SIGNED)(2013-05-28 03:56:46)
Reg       HKLM\SOFTWARE\Classes\SpybotSD.SBEFile\shell\open\command@                                                                                   C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Spybot - Search & Destroy/Safer Networking Limited SIGNED)(2013-05-28 03:56:46)
Reg       HKLM\SOFTWARE\Classes\Wordview.Backup.8\shell\open\command@                                                                                  C:\Users\el guapo y el fuerte\Desktop\OFFICE11\WORDVIEW.EXE (Microsoft Office Word Viewer/Microsoft Corporation)(2013-03-29 20:20:38)
 


#11 MyCrappyComputer

MyCrappyComputer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 25 July 2013 - 09:38 PM

This is a continuation of the GMER rootkit/Malware scan. It was too long to post all at once.
 
 
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{0002CE02-0000-0000-C000-000000000046}\LocalServer32@                                                C:\PROGRA~2\COMMON~1\MICROS~1\EQUATION\EQNEDT32.EXE (Microsoft Equation Editor/Design Science, Inc.)(2003-03-24 18:59:32)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{0103A448-2934-4B3D-A54E-FED761D472E0}\LocalServer32@                                                C:\Windows\SysWOW64\Adobe\Shockwave 12\SwHelper_1202122.exe (Shockwave Helper/Adobe Systems, Inc. SIGNED)(2013-04-03 14:22:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\InprocServer32@                                               C:\Program Files (x86)\QuickTime\QTPlugin.ocx (The QuickTime Control allows you to view a wide variety of multimedia content in web pages./Apple Inc. SIGNED)(2013-05-01 08:44:26)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{05741520-C4EB-440A-AC3F-9643BBC9F847}\InprocServer32@                                               C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\OTKLOADR.DLL (Assembly loader/Microsoft Corporation)(2005-03-18 15:47:14)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{059A5BAE-5D7A-4C5E-8F7A-BFD57D1D6AAA}\InprocServer32@                                               C:\Program Files (x86)\Intel\Media SDK\mfx_mft_vc1vd_w7_32.dll (Intel® Hardware VC-1 Decoder MFT/Intel Corporation)(2013-02-22 02:00:58)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32@                                               C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe PDF Helper for Internet Explorer/Adobe Systems Incorporated SIGNED)(2012-09-24 00:43:36)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{083684A2-47AB-4839-A3B3-8109F4266B29}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\dwLdPntScan.dll (dwLdPntScan/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{08A6AF6A-8FF2-4a3b-BECF-C2FAC8630BBF}@LocalizedString                                               C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{08A6AF6A-8FF2-4a3b-BECF-C2FAC8630BBF}\Elevation@IconReference                                       C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{08A6AF6A-8FF2-4a3b-BECF-C2FAC8630BBF}\InprocServer32@                                               C:\Program Files (x86)\iTunes\iTunesAdmin.dll (iTunes Administrative DLL/Apple Inc. SIGNED)(2013-05-31 15:56:00)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{093A149A-A5A5-4771-96CA-F4019BDA9533}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{09FA8089-EE3E-4362-B8C0-1B0F4FD0505D}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\LDVPDlgs.ocx (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{0A25C695-3765-4B37-9455-4B1C113C2C04}\InprocServer32@                                               C:\Program Files (x86)\iTunes\iTunesOutlookAddIn.dll (iTunes Outlook Add-in/Apple Inc. SIGNED)(2013-05-31 15:56:06)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\InProcServer32@                                               C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll (Mozilla Foundation SIGNED)(2013-07-03 15:56:51)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{0F0E0EE0-760F-11D2-8E55-72C9EE000000}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\nnewdefs.dll (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{10465E40-E8EC-4C58-B725-594524948D5A}\LocalServer32@                                                C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (ApplePhotoStreams.exe/Apple Inc. SIGNED)(2013-04-05 16:58:26)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{11B00F0C-AA5E-4B60-AC9A-BAB06FFFBF44}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{11E4D223-C650-43F9-AB90-AB3AE4FB38F0}\InProcServer32@                                               C:\Program Files (x86)\iTunes\iTunesAdmin.dll (iTunes Administrative DLL/Apple Inc. SIGNED)(2013-05-31 15:56:00)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{12BA069D-0FC6-4577-97C6-5DF634CE6E84}\InProcServer32@                                               C:\Program Files (x86)\Adobe\Reader 11.0\Reader\ViewerPS.dll(2012-09-24 00:43:36)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{12E6A993-AE52-4F99-8B89-41F985E6C952}\InprocServer32@                                               C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\OutlookChangeNotifierAddIn.dll (OutlookChangeNotifier/Apple Inc. SIGNED)(2012-12-06 17:53:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{13118913-3B01-4C63-8E07-250EDDB71A2A}\InProcServer32@                                               C:\PROGRA~2\Canon\EASY-P~2\CNEZIEPI.DLL (CANON iMAGE GATEWAY Album Plugin Utility Module for IJ (x86)/CANON INC. SIGNED)(2012-09-30 04:27:19)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{134659D0-FF30-11D3-8276-00104B7530E1}\InprocServer32@                                               C:\Program Files\OriginLab\Origin9\GSpcIOLib.dll (GRAMS SpcIO Library Module/Thermo Fisher Scientific Inc.)(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{1510187E-FE19-4F42-9C43-22C6E9E6AA67}\LocalServer32@                                                C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (iCloud/Apple Inc. SIGNED)(2013-04-05 16:59:08)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\InprocServer32@                                               C:\Windows\SysWow64\Adobe\Director\SwDir_1202122.dll (Shockwave ActiveX Control/Adobe Systems, Inc. SIGNED)(2013-04-03 14:22:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{173883C3-C6CF-4D17-9889-CDC51DCFF5E1}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ProtectionUtil.dll (Symantec Client Management Component/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{17DE501A-6AD7-488C-9045-29FACC2262EF}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Cliproxy.dll (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{17F2E344-8227-4AA7-A25A-E89424566BBA}\InProcServer32@                                               C:\Program Files (x86)\Adobe\Reader 11.0\Reader\pdfprevhndlr.dll (Adobe PDF Preview Handler/Adobe Systems, Inc. SIGNED)(2013-05-11 10:37:30)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{18676109-8C48-454F-9A81-20FFAF508C55}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\InprocServer32@                                               C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe PDF Helper for Internet Explorer/Adobe Systems Incorporated SIGNED)(2012-09-24 00:43:36)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{1C18B8DF-3092-496F-99BF-418C50CBE662}\InprocHandler32@                                              C:\Program Files (x86)\Google\Update\1.3.21.145\psmachine.dll (Google Update/Google Inc. SIGNED)(2013-05-27 21:42:16)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBDFE75-A07C-4E0B-B38B-527BFA12CF0C}\InProcServer32@                                               C:\Program Files (x86)\QuickTime\QTSystem\ExportControllerPS.dll (Export Controller PS/Apple Inc.)(2013-05-01 07:58:50)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{1F3CB77D-D339-49e0-B8E4-FECD6D6F8CB8}\LocalServer32@                                                C:\Windows\SysWOW64\Adobe\Shockwave 12\SwHelper_1202122.exe (Shockwave Helper/Adobe Systems, Inc. SIGNED)(2013-04-03 14:22:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{1FBEF3C8-45A0-42E0-8C68-681C4EB26DF7}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\LDVPDlgs.ocx (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{20ADDA11-8287-44D0-8C63-27CDA87ACC46}@LocalizedString                                               C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{20ADDA11-8287-44D0-8C63-27CDA87ACC46}\Elevation@IconReference                                       C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{20ADDA11-8287-44D0-8C63-27CDA87ACC46}\InprocServer32@                                               C:\Program Files (x86)\iTunes\iTunesAdmin.dll (iTunes Administrative DLL/Apple Inc. SIGNED)(2013-05-31 15:56:00)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32@                                               C:\Windows\SysWow64\Adobe\Director\SwDir_1202122.dll (Shockwave ActiveX Control/Adobe Systems, Inc. SIGNED)(2013-04-03 14:22:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{23ad9193-ebad-42bf-8d03-fec6331270f2}\LocalServer32@                                                C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (iCloud/Apple Inc. SIGNED)(2013-04-05 16:59:08)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{24BA3CAF-4BE8-4AEC-A7C8-6F47D5684602}\InprocServer32@                                               C:\Program Files (x86)\QuickTime\QTOControl.dll (QuickTime Control/Apple Inc. SIGNED)(2013-05-01 08:38:40)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{24CD4DE9-FF84-4701-9DC1-9B69E0D1090A}\InprocServer32@                                               C:\Windows\SysWOW64\dnssdX.dll (Bonjour COM Component Library/Apple Inc. SIGNED)(2011-08-31 03:05:04)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{24DA047B-40C0-4018-841B-6B7409F730FC}\InprocServer32@                                               C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll (PDF Browser Control/Adobe Systems, Inc. SIGNED)(2013-05-11 10:37:30)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{252F1961-A5A9-4877-A6B6-570F40C423E7}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\LocalServer32@                                                C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateOnDemand.exe (Google Update/Google Inc. SIGNED)(2013-05-27 21:42:20)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2692A9D5-61DF-46D5-A5A1-A6CCA921D578}\LocalServer32@                                                C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe (Apple Software Update/Apple Inc. SIGNED)(2011-06-01 21:57:16)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{26AFF61A-3282-4915-92C6-DCD3DB29BD5C}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\rtvscanPS.dll (RTVScanPS/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2707AAC6-C268-11D1-8263-00A0C95C0756}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\IMailUI.ocx (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{27A59F19-C5CC-4B51-A6CA-A1DEBF81F022}\InprocServer32@                                               C:\Program Files (x86)\QuickTime\QTUIPanelControl.dll (QuickTime UI Panel Control/Apple Inc. SIGNED)(2013-05-01 08:38:44)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{28310B1B-B757-4b87-9AFA-8E5FAF126156}\LocalServer32@                                                C:\Windows\SysWOW64\Adobe\Director\SwDnld.exe (Shockwave Download Module/Adobe Systems, Inc. SIGNED)(2013-04-03 14:22:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{28FE5CD9-272D-442D-BA16-822126FCBD00}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ProtectionUtil.dll (Symantec Client Management Component/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2DD14A18-B79A-4B31-9ABF-C2A4AC43E615}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2E76B2BF-C603-11D1-826C-00A0C95C0756}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\LDVPDlgs.ocx (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{30063361-BAE0-480A-BF2B-417D18530A0D}\InprocServer32@                                               C:\Program Files (x86)\QuickTime\QTOLibrary.dll (QuickTime Library/Apple Inc. SIGNED)(2013-05-01 08:38:40)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{314F8196-D31F-456B-BAA6-0A87FEEC20E4}\LocalServer32@                                                C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\AVHostPlugin.dll (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:50)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{32310970-A8D4-43BF-8DAD-3C4A97980EA6}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{327C5962-08E2-4EC6-A21A-340838D6EDB5}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\LDVPDlgs.ocx (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{3377DECF-D6DA-4208-93B4-64AB8A7DA1D9}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{33A86FA9-EBB6-449A-81A2-2BC3B2527A49}\LocalServer32@                                                C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel® Integrated Clock Controller Service - Intel® ICCS/Intel Corporation SIGNED)(2013-02-22 02:01:21)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{3839D6F2-9AC5-4F95-9A47-504FB453ACBD}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SavMainUI.dll (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{3C5E2B20-B911-44E2-A2DD-9F05E7B5E775}\LocalServer32@                                                C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (ApplePhotoStreams.exe/Apple Inc. SIGNED)(2013-04-05 16:58:26)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{3D1DB853-D632-429A-8A1F-3EC2D2FF1F32}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{3DA06333-6CF3-499D-83AE-804CB32863AA}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ProtectionUtil.dll (Symantec Client Management Component/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{4063BE15-3B08-470D-A0D5-B37161CFFD69}\InprocServer32@                                               C:\Program Files (x86)\QuickTime\QTPlugin.ocx (The QuickTime Control allows you to view a wide variety of multimedia content in web pages./Apple Inc. SIGNED)(2013-05-01 08:44:26)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{40C57BF5-CA86-11D1-B782-00A0C99C7131}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\LDVPDlgs.ocx (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{4128E694-4BB9-11D1-8190-00A0C95C0756}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\LDVPCtls.ocx (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{4237CCC2-8E04-4D14-B470-7E04631CDF05}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{425DC6B2-28B6-41D2-AE94-0CE5E1CE7D9F}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\HPPProtectionProviderUI.dll (Heuristic Process Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{43943CCA-883C-11D1-83A4-00A0C9749EEF}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\webshell.dll (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{4572031A-44ED-411B-9254-76449055D796}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SavMainUI.dll (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{45E5CE07-5AC7-4509-94E9-62DB27CF8F96}\InprocServer32@                                               C:\Program Files (x86)\Intel\Media SDK\mfx_mft_h264vd_w7_32.dll (Intel® Hardware H.264 Decoder MFT/Intel Corporation)(2013-02-22 02:00:58)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{47CB7106-E15C-4c06-B5E8-5849936F2E3B}\InprocServer32@                                               C:\PROGRA~2\Canon\EASY-P~2\CNEZIEPI.DLL (CANON iMAGE GATEWAY Album Plugin Utility Module for IJ (x86)/CANON INC. SIGNED)(2012-09-30 04:27:19)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{4A2B5517-C2B7-48F7-AA3B-D792095EE9C5}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{4B37F436-A1C7-43D6-8B48-2578BFB82F9C}\LocalServer32@                                                C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\smcgui.exe (Symantec CMC SmcGui/Symantec Corporation SIGNED)(2012-11-03 11:22:58)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{4BE8D3C0-0515-4A37-AD55-E4BAE19AF471}\InprocServer32@                                               C:\Program Files (x86)\Intel\Media SDK\mfx_mft_h264ve_w7_32.dll (Intel® Quick Sync Video H.264 Encoder MFT/Intel Corporation)(2013-02-22 02:00:58)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{4CFB5280-800B-4367-848F-5A13EBF27F1D}\InprocServer32@                                               C:\Program Files (x86)\Common Files\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.DLL (Microsoft Office Translation Dictionaries/Microsoft Corporation)(2000-10-10 08:23:20)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{4DB2E429-B905-479A-9EFF-F7CBD9FD52DE}\InprocServer32@                                               C:\Windows\SysWow64\Adobe\Director\SwDir_1202122.dll (Shockwave ActiveX Control/Adobe Systems, Inc. SIGNED)(2013-04-03 14:22:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{4DEF8DD1-C4D1-11D1-82DA-00A0C9749EEF}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\scandlgs.dll (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{4EE3EAB1-9360-4EEB-A5D1-E02546FCF50C}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{501F9014-F64A-49AD-A36D-CB8F722D3739}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ProtectionProviderPS.dll (ProtectionProvider/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{536604C2-B82E-11D1-8252-00A0C95C0756}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ldvpui.ocx (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{53ABA835-3A9B-4492-B266-65BA25E7E06D}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{57B83450-FD6E-4A1E-8B53-1320576F8054}\InprocServer32@                                               C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreamingIePlugin.dll (NVIDIA 3D Vision Streaming IE plugin/NVIDIA Corporation)(2012-10-02 21:24:32)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{57BAFF80-7818-4874-9D14-0AEC89E8E713}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ProtectionUtil.dll (Symantec Client Management Component/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{592DC44C-4977-11D1-818D-00A0C95C0756}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\LDVPCtls.ocx (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}@LocalizedString                                               C:\Program Files (x86)\Google\Update\1.3.21.145\goopdate.dll (Google Update/Google Inc. SIGNED)(2013-05-27 21:42:06)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\LocalServer32@                                                C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateOnDemand.exe (Google Update/Google Inc. SIGNED)(2013-05-27 21:42:20)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{59af7cd1-d95a-4981-8e9d-08183ad20939}\InprocServer32@                                               C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices_main.dll (iCloud Services/Apple Inc. SIGNED)(2013-04-05 16:59:08)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{5AAABB05-F91B-4bce-AB18-D8319DEDABA8}\InprocServer32@                                               C:\Program Files (x86)\Adobe\Reader 11.0\Reader\adoberfp.dll (Adobe Reader File Preview/Adobe Systems, Inc. SIGNED)(2013-05-11 10:37:32)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{5BB2200E-5672-4A32-902A-5A98DB1C58DC}\InprocServer32@                                               C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll (PDF Browser Control/Adobe Systems, Inc. SIGNED)(2013-05-11 10:37:30)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32@                                                C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\delegate_execute.exe (Google Chrome/Google Inc. SIGNED)(2013-06-27 08:30:24)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{5CEC0E13-CF22-414C-8D67-D44B06420FC1}\LocalServer32@                                                C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\AVHostPlugin.dll (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:50)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{5E628A96-1BE5-42FE-9117-EDAD9A9C479C}\InProcServer32@                                               C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll (PDF Shell Extension/Adobe Systems, Inc. SIGNED)(2013-05-11 10:37:28)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{5E93C5A9-7516-4259-A67B-41A656F6E01C}\InprocServer32@                                               C:\Windows\SysWOW64\dnssdX.dll (Bonjour COM Component Library/Apple Inc. SIGNED)(2011-08-31 03:05:04)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{60EB3672-E108-48E5-8F14-9E3DC7D618E0}\InprocServer32@                                               C:\Program Files (x86)\QuickTime\QTOLibrary.dll (QuickTime Library/Apple Inc. SIGNED)(2013-05-01 08:38:40)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{61861E17-973D-4257-845B-1D155CB4B547}\InprocServer32@                                               C:\Program Files\OriginLab\Origin9\OSoap.dll (TODO: <File description>/TODO: <Company name>)(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{61F6D8A0-2863-11D0-BBB6-00409512C43D}\LocalServer32@                                                C:\PROGRA~1\ORIGIN~1\Origin9\Origin9.exe (Origin 9.0/OriginLab Corporation SIGNED)(2013-02-22 22:05:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{62A560B8-09DB-4cc6-AE1B-9D8F7ADDB8F3}@LocalizedString                                               C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{62A560B8-09DB-4cc6-AE1B-9D8F7ADDB8F3}\Elevation@IconReference                                       C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{62A560B8-09DB-4cc6-AE1B-9D8F7ADDB8F3}\InprocServer32@                                               C:\Program Files (x86)\iTunes\iTunesAdmin.dll (iTunes Administrative DLL/Apple Inc. SIGNED)(2013-05-31 15:56:00)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{62C95F44-F1B4-4460-A190-E0402B887BFF}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ProtectionUtil.dll (Symantec Client Management Component/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{6318E0AB-2E93-11D1-B8ED-00608CC9A71F}\InprocServer32@                                               C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc VoilaX Control/Belarc, Inc. SIGNED)(2012-08-12 01:57:59)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{63530157-314D-473F-BB48-9B1B18908300}\InProcServer32@                                               C:\Program Files (x86)\iTunes\iTunesOutlookAddIn.dll (iTunes Outlook Add-in/Apple Inc. SIGNED)(2013-05-31 15:56:06)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{661CE64B-B9C4-40A0-A935-8A7A512CC794}\LocalServer32@                                                C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\PatchWrap.exe (Symantec CMC PatchWrap/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{671B6145-4169-4ADD-9AF3-E6990EB2B325}\InProcServer32@                                               C:\Program Files (x86)\Adobe\Reader 11.0\Reader\adoberfp.dll (Adobe Reader File Preview/Adobe Systems, Inc. SIGNED)(2013-05-11 10:37:32)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{6812639B-FD61-4329-9901-22CFDBD690FE}\LocalServer32@                                                C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Push/Apple Inc. SIGNED)(2013-04-22 01:43:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{69FD81FE-D03D-4033-89D2-12C68CB5C644}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{6C2589C3-96F8-4863-A511-9C33EB2C7E2A}@LocalizedString                                               C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{6C2589C3-96F8-4863-A511-9C33EB2C7E2A}\Elevation@IconReference                                       C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{6C2589C3-96F8-4863-A511-9C33EB2C7E2A}\InprocServer32@                                               C:\Program Files (x86)\iTunes\iTunesAdmin.dll (iTunes Administrative DLL/Apple Inc. SIGNED)(2013-05-31 15:56:00)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{6C393196-AEEB-4CB0-8F8E-72EFC4C2C1CA}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ProtectionUtil.dll (Symantec Client Management Component/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\bin\IPS\IPSBHO.DLL (IPS Browser Helper DLL/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{6F129A02-26F1-4AFB-80C4-8D0073EA2679}\LocalServer32@                                                C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SavUI.exe (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}@LocalizedString                                               C:\Program Files (x86)\Google\Update\1.3.21.145\goopdate.dll (Google Update/Google Inc. SIGNED)(2013-05-27 21:42:06)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalServer32@                                                C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateBroker.exe (Google Update/Google Inc. SIGNED)(2013-05-27 21:42:20)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{71A1A612-F7B4-4092-8E0F-C79C8FB0391D}@LocalizedString                                               C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{71A1A612-F7B4-4092-8E0F-C79C8FB0391D}\Elevation@IconReference                                       C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{71A1A612-F7B4-4092-8E0F-C79C8FB0391D}\InprocServer32@                                               C:\Program Files (x86)\iTunes\iTunesAdmin.dll (iTunes Administrative DLL/Apple Inc. SIGNED)(2013-05-31 15:56:00)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32@                                               C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll (Subclassing and Timer Assistant, modified for configurable message response, multi control support and bug fixed for timer errors./vbAccelerator SIGNED)(2013-07-23 02:38:05)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{72278E83-B0EF-4E49-9E10-6947602C1030}\LocalServer32@                                                C:\Program Files (x86)\QuickTime\QTSystem\ExportController.exe (Export Controller/Apple Inc. SIGNED)(2013-05-01 07:58:50)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{72864BE2-6234-45AA-952D-00C10C34BEEE}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\LDVPDlgs.ocx (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{72E2440E-EBEA-49E6-A185-1BE03F723E28}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\IMailUI.ocx (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}@LocalizedString                                               C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe (Adobe® Flash® Player Installer/Uninstaller 11.8 r800/Adobe Systems Incorporated SIGNED)(2013-07-23 02:10:38)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{74F8002D-2DF2-479E-80B9-AF7AC93DF4A7}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ProtectionUtil.dll (Symantec Client Management Component/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\InprocServer32@                                               C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX (Eset OnlineScanner ActiveX Control/ESET SIGNED)(2013-07-23 01:05:30)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{76FB55BD-212D-4414-AE97-96863DDD9BCB}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{77CDEA45-1820-49b8-8FE2-DF8215F26814}\InprocServer32@                                               C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEBookmarkMMProvider.dll (iCloud service provider for the bookmark sync subsystem with Internet Explorer./Apple Inc. SIGNED)(2013-04-05 16:58:14)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{78E954A5-5E1C-43A4-A16A-E3E507E747BE}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{7B33B0B5-F719-4B0B-B48A-0B8F20CA08A5}\LocalServer32@                                                C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Intel® Integrated Clock Controller Service - Intel® ICCS/Intel Corporation SIGNED)(2013-02-22 02:01:21)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{7CAB7C36-4989-445D-9D74-DFF79A3C85FA}\LocalServer32@                                                C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (QuickTime Player/Apple Inc. SIGNED)(2013-05-01 08:44:26)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\LocalServer32@                                                C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateBroker.exe (Google Update/Google Inc. SIGNED)(2013-05-27 21:42:20)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{7F365837-F578-11D1-B7B2-00A0C99C7131}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\LDVPDlgs.ocx (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{7FBB7DCB-FF3D-467E-8962-7F1F58DE5B50}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ProtectionUtil.dll (Symantec Client Management Component/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{7FD72324-63E1-45AD-B337-4D525BD98DAD}\InprocServer32@                                               C:\Windows\SysWOW64\dnssdX.dll (Bonjour COM Component Library/Apple Inc. SIGNED)(2011-08-31 03:05:04)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{80570409-86F1-4482-B89F-43A925962874}\InprocServer32@                                               C:\PROGRA~2\MICROS~1\OFFICE14\PROOF\1033\MSGR3EN.DLL (Microsoft English Natural Language Server/Microsoft Corporation)(2011-09-13 10:42:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{80EE9910-D470-4AED-AC5D-987046FDB574}\LocalServer32@                                                C:\PROGRA~2\iTunes\ITUNES~1.EXE (iTunesHelper/Apple Inc. SIGNED)(2013-05-31 15:56:02)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{815031F4-05E5-4269-830C-FD3C0EA9BA58}\InprocServer32@                                               C:\Program Files (x86)\QuickTime\QTOLibrary.dll (QuickTime Library/Apple Inc. SIGNED)(2013-05-01 08:38:40)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{8215BA54-B69F-4275-AE11-31CB63593B09}\InProcServer32@                                               C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRdIF.dll (PDF IFilter/Adobe Systems, Inc. SIGNED)(2012-09-24 00:43:42)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{8379195D-5576-44D6-966D-57674FF15014}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{84AC6BE7-8CF2-4E67-A80E-32ACD3D7C381}\LocalServer32@                                                C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SavUI.exe (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{870B678D-913A-4ABC-81FC-9F380BB4B24D}\InprocServer32@                                               C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVisionIePlugin.dll (NVIDIA 3D Vision IE plugin/NVIDIA Corporation)(2012-10-02 21:25:46)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{88F48C4A-46DF-4236-A838-364BF1B3FD1E}\InProcServer32@                                               C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll (Apple Software Update/Apple Inc. SIGNED)(2011-06-01 21:57:16)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{88F5E7B2-09B9-471e-895A-25247585905C}\LocalServer32@                                                C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe (NVIDIA Update COM object/NVIDIA Corporation SIGNED)(2013-04-20 16:59:02)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{89D984B3-813B-406A-8298-118AFA3A22AE}\InprocServer32@                                               C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreams.dll (ShellStreams.dll/Apple Inc. SIGNED)(2013-04-05 16:58:26)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}@LocalizedString                                               C:\Program Files (x86)\Google\Update\1.3.21.145\goopdate.dll (Google Update/Google Inc. SIGNED)(2013-05-27 21:42:06)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LocalServer32@                                                C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateBroker.exe (Google Update/Google Inc. SIGNED)(2013-05-27 21:42:20)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{8F3E5A2D-1B0C-4E19-9053-12E8AB5D61B8}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{8F6F6788-4009-11D1-8184-00A0C95C0756}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\LDVPCtls.ocx (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{91581CB1-0E7B-11D1-9D93-00A0C95C1762}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\webshell.dll (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{91A9E6A9-3935-4A37-AFBA-F0904B166364}@LocalizedString                                               C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll (Apple Software Update/Apple Inc. SIGNED)(2011-06-01 21:57:16)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{921BD9FB-4963-11D1-818D-00A0C95C0756}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\LDVPCtls.ocx (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{94A95A15-EA82-46F5-B5BF-1176F6D77DF7}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\LDVPDlgs.ocx (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{94BFEEF1-3EAD-41E2-86FC-E1502DB9CB06}\LocalServer32@                                                C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\AVHostPlugin.dll (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:50)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{972046EA-7308-4F14-A7CD-ACA93201FEDA}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{98694799-6891-4FD7-A91D-FB43B78AEC8C}\LocalServer32@                                                C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\AVHostPlugin.dll (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:50)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}\LocalServer32@                                                C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32Info.exe (Adobe Reader /Adobe Systems Incorporated SIGNED)(2012-09-24 00:43:40)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{9A4A52A6-7B83-403D-A6C9-1C8A492687CD}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SavMainUI.dll (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}@LocalizedString                                               C:\Program Files (x86)\Google\Update\1.3.21.145\goopdate.dll (Google Update/Google Inc. SIGNED)(2013-05-27 21:42:06)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\LocalServer32@                                                C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateOnDemand.exe (Google Update/Google Inc. SIGNED)(2013-05-27 21:42:20)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{9CA79CB9-DA54-45EB-B00E-061BF44633CE}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32@                                               C:\Program Files (x86)\Google\Update\1.3.21.145\psmachine.dll (Google Update/Google Inc. SIGNED)(2013-05-27 21:42:16)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{9e6e74c7-0e85-4d14-8851-7635e2c1c528}\LocalServer32@                                                C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (iCloud/Apple Inc. SIGNED)(2013-04-05 16:59:08)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A08A033D-1A75-4AB6-A166-EAD02F547959}\InprocServer32@                                               C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\OTKLOADR.DLL (Assembly loader/Microsoft Corporation)(2005-03-18 15:47:14)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A1987DB8-9F0D-47D1-80C9-DFCE76260841}\LocalServer32@                                                C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SavUI.exe (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A2BC44E5-2FC2-4A02-9974-8ACE0DACFD5D}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A302D4CF-8AAD-4B44-ADDE-7D1630CF6C37}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ProtectionUtil.dll (Symantec Client Management Component/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A463EAD9-6746-40AD-BB1D-618449DA8D9E}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A5C06558-65A3-472D-A950-B5E3324A85C7}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ProtectionUtil.dll (Symantec Client Management Component/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A6C538C6-4A26-4839-B0D2-BF0406A4B299}\InprocServer32@                                               C:\Program Files (x86)\QuickTime\QTOControl.dll (QuickTime Control/Apple Inc. SIGNED)(2013-05-01 08:38:40)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A80E0FBA-4FDE-48F0-92F3-926B8EF0439F}\InprocServer32@                                               C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsPS.dll (ApplePhotoStreamsPS.dll/Apple Inc. SIGNED)(2013-04-05 16:58:26)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A882BDEE-BD01-4B16-9EAF-04B74A43DF7C}\InprocServer32@                                               C:\Program Files (x86)\QuickTime\QTOLibrary.dll (QuickTime Library/Apple Inc. SIGNED)(2013-05-01 08:38:40)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{AA14C3C9-51AB-4A4E-B4CC-747FDE7BDA4C}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\LocalServer32@                                                C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateBroker.exe (Google Update/Google Inc. SIGNED)(2013-05-27 21:42:20)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{AB08D3A3-260C-4CAB-BC71-8784DF963C8F}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SavMainUI.dll (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{AB124073-6726-461F-B219-BBD3E6DE19E1}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ProtectionUtil.dll (Symantec Client Management Component/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{AB949AC1-EC97-11D9-9E2B-004005A9ABD2}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\tx4ole12.ocx (TX TextControl Custom OLE Control/The Imaging Source Europe GmbH)(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{ABBAB8BD-E4F1-11D1-A42C-00A0C9A243C6}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\LDVPDlgs.ocx (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalServer32@                                                C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateOnDemand.exe (Google Update/Google Inc. SIGNED)(2013-05-27 21:42:20)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{AC0A837D-9BE0-49A4-9495-582AFB88A673}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ProtectionUtil.dll (Symantec Client Management Component/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{AE78D5A2-46A3-43BB-A166-1B0018F0F21B}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SavMainUI.dll (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{AEF1A62D-7C44-4985-9388-E9EE70F6CCFE}\LocalServer32@                                                C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\AVHostPlugin.dll (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:50)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{AFBBB9C6-8A99-11D1-8892-0080C75FFCC4}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\LDDateTm.ocx (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{AFEE063C-05BA-4248-A26E-168477F49734}\InprocServer32@                                               C:\Windows\SysWOW64\dnssdX.dll (Bonjour COM Component Library/Apple Inc. SIGNED)(2011-08-31 03:05:04)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B1E8CB59-77C3-4A8D-9B0D-73A1F71C71A8}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ProtectionUtil.dll (Symantec Client Management Component/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B21B462C-B152-4DDE-924C-2893ECF674A9}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}@LocalizedString                                               C:\Program Files (x86)\Google\Update\1.3.21.145\goopdate.dll (Google Update/Google Inc. SIGNED)(2013-05-27 21:42:06)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\LocalServer32@                                                C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateOnDemand.exe (Google Update/Google Inc. SIGNED)(2013-05-27 21:42:20)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\LocalServer32@                                                C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Reader /Adobe Systems Incorporated SIGNED)(2013-05-11 10:37:30)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B8905319-A7C2-494e-981E-134B0C1367C2}\InprocServer32@                                               C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleSafariBookmarkMMProvider.dll (iCloud service provider for the bookmark sync subsystem with Safari./Apple Inc. SIGNED)(2013-04-05 16:58:14)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B8DF592B-DE05-49f5-BB21-084F548F12A9}@LocalizedString                                               C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B8DF592B-DE05-49f5-BB21-084F548F12A9}\Elevation@IconReference                                       C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B8DF592B-DE05-49f5-BB21-084F548F12A9}\InprocServer32@                                               C:\Program Files (x86)\iTunes\iTunesAdmin.dll (iTunes Administrative DLL/Apple Inc. SIGNED)(2013-05-31 15:56:00)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B91B0CAE-D866-11D1-B78C-00A0C99C7131}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\LDVPCtls.ocx (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{BB46F03E-7CD2-489F-8F95-BB950F395FDB}@LocalizedString                                               C:\Program Files (x86)\Apple Software Update\SoftwareUpdateAdmin.dll (Apple Software Update/Apple Inc. SIGNED)(2011-06-01 21:57:16)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{BC66531F-3136-46B0-9FEA-AC2AB3B7CF66}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ProtectionUtil.dll (Symantec Client Management Component/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{BD57A9B2-4E7D-4892-9107-9F4106472DA4}\LocalServer32@                                                C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroBroker.exe (Adobe PDF Broker Process for Internet Explorer/Adobe Systems Incorporated SIGNED)(2013-05-11 10:37:28)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{BDE0D630-7801-47cd-984E-1F0AFBC5ACBF}\InprocServer32@                                               C:\Program Files (x86)\Adobe\Reader 11.0\Reader\adoberfp.dll (Adobe Reader File Preview/Adobe Systems, Inc. SIGNED)(2013-05-11 10:37:32)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{BE70B0B7-25AF-46E2-AF30-ED4EBBC1F149}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\LDVPDlgs.ocx (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{BEE62D80-4A07-11D1-818E-00A0C95C0756}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\LDVPCtls.ocx (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{BEEB932A-8D4A-4619-AEFE-A836F988B221}\InprocServer32@                                               C:\Windows\SysWOW64\dnssdX.dll (Bonjour COM Component Library/Apple Inc. SIGNED)(2011-08-31 03:05:04)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{C05C035C-9C26-4F1E-B8BB-13F847313208}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\PatchWrapPS.dll (Symantec CMC PatchWrapPS/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{C0C14422-4924-41B9-971A-030CB1119C3B}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ProtectionUtil.dll (Symantec Client Management Component/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{c1da7e1f-279b-4acd-9196-fc6ef7eb8e9e}\LocalServer32@                                                C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (iCloud/Apple Inc. SIGNED)(2013-04-05 16:59:08)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32@                                               C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Update/Google Inc. SIGNED)(2013-05-27 21:42:18)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{C4C9F1E5-2E72-4B58-BA61-6D63730FB7C8}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\InprocServer32@                                               C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\Accessibility.api (Adobe Acrobat Accessibility Plug-in/Adobe Systems Incorporated)(2013-05-11 10:37:30)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\InprocServer32@                                               C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx (vbAccelerator VB6 SGrid Control 2.0/vbAccelerator SIGNED)(2013-07-23 02:38:05)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{C69EBBD4-3B66-4BF6-BE1B-E2B44C5154B2}\InprocServer32@                                               C:\Program Files (x86)\QuickTime\QTOLibrary.dll (QuickTime Library/Apple Inc. SIGNED)(2013-05-01 08:38:40)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{C7BF1776-BA68-4804-8153-6ECE1F9F12E6}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{C859248A-513E-11D1-8194-00A0C95C0756}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\LDVPCtls.ocx (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{C904B403-EA5E-48AB-99B6-F5A6EAD6D908}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SavMainUI.dll (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{CA8A9780-280D-11CF-A24D-444553540000}\InprocServer32@                                               C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll (PDF Browser Control/Adobe Systems, Inc. SIGNED)(2013-05-11 10:37:30)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA}\InProcServer32@                                               C:\Windows\SysWOW64\deployJava1.dll (Java™ Platform SE binary/Oracle Corporation SIGNED)(2012-08-20 09:09:31)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{CB927D12-4FF7-4A9E-A169-56E4B8A75598}\InprocServer32@                                               C:\Program Files (x86)\QuickTime\QTPlugin.ocx (The QuickTime Control allows you to view a wide variety of multimedia content in web pages./Apple Inc. SIGNED)(2013-05-01 08:44:26)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{CCD1C6CC-DCA5-448E-8C35-3BA8C6FBF99D}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ProtectionUtil.dll (Symantec Client Management Component/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{CD5BA7FF-9071-40E9-A462-8DC5152B1776}\InprocServer32@                                               C:\Program Files (x86)\Intel\Media SDK\mfx_mft_mp2vd_w7_32.dll (Intel® Hardware MPEG-2 Decoder MFT/Intel Corporation)(2013-02-22 02:00:58)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{CED1DFB3-4A7D-463F-985C-DBF75C52680B}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SavMainUI.dll (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{CF331D98-63AF-4EFB-B406-E35027E9AB4B}\InProcServer32@                                               C:\Program Files (x86)\Google\Update\1.3.21.145\psmachine.dll (Google Update/Google Inc. SIGNED)(2013-05-27 21:42:16)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D21ED08F-6B88-45EC-A71C-6BD453B561D0}\LocalServer32@                                                C:\Windows\SysWOW64\Adobe\Director\SwDnld.exe (Shockwave Download Module/Adobe Systems, Inc. SIGNED)(2013-04-03 14:22:12)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32@                                               C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_8_800_94.ocx (Adobe Flash Player 11.8 r800/Adobe Systems, Inc. SIGNED)(2013-07-23 02:10:38)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D38406DA-E8AA-484b-B80D-3D3DBDCC2FB2}\LocalServer32@                                                C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32Info.exe (Adobe Reader /Adobe Systems Incorporated SIGNED)(2012-09-24 00:43:40)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D3B6E71D-AA52-47C5-96BE-0111FD0F9863}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D4268CC3-BE07-4B6F-8364-B853D09FF3BD}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ProtectionUtil.dll (Symantec Client Management Component/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D480B400-F29B-477E-B6F7-1604AA4440A4}\LocalServer32@                                                C:\Program Files\OriginLab\Origin9\ORGABFFIO.EXE (ORGABFFIO/TODO: <Company name>)(2013-02-22 22:10:38)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D719897A-B07A-4C0C-AEA9-9B663A28DFCB}\InprocServer32@                                               C:\Program Files (x86)\iTunes\ITDetector.ocx (ITDetector Module/Apple Inc. SIGNED)(2013-04-08 07:31:30)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D83B4606-0F74-49BE-8DD3-34A6BA5B3ED2}\InprocServer32@                                               C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreams.dll (ShellStreams.dll/Apple Inc. SIGNED)(2013-04-05 16:58:26)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D97F7D8D-7610-4271-82C8-61A91BD796D1}\LocalServer32@                                                C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (QuickTime Player/Apple Inc. SIGNED)(2013-05-01 08:44:26)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D9E26AF9-BD98-4C74-8D51-CDF54D1A9549}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{D9E904CA-8865-42E7-B0F0-B7B8C4D54D70}\LocalServer32@                                                C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Push/Apple Inc. SIGNED)(2013-04-22 01:43:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{DB4E1AE5-5FE6-4520-9275-DF556F1DDA6D}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{DC0C2640-1415-4644-875C-6F4D769839BA}\LocalServer32@                                                C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}@DisplayName                                                   C:\Program Files (x86)\Adobe\Reader 11.0\Reader\pdfprevhndlr.dll (Adobe PDF Preview Handler/Adobe Systems, Inc. SIGNED)(2013-05-11 10:37:30)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{dd000cbd-67a6-423f-9132-1a2d0f76ead5}\LocalServer32@                                                C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (iCloud/Apple Inc. SIGNED)(2013-04-05 16:59:08)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{DD17AE66-7570-4CDA-BAEA-A29DB09C52D0}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21}\InprocServer32@                                               C:\Program Files (x86)\QuickTime\QTSystem\QuickTimeCheck.ocx (QuickTimeCheck Scriptable Object/Apple Inc. SIGNED)(2013-05-01 08:44:26)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{DEB07E48-ABCF-48AA-9B43-97E45D338C50}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SavMainUI.dll (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{DF4A9102-91F8-477B-8A76-7B8099403C1F}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E17664B2-DFBE-4654-8E40-672EC40C0276}\LocalServer32@                                                C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SmcGui.exe (Symantec CMC SmcGui/Symantec Corporation SIGNED)(2012-11-03 11:22:58)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E25C22E6-78BD-45F9-88D2-6DF7A580E400}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SavMainUI.dll (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E381F1C0-910E-11D1-AB1E-00A0C90F8F6F}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Cliproxy.dll (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E59CB7FB-1C4E-4733-BBBD-29F3D366BAFD}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\HPPProtectionProviderUI.dll (Heuristic Process Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E7329452-FE39-4129-AB0F-5F8FD0AC628C}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SavMainUI.dll (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E8978DA6-047F-4E3D-9C78-CDBE46041603}\InprocServer32@                                               C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRdIF.dll (PDF IFilter/Adobe Systems, Inc. SIGNED)(2012-09-24 00:43:42)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E99BD5E1-FD77-4142-94DC-2BA6057951B3}\LocalServer32@                                                C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\AVHostPlugin.dll (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:50)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E9D58BF1-0070-4fcd-B722-A0EE5A3ABCD6}@LocalizedString                                               C:\Program Files (x86)\iTunes\iTunes.Resources\iTunesRegistry.dll (iTunes Resource Module/Apple Inc. SIGNED)(2013-05-31 16:39:38)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E9D58BF1-0070-4fcd-B722-A0EE5A3ABCD6}\Elevation@IconReference                                       C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E9D58BF1-0070-4fcd-B722-A0EE5A3ABCD6}\InprocServer32@                                               C:\Program Files (x86)\iTunes\iTunesAdmin.dll (iTunes Administrative DLL/Apple Inc. SIGNED)(2013-05-31 15:56:00)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E9D95EA4-23E4-4625-BBB9-428D9882CF4C}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{EA284C4A-3F5C-4FD3-8D2F-1CEADDB1D5FC}\LocalServer32@                                                C:\Program Files\OriginLab\Origin9\ORGABFFIO.EXE (ORGABFFIO/TODO: <Company name>)(2013-02-22 22:10:38)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{EE5A151A-AD2A-4CEE-AD65-228B59F5B4AD}\InProcServer32@                                               C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll (PDF Browser Control/Adobe Systems, Inc. SIGNED)(2013-05-11 10:37:30)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{EE68EAFC-BF28-4017-8A92-D17DACF0B459}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ProtectionUtil.dll (Symantec Client Management Component/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{EE69B504-1CBF-4EA6-8137-BB10F806B014}\InprocServer32@                                               C:\Program Files (x86)\Intel\Media SDK\mfx_mft_vpp_w7_32.dll (Intel® Hardware Preprocessing MFT/Intel Corporation)(2013-02-22 02:00:58)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{EEA35A9D-40A2-4E3D-898F-053DEEAEC2C5}\InprocServer32@                                               C:\PROGRA~2\Canon\EASY-P~2\CNEZSHLL.DLL(2012-09-30 04:27:14)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F0D63F85-37EC-4097-B30D-61B4A8917118}\InprocServer32@                                               C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreams.dll (ShellStreams.dll/Apple Inc. SIGNED)(2013-04-05 16:58:26)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F20393E2-7481-49A3-8543-0268AA252EA8}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ProtectionUtil.dll (Symantec Client Management Component/Symantec Corporation SIGNED)(2012-11-03 11:22:54)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F32F2026-8607-11D1-8892-0080C75FFCC4}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\LDDateTm.ocx (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F35D1C89-6424-4CAE-BCCB-DE951C0D33EC}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F4817E4B-04B6-11D3-8862-00C04F72F303}\InProcServer32@                                               C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\objectps.dll (InstallShield ® ObjectPS DLL/Macrovision Corporation)(2012-09-18 18:39:29)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F7747266-777D-4F61-A175-DD5ADF1E37DF}\InprocServer32@                                               C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll (NVIDIA 3D Vision plugin/NVIDIA Corporation)(2012-10-02 21:25:14)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F7C2D252-DAF8-4618-8D7A-009FBB68BECE}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F7C41927-9415-4121-95D0-CBCC2202DA82}\LocalServer32@                                                C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (QuickTime Player/Apple Inc. SIGNED)(2013-05-01 08:44:26)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627}\InprocServer32@                                               C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc. SIGNED)(2013-05-11 10:37:28)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FC6A9089-3BC9-4413-8099-9CD928A46DB3}\InprocServer32@                                               C:\PROGRA~1\ORIGIN~1\Origin9\ACTIVE~1.OCX(2013-02-22 22:05:55)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FC894628-B91D-11D1-8254-00A0C95C0756}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\LDVPCtls.ocx (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FD49B8C4-41FE-498D-95A0-BD12BADE43A9}\InprocServer32@                                               C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\LDVPDlgs.ocx (Symantec Endpoint Protection/Symantec Corporation SIGNED)(2012-11-03 11:22:52)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FDA6EEC2-325B-4E8A-A8C7-1C75DFBE72D5}\InProcServer32@                                               C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe PDF Helper for Internet Explorer/Adobe Systems Incorporated SIGNED)(2012-09-24 00:43:36)
Reg       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{fdd068c2-d51a-4175-8a20-5cbc704ea3bd}\LocalServer32@                                                C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Push/Apple Inc. SIGNED)(2013-04-22 01:43:52)
Reg       HKCU\Software\Microsoft\Installer\Products\711E928B270DAE14696089623AD8431C@ProductIcon                                                      C:\Users\el guapo y el fuerte\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe (InstallShield/Macrovision Corporation)(2013-05-27 21:34:10)
Reg       HKCU\Software\Microsoft\IntelliPoint\AppSpecific\CNSEMAIN.EXE@Path                                                                           C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (Canon Solution Menu EX/CANON INC. SIGNED)(2012-09-30 04:28:14)
Reg       HKCU\Software\Microsoft\IntelliPoint\AppSpecific\iFrmewrk.exe@Path                                                                           C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® PROSet/Wireless Framework/Intel® Corporation SIGNED)(2011-07-28 00:51:58)
Reg       HKCU\Software\Microsoft\IntelliPoint\AppSpecific\iTunes.exe@Path                                                                             C:\Program Files (x86)\iTunes\iTunes.exe (iTunes/Apple Inc. SIGNED)(2013-05-31 15:55:58)
Reg       HKCU\Software\Microsoft\IntelliPoint\AppSpecific\iTunesHelper.exe@Path                                                                       C:\Program Files (x86)\iTunes\iTunesHelper.exe (iTunesHelper/Apple Inc. SIGNED)(2013-05-31 15:56:02)
Reg       HKCU\Software\Microsoft\IntelliPoint\AppSpecific\mpnex50.exe@Path                                                                            C:\Program Files (x86)\Canon\MP Navigator EX 5.0\mpnex50.exe (Canon MP Navigator EX/CANON INC. SIGNED)(2012-09-30 04:26:23)
Reg       HKCU\Software\Microsoft\IntelliPoint\AppSpecific\PictureViewer.exe@Path                                                                      C:\Program Files (x86)\QuickTime\PictureViewer.exe (PictureViewer/Apple Inc.)(2013-05-01 07:58:48)
Reg       HKCU\Software\Microsoft\IntelliPoint\AppSpecific\QuickTimePlayer.exe@Path                                                                    C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (QuickTime Player/Apple Inc. SIGNED)(2013-05-01 08:44:26)
Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\Origin9.exe@                                                                        C:\Program Files\OriginLab\Origin9\Origin9.exe (Origin 9.0/OriginLab Corporation SIGNED)(2013-02-22 22:05:54)
Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices\WpdDeviceHandler_USB#VID_05AC&PID_1294&MI_00#0@Icon    C:\Windows\system32\usbaaplrc.dll (Apple Mobile Device USB Driver Resource DLL/Apple, Inc. SIGNED)(2012-09-28 15:32:56)
Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPG\OpenWithList@i                                                         C:\Users\el guapo y el fuerte\Desktop\ORIGIN~1.EXE (InstallScript Setup Launcher/OriginLab SIGNED)(2013-02-22 21:58:37)
Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{685A89CB-DF27-42D6-A623-34F40DBBFFB2}@ModifyPath                                   C:\Users\el guapo y el fuerte\AppData\Roaming\InstallShield Installation Information\{685A89CB-DF27-42D6-A623-34F40DBBFFB2}\setup.exe (InstallScript Setup Launcher/OriginLab)(2013-02-22 22:03:45)
Reg       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{685A89CB-DF27-42D6-A623-34F40DBBFFB2}@InstallSource                                C:\Users\el guapo y el fuerte\Desktop\Origin90Setup.exe (InstallScript Setup Launcher/OriginLab SIGNED)(2013-02-22 21:58:37)
 
---- EOF - GMER 2.1 ----
 

 

 

 

 

 

Edited by MyCrappyComputer, 25 July 2013 - 09:42 PM.


#12 MyCrappyComputer

MyCrappyComputer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 25 July 2013 - 09:44 PM

Lastly, here is my GMER AutoStarts Log:

 

GMER 2.1.19163 - http://www.gmer.net

Autostart scan 2013-07-25 00:08:11
Windows 6.1.7601 Service Pack 1
 
 
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/
 
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe /*file not found*/
 
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ >>>
Canon BJ Language Monitor MG2100 series@Driver = CNMLMAQ.DLL
Local Port@Driver = localspl.dll
Standard TCP/IP Port@Driver = tcpmon.dll
USB Monitor@Driver = usbmon.dll
WSD Port@Driver = WSDMon.dll
 
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\Windows\system32\userinit.exe, = C:\Windows\system32\userinit.exe,
@Shellexplorer.exe = explorer.exe
 
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@DLLName = igfxdev.dll
 
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = 
 
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AERTFilters@ = C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
AMPPALR3@ = C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
AppMgmt@ = %SystemRoot%\system32\svchost.exe -k netsvcs
AudioEndpointBuilder@ = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
AudioSrv@ = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
BFE@ = %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
BTHSSecurityMgr@ = "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe"
CertPropSvc@ = %SystemRoot%\system32\svchost.exe -k netsvcs
clr_optimization_v4.0.30319_32@ = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
clr_optimization_v4.0.30319_64@ = C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
CryptSvc@ = %SystemRoot%\system32\svchost.exe -k NetworkService
DcomLaunch@ = %SystemRoot%\system32\svchost.exe -k DcomLaunch
Dhcp@ = %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
dot3svc@ = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
DPS@ = %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
EFS@ = %SystemRoot%\System32\lsass.exe
eventlog@ = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
EventSystem@ = %SystemRoot%\system32\svchost.exe -k LocalService
FontCache@ = %SystemRoot%\system32\svchost.exe -k LocalService
gpsvc@ = %systemroot%\system32\svchost.exe -k netsvcs
HitmanProScheduler@ = C:\Program Files\HitmanPro\hmpsched.exe
hkmsvc@ = %SystemRoot%\System32\svchost.exe -k netsvcs
IKEEXT@ = %systemroot%\system32\svchost.exe -k netsvcs
iphlpsvc@ = %SystemRoot%\System32\svchost.exe -k NetSvcs
lltdsvc@ = %SystemRoot%\System32\svchost.exe -k LocalService
lmhosts@ = %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
MMCSS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
MpsSvc@ = %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
napagent@ = %SystemRoot%\System32\svchost.exe -k NetworkService
Netlogon@ = %systemroot%\system32\lsass.exe
Netman@ = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
netprofm@ = %SystemRoot%\System32\svchost.exe -k LocalService
NlaSvc@ = %SystemRoot%\System32\svchost.exe -k NetworkService
nsi@ = %systemroot%\system32\svchost.exe -k LocalService
p2pimsvc@ = %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
PcaSvc@ = %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
PerfHost@ = %SystemRoot%\SysWow64\perfhost.exe
pla@ = %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
PlugPlay@ = %SystemRoot%\system32\svchost.exe -k DcomLaunch
PolicyAgent@ = %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
Power@ = %SystemRoot%\system32\svchost.exe -k DcomLaunch
ProfSvc@ = %systemroot%\system32\svchost.exe -k netsvcs
ProtectedStorage@ = %SystemRoot%\system32\lsass.exe
RegSrvc@ = C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
RemoteAccess@ = %SystemRoot%\System32\svchost.exe -k netsvcs
RpcEptMapper@ = %SystemRoot%\system32\svchost.exe -k RPCSS
RpcLocator@ = %SystemRoot%\system32\locator.exe
RpcSs@ = %SystemRoot%\system32\svchost.exe -k rpcss
SamSs@ = %SystemRoot%\system32\lsass.exe
SCardSvr@ = %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Schedule@ = %SystemRoot%\System32\svchost.exe -k netsvcs
seclogon@ = %windir%\system32\svchost.exe -k netsvcs
SENS@ = %SystemRoot%\system32\svchost.exe -k netsvcs
SepMasterService@ = "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe" /s "Symantec Endpoint Protection" /m "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\sms.dll" /prefetch:1
SessionEnv@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SharedAccess@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ShellHWDetection@ = %SystemRoot%\System32\svchost.exe -k netsvcs
simptcp@ = %SystemRoot%\System32\tcpsvcs.exe
Spooler@ = %SystemRoot%\System32\spoolsv.exe
sppsvc@ = %SystemRoot%\system32\sppsvc.exe
SstpSvc@ = %SystemRoot%\system32\svchost.exe -k LocalService
stisvc@ = %SystemRoot%\system32\svchost.exe -k imgsvc
SysMain@ = %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
TapiSrv@ = %SystemRoot%\System32\svchost.exe -k NetworkService
TBS@ = %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
Themes@ = %SystemRoot%\System32\svchost.exe -k netsvcs
THREADORDER@ = %SystemRoot%\system32\svchost.exe -k LocalService
TrkWks@ = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
UxSms@ = %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
vds@ = %SystemRoot%\System32\vds.exe
W32Time@ = %SystemRoot%\system32\svchost.exe -k LocalService
Wecsvc@ = %SystemRoot%\system32\svchost.exe -k NetworkService
wercplsupport@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WerSvc@ = %SystemRoot%\System32\svchost.exe -k WerSvcGroup
Winmgmt@ = %systemroot%\system32\svchost.exe -k netsvcs
Wlansvc@ = %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
WMPNetworkSvc@ = "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" /*file not found*/
wscsvc@ = %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
WSearch@ = %systemroot%\system32\SearchIndexer.exe /Embedding
wuauserv@ = %systemroot%\system32\svchost.exe -k netsvcs
ZeroConfigService@ = "C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe" /*file not found*/
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@IntelPAN"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray = "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
@CCE"C:\Users\el guapo y el fuerte\Desktop\DDownloads\cce_2.5.242177.201_x64\CCE\CCE.exe" -showlog = "C:\Users\el guapo y el fuerte\Desktop\DDownloads\cce_2.5.242177.201_x64\CCE\CCE.exe" -showlog
ShellServiceObjectDelayLoad@WebCheck = 
 
HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe
 
HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = %SystemRoot%\SysWow64\mshta.exe "%1" %*
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00C6D95F-329C-409a-81D7-C46C66EA7F33} /**/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{80009818-f38f-4af1-87b5-eadab9433e58} /*MF ADTS Property Handler*/%SystemRoot%\System32\mf.dll = %SystemRoot%\System32\mf.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/C:\Windows\System32\webcheck.dll = C:\Windows\System32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Subscription Folder*/C:\Windows\System32\webcheck.dll = C:\Windows\System32\webcheck.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/(null) = 
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/C:\Windows\System32\webcheck.dll = C:\Windows\System32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/C:\Windows\System32\webcheck.dll = C:\Windows\System32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/C:\Windows\System32\webcheck.dll = C:\Windows\System32\webcheck.dll
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL = C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
@{506F4668-F13E-4AA1-BB04-B43203AB3CC0} /*{506F4668-F13E-4AA1-BB04-B43203AB3CC0}*/C:\Program Files\Microsoft Office\Office14\VISSHE.DLL = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
@{D66DC78C-4F61-447F-942B-3FB6980118CF} /*{D66DC78C-4F61-447F-942B-3FB6980118CF}*/C:\Program Files\Microsoft Office\Office14\VISSHE.DLL = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
@{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} /*Nameext*/C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL = C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
@{36eef7db-88ad-4e81-ad49-0e313f0c35f8} /*Windows Update*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/(null) = 
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\Program Files\NVIDIA Corporation\Display\nvui.dll = C:\Program Files\NVIDIA Corporation\Display\nvui.dll
@{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} /*NVIDIA Play On My TV Context Menu Extension*/%SystemRoot%\system32\nvshext.dll = %SystemRoot%\system32\nvshext.dll
@{A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} /*NvAppShExt extension*/C:\Windows\system32\nv3dappshext.dll = C:\Windows\system32\nv3dappshext.dll
@{E97DEC16-A50D-49bb-AE24-CF682282E08D} /*OpenGLShExt extension*/C:\Windows\system32\nv3dappshext.dll = C:\Windows\system32\nv3dappshext.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{8BEEE74D-455E-4616-A97A-F6E86C317F32} /*LDVP Shell Extensions*/C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\vpshell2.dll = C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\vpshell2.dll
 
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
BriefcaseMenu@{85BBD920-42A0-1069-A2E4-08002B30309D} = %SystemRoot%\system32\syncui.dll
LDVPMenu@{8BEEE74D-455E-4616-A97A-F6E86C317F32} = C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\vpshell2.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
PhotoStreamsExt@{89D984B3-813B-406A-8298-118AFA3A22AE} = C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = %SystemRoot%\system32\ntshrui.dll
 
HKLM\Software\Classes\*\shellex\ContextMenuHandlers >>>
@{90AA3A4E-1CBA-4233-B8BB-535773D48449}%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}%SystemRoot%\system32\shell32.dll = %SystemRoot%\system32\shell32.dll
 
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = %SystemRoot%\system32\ntshrui.dll
 
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers@{596AB062-B4D2-4215-9F74-E9109B0A8153} = %SystemRoot%\system32\twext.dll
 
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ >>>
igfxcui@{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\Windows\system32\igfxpph.dll
New@{D969A300-E7FF-11d0-A93B-00A0C90F2719} = %SystemRoot%\system32\shell32.dll
NvCplDesktopContext@{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = %SystemRoot%\system32\nvshext.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = %SystemRoot%\system32\ntshrui.dll
 
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
BriefcaseMenu@{85BBD920-42A0-1069-A2E4-08002B30309D} = %SystemRoot%\system32\syncui.dll
LDVPMenu@{8BEEE74D-455E-4616-A97A-F6E86C317F32} = C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\vpshell2.dll
Library Location@{3dad6c5d-2167-4cae-9914-f99e41c12cfa} = %SystemRoot%\system32\shell32.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
 
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 >>>
@vidc.mrlemsrle32.dll = msrle32.dll
@vidc.msvcmsvidc32.dll = msvidc32.dll
@msacm.imaadpcmimaadp32.acm = imaadp32.acm
@msacm.msg711msg711.acm = msg711.acm
@msacm.msgsm610msgsm32.acm = msgsm32.acm
@msacm.msadpcmmsadp32.acm = msadp32.acm
@midimappermidimap.dll = midimap.dll
@wavemappermsacm32.drv = msacm32.drv
@VIDC.UYVYmsyuv.dll = msyuv.dll
@VIDC.YUY2msyuv.dll = msyuv.dll
@VIDC.YVYUmsyuv.dll = msyuv.dll
@VIDC.IYUViyuv_32.dll = iyuv_32.dll
@vidc.i420iyuv_32.dll = iyuv_32.dll
@VIDC.YVU9tsbyuv.dll = tsbyuv.dll
@msacm.l3acmC:\Windows\System32\l3codeca.acm = C:\Windows\System32\l3codeca.acm
@MSVideo8VfWWDM32.dll = VfWWDM32.dll
@wavewdmaud.drv = wdmaud.drv
@midiwdmaud.drv = wdmaud.drv
@mixerwdmaud.drv = wdmaud.drv
@auxwdmaud.drv = wdmaud.drv
@wave2wdmaud.drv = wdmaud.drv
@midi2wdmaud.drv = wdmaud.drv
@mixer2wdmaud.drv = wdmaud.drv
@aux2wdmaud.drv = wdmaud.drv
@wave1wdmaud.drv = wdmaud.drv
@midi1wdmaud.drv = wdmaud.drv
@mixer1wdmaud.drv = wdmaud.drv
@aux1wdmaud.drv = wdmaud.drv
 
HKCU\Control Panel\Desktop@SCRNSAVE.EXE =  /*file not found*/
 
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Local PageC:\Windows\System32\blank.htm = C:\Windows\System32\blank.htm
 
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Local PageC:\Windows\system32\blank.htm = C:\Windows\system32\blank.htm
 
HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
application/octet-stream@CLSID = mscoree.dll
application/x-complus@CLSID = mscoree.dll
application/x-msdownload@CLSID = mscoree.dll
text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
 
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = C:\Windows\System32\mshtml.dll
belarc@CLSID = {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} /*file not found*/
cdl@CLSID = C:\Windows\system32\urlmon.dll
dvd@CLSID = C:\Windows\System32\msvidctl.dll
file@CLSID = C:\Windows\system32\urlmon.dll
ftp@CLSID = C:\Windows\system32\urlmon.dll
http@CLSID = C:\Windows\system32\urlmon.dll
https@CLSID = C:\Windows\system32\urlmon.dll
its@CLSID = %SystemRoot%\System32\itss.dll
javascript@CLSID = C:\Windows\System32\mshtml.dll
local@CLSID = C:\Windows\system32\urlmon.dll
mailto@CLSID = C:\Windows\System32\mshtml.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
mk@CLSID = C:\Windows\system32\urlmon.dll
ms-help@CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294} /*file not found*/
ms-its@CLSID = %SystemRoot%\System32\itss.dll
res@CLSID = C:\Windows\System32\mshtml.dll
tv@CLSID = C:\Windows\System32\msvidctl.dll
vbscript@CLSID = C:\Windows\System32\mshtml.dll
 
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain = 
 
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{05B01F1C-A469-410D-8059-C47AF73347EE} /*Wireless Network Connection 3*/ >>>
@IPAddress = 
@NameServer = 
@Domain = 
 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\system32\NLAapi.dll
000000000002@LibraryPath = %SystemRoot%\system32\napinsp.dll
000000000003@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
000000000004@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
000000000005@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000006@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000007@LibraryPath = %SystemRoot%\system32\wshbth.dll
000000000008@LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll
 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
 
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
 
---- EOF - GMER 2.1 ----


#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:41 PM

Posted 25 July 2013 - 09:50 PM

I don't actually see anything malicious in GMER log.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#14 MyCrappyComputer

MyCrappyComputer
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 28 July 2013 - 12:27 PM

Broni,

I know that you say that you don't see anything malicious in my posts. Are there any other logs that you would like to see or any tools to run? Because I still have all the issues that I initially posted. Is that normal? While recently, I cannot open any anti-malware tools unless I am in safe mode. My clock in the lower right-hand corner has reset itself from 12-hr time to 24-hour time all by itself. Is that normal? 

 

Thanks,

MCC



#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:41 PM

Posted 28 July 2013 - 12:30 PM

We can try some more advanced tools.

 

Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users