Slow Computer..Win 7.

N7xlq1

By N7xlq1,
in Malware Removal

 Share Followers 0

Recommended Posts

  • Replies 62
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

flashh4

flashh4

Posted
Posted

That is because it did not finish updating before you tried a re-boot. Let it run a while 1/2 hour and try another re-boot ! If that does not cure it you will have to do a System Restore for a day before this started !!

 

Chuck

Link to post
Share on other sites
flashh4

flashh4

Posted
Posted

Hi John, run this insted of Malwarebytes !!

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


 

 

Post Next

1. Frst logs

2. OTL logs

3. Security Check Log

 

Thanks

Chuck

Link to post
Share on other sites
N7xlq1

N7xlq1

Posted
  • Author
Posted

FIRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2015

Ran by John (administrator) on ALEX-PC (18-08-2015 10:48:42)
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: Alex & John)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\avast software\avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avast Software) C:\Program Files\avast software\avast\ng\vbox\AvastVBoxSVC.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(AVAST Software) C:\Program Files\avast software\avast\ng\vbox\aswFe.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\AirPort\APAgent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(AVAST Software) C:\Program Files\avast software\avast\AvastUI.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIAFA.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [AirPort Base Station Agent] => C:\Program Files\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157992 2015-07-11] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-15] (AVAST Software)
HKU\S-1-5-21-3492453536-2379498159-1907998561-1004\...\Run: [EPSON Stylus CX7800 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE [177664 2007-01-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3492453536-2379498159-1907998561-1004\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3492453536-2379498159-1907998561-1004\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-3492453536-2379498159-1907998561-1004\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-3492453536-2379498159-1907998561-1004\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3492453536-2379498159-1907998561-1004\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk [2010-02-25]
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-15] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3492453536-2379498159-1907998561-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3492453536-2379498159-1907998561-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-21] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-15] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-21] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{2C8D3213-A75A-40D3-BBCB-A7F8B672DD45}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{E9C9B606-1D83-44B0-A90E-16A1AE1BA2F6}: [DhcpNameServer] 10.0.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\d351k029.default-1424026281612
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://zyngagames.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-12] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-05-23] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-05-23] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-05]
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-12-19]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-15]
 
Chrome: 
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (iCloud Bookmarks) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2013-12-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Ad-Block Plus) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccchfllceggkmiafgofdpipdpoffmop [2015-08-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-15]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path\update_url>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-15] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-08-15] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [17536800 2014-07-25] (NVIDIA Corporation)
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-17] (Logitech Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-08-15] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-08-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-08-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-08-15] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-08-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-08-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [113592 2015-08-15] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-08-15] (AVAST Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-08-15] (AVAST Software)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19232 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-08-15] (Avast Software)
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 RTL8187; system32\DRIVERS\wg111v2.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-18 10:48 - 2015-08-18 10:49 - 00019300 _____ C:\Users\John\Desktop\FRST.txt
2015-08-18 10:48 - 2015-08-18 10:48 - 00000000 ____D C:\FRST
2015-08-18 10:38 - 2015-08-18 10:38 - 01677312 _____ (Farbar) C:\Users\John\Desktop\FRST.exe
2015-08-18 10:34 - 2015-08-18 10:34 - 00000000 ____D C:\Users\John\AppData\Local\{617FACEC-3271-4D81-860C-F84A3F7DE0A7}
2015-08-17 11:38 - 2015-08-17 11:40 - 00025706 _____ C:\Users\John\Desktop\dds.txt
2015-08-17 11:38 - 2015-08-17 11:40 - 00016461 _____ C:\Users\John\Desktop\attach.txt
2015-08-17 10:42 - 2015-08-17 10:43 - 00000000 ____D C:\Users\John\AppData\Local\{9C7DC106-5298-4F77-866C-31CD7EA938D4}
2015-08-16 11:24 - 2015-08-16 11:24 - 00852694 _____ C:\Users\John\Desktop\SecurityCheck.exe
2015-08-16 11:24 - 2015-08-16 11:24 - 00602112 _____ (OldTimer Tools) C:\Users\John\Desktop\OTL.scr
2015-08-16 11:23 - 2015-08-16 11:23 - 00688992 ____R (Swearware) C:\Users\John\Desktop\dds.scr
2015-08-16 11:10 - 2015-08-16 11:10 - 00000000 ____D C:\Users\John\AppData\Local\{510759CA-23EA-4A51-9CE1-4BFA92BF66B0}
2015-08-16 10:41 - 2015-08-16 10:41 - 00000000 ____D C:\Users\Alex\AppData\Roaming\AVAST Software
2015-08-15 11:45 - 2015-08-15 11:45 - 00000000 ____D C:\Users\John\AppData\Roaming\AVAST Software
2015-08-15 11:43 - 2015-08-15 11:43 - 00002039 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-08-15 11:43 - 2015-08-15 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-08-15 11:43 - 2015-08-15 11:42 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-08-15 11:43 - 2015-08-15 11:42 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-15 11:43 - 2015-08-15 11:42 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-15 11:43 - 2015-08-15 11:42 - 00113592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-08-15 11:43 - 2015-08-15 11:42 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-08-15 11:43 - 2015-08-15 11:42 - 00081728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-08-15 11:43 - 2015-08-15 11:42 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-15 11:43 - 2015-08-15 11:42 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-15 11:43 - 2015-08-15 11:42 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-15 11:42 - 2015-08-15 11:42 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-15 11:42 - 2015-08-15 11:42 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-15 11:22 - 2015-08-15 11:23 - 00000000 ____D C:\Users\John\AppData\Local\{DC109936-A5B9-4277-B9BF-448EB0AFB17C}
2015-08-14 20:29 - 2015-08-14 20:29 - 00057887 _____ C:\Users\John\Desktop\Malwarebytes.txt
2015-08-14 20:01 - 2015-07-10 10:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-14 20:00 - 2015-07-30 10:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-14 20:00 - 2015-07-30 10:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-14 20:00 - 2015-07-30 10:57 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-14 20:00 - 2015-07-30 10:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-14 20:00 - 2015-07-30 10:57 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-14 20:00 - 2015-07-30 10:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-14 20:00 - 2015-07-30 10:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-14 20:00 - 2015-07-30 09:52 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-14 20:00 - 2015-07-30 09:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-14 20:00 - 2015-07-28 13:04 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-14 20:00 - 2015-07-28 13:00 - 00952832 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-14 20:00 - 2015-07-28 13:00 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-14 20:00 - 2015-07-28 13:00 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-14 20:00 - 2015-07-28 13:00 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-14 20:00 - 2015-07-28 13:00 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-14 20:00 - 2015-07-28 13:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-14 20:00 - 2015-07-28 12:54 - 00934400 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-14 20:00 - 2015-07-20 10:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-14 20:00 - 2015-07-20 10:56 - 02061312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-14 20:00 - 2015-07-20 10:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-14 20:00 - 2015-07-20 10:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-14 20:00 - 2015-07-20 10:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-14 20:00 - 2015-07-20 10:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-14 20:00 - 2015-07-20 10:56 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-14 20:00 - 2015-07-20 10:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-14 20:00 - 2015-07-20 10:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-14 20:00 - 2015-07-20 10:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-14 20:00 - 2015-07-20 10:56 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-14 20:00 - 2015-07-16 12:12 - 04922368 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-14 20:00 - 2015-07-16 12:12 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-14 20:00 - 2015-07-16 12:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-14 20:00 - 2015-07-15 10:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-14 20:00 - 2015-07-15 10:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-14 20:00 - 2015-07-15 10:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-14 20:00 - 2015-07-15 10:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-14 20:00 - 2015-07-15 10:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-14 20:00 - 2015-07-15 10:56 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-14 20:00 - 2015-07-15 10:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-14 20:00 - 2015-07-15 10:55 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-14 20:00 - 2015-07-15 10:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-14 20:00 - 2015-07-15 10:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-14 20:00 - 2015-07-15 10:55 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-14 20:00 - 2015-07-15 10:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-14 20:00 - 2015-07-15 10:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-14 20:00 - 2015-07-15 10:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-14 20:00 - 2015-07-15 10:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-14 20:00 - 2015-07-15 10:54 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-14 20:00 - 2015-07-15 10:54 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-14 20:00 - 2015-07-15 10:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-14 20:00 - 2015-07-15 10:54 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-14 20:00 - 2015-07-15 10:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-14 20:00 - 2015-07-15 10:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-14 20:00 - 2015-07-15 10:54 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-14 20:00 - 2015-07-15 10:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-14 20:00 - 2015-07-15 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-14 20:00 - 2015-07-15 10:54 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-14 20:00 - 2015-07-15 10:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-14 20:00 - 2015-07-15 10:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-14 20:00 - 2015-07-15 10:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-14 20:00 - 2015-07-15 10:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-14 20:00 - 2015-07-15 10:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-14 20:00 - 2015-07-15 10:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-14 20:00 - 2015-07-15 10:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-14 20:00 - 2015-07-15 09:36 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-14 20:00 - 2015-07-15 09:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-14 20:00 - 2015-07-15 09:36 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-14 20:00 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-14 20:00 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-14 20:00 - 2015-07-01 13:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-14 20:00 - 2015-07-01 13:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-14 19:59 - 2015-07-20 17:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-14 19:59 - 2015-07-16 13:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-14 19:59 - 2015-07-16 13:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-14 19:59 - 2015-07-16 13:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-14 19:59 - 2015-07-16 12:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-14 19:59 - 2015-07-16 12:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-14 19:59 - 2015-07-16 12:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-14 19:59 - 2015-07-16 12:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-14 19:59 - 2015-07-16 12:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-14 19:59 - 2015-07-16 12:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-14 19:59 - 2015-07-16 12:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-14 19:59 - 2015-07-16 12:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-14 19:59 - 2015-07-16 12:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-14 19:59 - 2015-07-16 12:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-14 19:59 - 2015-07-16 12:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-14 19:59 - 2015-07-16 12:39 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-14 19:59 - 2015-07-16 12:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-14 19:59 - 2015-07-16 12:32 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-14 19:59 - 2015-07-16 12:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-14 19:59 - 2015-07-16 12:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-14 19:59 - 2015-07-16 12:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-14 19:59 - 2015-07-16 12:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-14 19:59 - 2015-07-16 12:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-14 19:59 - 2015-07-16 12:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-14 19:59 - 2015-07-16 12:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-14 19:59 - 2015-07-16 12:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-14 19:59 - 2015-07-16 12:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-14 19:59 - 2015-07-16 12:06 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-14 19:59 - 2015-07-16 12:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-14 19:59 - 2015-07-16 11:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-14 19:59 - 2015-07-16 11:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-14 19:59 - 2015-07-16 11:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-14 19:39 - 2015-07-14 19:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-14 19:38 - 2015-07-14 19:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-14 19:38 - 2015-07-14 19:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-14 19:38 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-14 19:38 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-14 11:51 - 2015-07-30 06:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 10:50 - 2015-08-14 10:50 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\241A4120.sys
2015-08-14 10:49 - 2015-08-18 10:47 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-14 10:49 - 2015-08-14 10:49 - 00001024 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-14 10:49 - 2015-08-14 10:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-14 10:49 - 2015-08-14 10:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-14 10:49 - 2015-08-14 10:49 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-14 10:49 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-14 10:49 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-14 10:49 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-14 10:44 - 2015-08-14 10:45 - 00000000 ____D C:\Users\John\AppData\Local\{D71A9C0E-BDD2-4596-900F-B62A95915EB2}
2015-08-13 11:28 - 2015-08-13 11:28 - 00169743 _____ C:\Users\John\Desktop\JRT.txt
2015-08-13 11:21 - 2015-08-13 11:21 - 01791580 _____ (Malwarebytes Corporation) C:\Users\John\Downloads\JRT (1).exe
2015-08-13 11:15 - 2015-08-13 11:15 - 01791580 _____ (Malwarebytes Corporation) C:\Users\John\Desktop\JRT.exe
2015-08-13 11:12 - 2015-08-13 11:12 - 00001093 _____ C:\Users\John\Desktop\AdwCleaner[s1].txt
2015-08-12 11:41 - 2015-08-13 11:08 - 00000000 ____D C:\AdwCleaner
2015-08-12 11:38 - 2015-08-12 11:38 - 02248704 _____ C:\Users\John\Desktop\adwcleaner_4.208.exe
2015-08-11 09:13 - 2015-08-11 09:13 - 00000000 ____D C:\Installer_WinsockXPFix
2015-08-10 11:23 - 2015-08-10 11:23 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\John\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-01 11:00 - 2015-08-01 11:00 - 00002209 _____ C:\Users\John\Desktop\Chrome App Launcher.lnk
2015-08-01 11:00 - 2015-08-01 11:00 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-27 10:51 - 2015-07-27 10:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-27 10:50 - 2015-07-27 10:51 - 00000000 ____D C:\Program Files\iTunes
2015-07-27 10:50 - 2015-07-27 10:50 - 00000000 ____D C:\Program Files\iPod
2015-07-21 10:39 - 2015-07-21 10:39 - 00000000 ____D C:\Program Files\Common Files\Java
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-18 10:39 - 2009-10-29 12:46 - 01770357 _____ C:\Windows\WindowsUpdate.log
2015-08-18 10:36 - 2009-07-13 21:34 - 00023392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-18 10:36 - 2009-07-13 21:34 - 00023392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-18 10:33 - 2009-12-23 12:55 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-18 10:31 - 2014-11-27 10:44 - 00000000 ___RD C:\Users\John\iCloudDrive
2015-08-18 10:20 - 2009-10-30 15:15 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3492453536-2379498159-1907998561-1003UA.job
2015-08-18 10:16 - 2009-07-13 21:39 - 00303732 _____ C:\Windows\setupact.log
2015-08-18 10:15 - 2011-12-26 11:56 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-18 10:15 - 2009-12-23 12:55 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-18 10:15 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-17 11:20 - 2009-10-30 15:15 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3492453536-2379498159-1907998561-1003Core.job
2015-08-16 10:39 - 2010-01-25 10:30 - 00936604 _____ C:\Windows\PFRO.log
2015-08-15 11:47 - 2015-04-14 11:51 - 00000000 ____D C:\Windows\system32\vbox
2015-08-15 11:36 - 2013-10-20 10:46 - 00000000 ____D C:\ProgramData\AVAST Software
2015-08-15 10:22 - 2009-07-13 21:33 - 00307952 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-15 10:20 - 2014-12-10 11:34 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-15 10:20 - 2014-05-06 11:56 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-14 22:13 - 2010-06-05 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-14 22:12 - 2009-11-02 14:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-14 22:11 - 2013-08-14 11:54 - 00000000 ____D C:\Windows\system32\MRT
2015-08-14 22:04 - 2009-10-30 10:35 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-14 20:26 - 2009-12-23 12:56 - 00002089 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-14 20:08 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-13 11:26 - 2009-12-18 20:30 - 00000000 ____D C:\ProgramData\Google
2015-08-11 11:41 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\NDF
2015-07-28 11:43 - 2015-07-10 04:17 - 00000000 ___HD C:\$Windows.~BT
2015-07-28 09:39 - 2012-04-04 19:30 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-28 09:39 - 2011-12-17 21:29 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-28 09:31 - 2009-10-29 13:36 - 00000000 ____D C:\Windows\Panther
2015-07-27 11:05 - 2014-11-17 11:52 - 00000000 __SHD C:\Users\John\AppData\Local\EmieBrowserModeList
2015-07-27 11:05 - 2014-04-18 11:26 - 00000000 __SHD C:\Users\John\AppData\Local\EmieUserList
2015-07-27 11:05 - 2014-04-18 11:26 - 00000000 __SHD C:\Users\John\AppData\Local\EmieSiteList
2015-07-27 10:51 - 2012-09-16 19:45 - 00001713 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-27 10:50 - 2010-10-03 09:19 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-25 10:27 - 2015-04-04 12:17 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-21 10:41 - 2013-10-20 11:01 - 00000000 ____D C:\ProgramData\Oracle
2015-07-21 10:40 - 2010-02-25 20:23 - 00000000 ____D C:\Program Files\Java
2015-07-21 10:38 - 2014-11-11 09:23 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
 
==================== Files in the root of some directories =======
 
2012-05-08 14:15 - 2012-05-08 14:15 - 0000005 _____ () C:\Program Files\basis-link
2012-08-13 10:57 - 2012-08-13 10:57 - 0012927 _____ () C:\Program Files\readme.html
2012-08-13 10:57 - 2012-08-13 10:57 - 0012558 _____ () C:\Program Files\readme.txt
2009-10-29 13:40 - 2009-10-12 17:37 - 6251583 _____ () C:\Program Files\wg111v2_3_4_0.zip
2013-04-27 10:52 - 2013-04-27 10:52 - 0000080 _____ () C:\Users\John\AppData\Local\X-Plane Installer.prf
2013-04-27 10:50 - 2013-04-27 10:50 - 0000040 _____ () C:\Users\John\AppData\Local\x-plane_install_10.txt
2012-03-25 10:50 - 2015-03-20 10:45 - 0001053 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some files in TEMP:
====================
C:\Users\Alex\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Alex\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Alex\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Alex\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Alex\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Alex\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Alex\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Alex\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Alex\AppData\Local\Temp\nvStInst.exe
C:\Users\John\AppData\Local\Temp\BackupSetup.exe
C:\Users\John\AppData\Local\Temp\HD_Quality_US_setup.exe
C:\Users\John\AppData\Local\Temp\ICReinstall_FileOpenerSetup.exe
C:\Users\John\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\John\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\John\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\John\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\John\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\John\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\John\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\John\AppData\Local\Temp\MouseKeyboardCenterx86_1033.exe
C:\Users\John\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\John\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\John\AppData\Local\Temp\nvStInst.exe
C:\Users\John\AppData\Local\Temp\Quarantine.exe
C:\Users\John\AppData\Local\Temp\secuniasi7090153475205377008.dll
C:\Users\John\AppData\Local\Temp\setup.exe
C:\Users\John\AppData\Local\Temp\SkypeSetup.exe
C:\Users\John\AppData\Local\Temp\sqlite3.dll
C:\Users\John\AppData\Local\Temp\{546BFB6F-9958-47AE-B562-56ECE1DEE884}-GoogleEarth-Win-Bundle-7.1.5.1557.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-08 10:39
 
==================== End of log ============================
Link to post
Share on other sites
N7xlq1

N7xlq1

Posted
  • Author
Posted

Additions.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-08-2015

Ran by John (2015-08-18 10:49:59)
Running from C:\Users\John\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3492453536-2379498159-1907998561-500 - Administrator - Disabled)
Alex (S-1-5-21-3492453536-2379498159-1907998561-1000 - Administrator - Enabled) => C:\Users\Alex
Guest (S-1-5-21-3492453536-2379498159-1907998561-501 - Limited - Enabled)
John (S-1-5-21-3492453536-2379498159-1907998561-1004 - Administrator - Enabled) => C:\Users\John
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.203 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AirPort (HKLM\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)
Apple Application Support (32-bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)
Battle of Britain II (HKLM\...\Battle of Britain II) (Version:  - )
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour Print Services (HKLM\...\{9D210D79-AEC5-453B-960C-4DD2C73931E1}) (Version: 2.0.2.0 - Apple Inc.)
CameraHelperMsi (Version: 13.31.1038.0 - Logitech) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
iCloud (HKLM\...\{9A07AB4F-6B53-43E9-B7FC-7892E8C26BE3}) (Version: 4.1.1.53 - Apple Inc.)
Internet TV for Windows Media Center (HKLM\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{9DBBE7B8-EE7A-4FD9-9C7F-35E69A4C19D8}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Flight Simulator X Service Pack 2 (HKLM\...\{4847BBB9-EADD-4C92-90BF-4223B0892FF6}) (Version: 10.0.61472.0 - Microsoft Game Studios)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.161.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{710BF966-43C8-4216-A8EC-BC4E169FF7C1}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
QuickTime 7 (HKLM\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Secunia PSI (3.0.0.3001) (HKLM\...\Secunia PSI) (Version: 3.0.0.3001 - Secunia)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skypeâ„¢ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-3492453536-2379498159-1907998561-1004\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH)
Thrustmaster Force Feedback Driver (HKLM\...\{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}) (Version: 2.FFD.2009 - Thrustmaster)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
World of Tanks (HKLM\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3492453536-2379498159-1907998561-1004_Classes\CLSID\{82E5DF24-51E8-47CD-864A-F4BD5005AA73}\InprocServer32 -> C:\Users\John\AppData\Local\MICROS~1\INTERN~1\DOWNLO~1\iCloud.ocx No File
 
==================== Restore Points =========================
 
18-08-2015 10:28:00 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0E2E3A21-3756-4453-85E8-FC1EA7169241} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe
Task: {18EDAD87-3687-431B-89F9-A090B8F37813} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1A945505-B3F9-4276-B30A-D15D22FD8094} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {3FADE299-399C-46AE-805D-54FCCA36C87E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {4019FE94-E07B-4D3E-9FCE-A2B1A5EA8766} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3492453536-2379498159-1907998561-1003UA => C:\Users\phyllis\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {4504E53B-AC28-46F7-9310-00BBE277EFE8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3492453536-2379498159-1907998561-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {457DD9EE-8171-4F6D-B72B-A32F4A30C524} - System32\Tasks\{85A70434-AD24-4BED-9FA2-853A59635521} => C:\Program Files\OpenOffice.org 3\program\scalc.exe
Task: {46865F2D-274F-484E-919F-B53D598FFDD8} - System32\Tasks\{AE4CBC22-9005-47A0-B685-945EF4BE0A93} => pcalua.exe -a C:\Users\Alex\Downloads\openoffice-suite.aptupgwbas01.78.exe -d C:\Users\Alex\Downloads
Task: {70BC1448-55F0-4141-B848-5A3D21E31382} - System32\Tasks\{9FABDA90-0D4F-46E3-8805-2CA6A3818EF9} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files\OpenOffice.org 3\program\scalc.exe"
Task: {78B76FB0-60CD-4725-9BB7-267095FD8DD4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {8DC22240-C55D-46A8-AEA4-6C5D70CE85FC} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3492453536-2379498159-1907998561-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {B136007D-C983-414D-B4E0-E9B1099309C4} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3492453536-2379498159-1907998561-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {B2A7881F-D412-4401-9FF0-C455519DCEFE} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {C96DC824-A44B-4BCC-9F3D-355938050AF6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3492453536-2379498159-1907998561-1003Core => C:\Users\phyllis\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {D05A5C92-E2E6-433B-A985-C37A8F27EE01} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2015-04-26] (Apple Inc.)
Task: {DADF80A7-DD46-48F1-A878-79E15BC123FC} - System32\Tasks\{6CE13EDD-3586-454D-B575-0DE783B2DABC} => pcalua.exe -a "C:\Users\John\AppData\Local\Temp\Temp1_FSUIPC4.zip\Install FSUIPC4.exe"
Task: {E6B8002C-2706-425E-BA99-25E55909A972} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3492453536-2379498159-1907998561-1004 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {EAC2E2B2-1F85-4622-B11E-36F2838B4FA1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-15] (AVAST Software)
Task: {F48EB3DA-3B8D-461B-A496-D3695B5C9DE6} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {F7BFF2FF-6164-4B24-91B1-ABB35E2D2D98} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-28] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3492453536-2379498159-1907998561-1003Core.job => C:\Users\phyllis\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3492453536-2379498159-1907998561-1003UA.job => C:\Users\phyllis\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-15 11:42 - 2015-08-15 11:42 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-15 11:42 - 2015-08-15 11:42 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-17 10:31 - 2015-08-17 10:31 - 02962432 _____ () C:\Program Files\AVAST Software\Avast\defs\15081701\algo.dll
2015-08-18 10:23 - 2015-08-18 10:23 - 02961920 _____ () C:\Program Files\AVAST Software\Avast\defs\15081800\algo.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-18 11:44 - 2015-02-03 19:05 - 00106640 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 02145304 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 07956504 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 00342552 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 00029208 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-08-12 12:18 - 2011-08-12 12:18 - 00128536 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2011-11-11 14:07 - 2011-11-11 14:07 - 00265240 _____ () C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2011-11-11 14:09 - 2011-11-11 14:09 - 00336408 _____ () C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2015-08-15 11:42 - 2015-08-15 11:42 - 40540672 _____ () C:\Program Files\avast software\avast\libcef.dll
2015-08-15 11:42 - 2015-08-15 11:42 - 00102864 _____ () C:\Program Files\avast software\avast\log.dll
2015-08-15 11:42 - 2015-08-15 11:42 - 00123976 _____ () C:\Program Files\avast software\avast\JsonRpcServer.dll
2011-08-12 12:19 - 2011-08-12 12:19 - 00680984 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2015-08-14 20:26 - 2015-08-07 17:13 - 01405768 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.155\libglesv2.dll
2015-08-14 20:26 - 2015-08-07 17:13 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.155\libegl.dll
2015-08-14 20:26 - 2015-08-07 17:13 - 16393032 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.155\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3492453536-2379498159-1907998561-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A32313C8-CEFC-412E-972E-D7D8758154B4}] => (Allow) C:\Program Files\Lexmark 5400 Series\lxctmon.exe
FirewallRules: [{4321F372-0BC7-46E0-98F2-D5D154F4470E}] => (Allow) C:\Program Files\Lexmark 5400 Series\lxctmon.exe
FirewallRules: [{607B652E-FE9A-45B7-888A-EAE7C3ED5477}] => (Allow) C:\Program Files\Lexmark 5400 Series\LXCTaiox.exe
FirewallRules: [{AAC5D47C-276A-4A03-985C-26FEF74A914A}] => (Allow) C:\Program Files\Lexmark 5400 Series\LXCTaiox.exe
FirewallRules: [{1A095A80-B6A3-4876-BA3C-F15398F3BA52}] => (Allow) LPort=135
FirewallRules: [{C725EE0A-738B-4BAA-8DF0-583EC1C43C34}] => (Allow) LPort=5000
FirewallRules: [{1D009045-2CDC-4DDB-A915-24BD4BB400A2}] => (Allow) LPort=5001
FirewallRules: [{7845E311-E8D6-4311-AE9A-9B463A8B1DE2}] => (Allow) LPort=5002
FirewallRules: [{774AC155-E1C3-473C-9A5E-ABB55A7B00C3}] => (Allow) LPort=5003
FirewallRules: [{5460A4DF-2751-40A1-9406-6DFD20594688}] => (Allow) LPort=5004
FirewallRules: [{1BFFFB27-510D-4B33-855D-680011D0AE32}] => (Allow) LPort=5005
FirewallRules: [{0D460EFE-C87B-4FBB-8672-AA68E2E10E0B}] => (Allow) LPort=5006
FirewallRules: [{EC74748D-9CB2-49C1-9F2C-27149356165B}] => (Allow) LPort=5007
FirewallRules: [{A9EA9940-3244-4E65-96DB-E5D9CBC2608A}] => (Allow) LPort=5008
FirewallRules: [{0D176D8E-BDD5-4307-B418-35CF56A5693B}] => (Allow) LPort=5009
FirewallRules: [{2F331A19-07F7-40E9-89F3-83594FD9D682}] => (Allow) LPort=5010
FirewallRules: [{2BE19773-D3FC-4328-B69C-DB1CF2D96AB8}] => (Allow) LPort=5011
FirewallRules: [{CBD84A4C-626B-4148-AC17-6C34E8D7D232}] => (Allow) LPort=5012
FirewallRules: [{F00BB2C4-5E9D-47DB-BF18-EE9F68A4E364}] => (Allow) LPort=5013
FirewallRules: [{DADD8C78-3F19-41A6-91BB-038AD9BB6BA3}] => (Allow) LPort=5014
FirewallRules: [{505CF88A-8C12-405A-AAF6-D336AE787D2F}] => (Allow) LPort=5015
FirewallRules: [{5F001735-526B-4E34-9067-1F5359FBD06E}] => (Allow) LPort=5016
FirewallRules: [{EB51FC64-A2A7-4AAD-B14F-84A9DAD9133B}] => (Allow) LPort=5017
FirewallRules: [{7E6222DB-BB52-4E37-8D7D-4C3821E300EB}] => (Allow) LPort=5018
FirewallRules: [{6DC7C282-D891-40F8-8990-954DDBB74A89}] => (Allow) LPort=5019
FirewallRules: [{7F33AF69-3F02-4E5D-86D7-26E63ECD4CAA}] => (Allow) LPort=5020
FirewallRules: [TCP Query User{AB045401-7F3A-4908-8768-C3ABDF37A5BE}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [uDP Query User{BEEBF8BB-7A29-4123-80F4-A87E2E0C20E2}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{D78EF943-DEEE-4F34-8B20-CCC839F64EE8}C:\program files\real\realplayer\realplay.exe] => (Allow) C:\program files\real\realplayer\realplay.exe
FirewallRules: [uDP Query User{B4D426AE-C41E-477A-8857-074E15D2C37C}C:\program files\real\realplayer\realplay.exe] => (Allow) C:\program files\real\realplayer\realplay.exe
FirewallRules: [{F2DECC1A-38AE-49CA-B76D-B20C0FCC2259}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C11FB0DD-B83F-4625-9B06-98F66CC2CE55}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BFB3C874-D16D-4FFE-9A1F-05F86506ABBF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2C58C062-946F-4C81-A2E5-DB8077365CE5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D97541D1-F011-49B6-8D25-218908C18C0B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{49751A04-997D-4F2E-98E3-4F37920DE7F6}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0871031C-6843-4BDC-9954-0CD584961655}] => (Allow) LPort=2869
FirewallRules: [{00AD044D-001E-41A6-9E81-464C9586BF43}] => (Allow) LPort=1900
FirewallRules: [{A45B53E7-C84D-440C-AD81-C275C73E8553}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E17F4F62-8A33-45FD-B913-DD1C2B85ED28}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{3CC53B21-EC08-4981-963E-9F7ADB0D53FA}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{B49EB490-E2F4-4561-9170-7AFCBE4A2DF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{E830059B-6F76-4F34-A14A-3DAC6139318A}] => (Allow) C:\Windows\System32\lxctcoms.exe
FirewallRules: [{AB8068B4-AE9E-474D-AE48-FA0BCAB20319}] => (Allow) C:\Windows\System32\lxctcoms.exe
FirewallRules: [TCP Query User{1DF3F654-A0D8-4E18-91B5-2CFF033674C0}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [uDP Query User{E6D065CC-0DA1-4D57-838D-62FC6333B9E0}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{0A3A2546-9D72-4BBD-B1E5-B8B9B159DFF2}] => (Allow) C:\Program Files\AirPort\APAgent.exe
FirewallRules: [TCP Query User{54450FE4-C09A-4957-99FA-1F4EDB8D2316}C:\program files\airport\aputil.exe] => (Allow) C:\program files\airport\aputil.exe
FirewallRules: [uDP Query User{D86C5FD9-3D8D-4E98-B005-87CE9EF3C88A}C:\program files\airport\aputil.exe] => (Allow) C:\program files\airport\aputil.exe
FirewallRules: [{0253665A-D2FF-43CC-9C3E-860890A2B010}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{307EF34D-ED3A-4806-909F-527A3B2A2E3A}C:\users\john\downloads\fshostclient1.3\fshostclient.exe] => (Allow) C:\users\john\downloads\fshostclient1.3\fshostclient.exe
FirewallRules: [uDP Query User{83159B21-DA93-48E7-870C-F8DFC3BA9514}C:\users\john\downloads\fshostclient1.3\fshostclient.exe] => (Allow) C:\users\john\downloads\fshostclient1.3\fshostclient.exe
FirewallRules: [TCP Query User{9D72AA14-7A48-48CF-B40C-424FAB206138}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [uDP Query User{0FC77C6B-AD86-4EB3-8742-48623E11D1D4}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [{71C8D435-C469-41B0-A868-4F40DB2B37D5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{A2684D90-F721-4F9B-AF86-BDD99A5F0590}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F63D72CA-9281-4B91-8923-2ABCB4B72F7B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{82956676-BAE0-435E-89C9-41723667C9FA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{9CD8DB3D-1CD5-4B14-8D01-DE2EB6A95CAA}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [uDP Query User{512B6E45-B28C-4DA3-AEE3-53669BDDB48F}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{D6904E38-375F-4B7D-B17C-12E406503AC2}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E4860410-2F56-4B02-88A0-6850A60E12DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0908F6F3-80A2-48BB-AEAD-324734C66A56}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{EA794AE9-6C75-42F4-9032-D4D1CD2F2337}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{4DBC8F1B-9C82-46BB-89AC-B85E883E0AC8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B02F733F-D1AA-407B-ADA6-A2A0B32542BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{71B84E02-397F-45EF-9A1E-D1286805874C}C:\program files\jfilemanager\jfilemanager.exe] => (Block) C:\program files\jfilemanager\jfilemanager.exe
FirewallRules: [uDP Query User{1DA50265-F2F7-46EF-A87F-A35E6D906F3C}C:\program files\jfilemanager\jfilemanager.exe] => (Block) C:\program files\jfilemanager\jfilemanager.exe
FirewallRules: [{39FB2E9A-20B2-4885-B0FD-B5DFABEE5B4F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{276B9BC6-E22D-4783-BB0A-B3FE4DE72AF5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{EBB3A2A4-ED15-4A87-8CDE-3F4D1EF08530}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{19E6890C-00E7-44C4-967D-5ED94CA95259}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{AB908454-91D0-4714-8291-730FAEA68CEA}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A2DBC35F-50F5-45E2-82C5-7D0D16A502DB}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{37F0F7F1-B8A7-4547-ABEE-1263EBA06ED0}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{BBB4FA12-8839-4091-A2B8-DE6FC1293A14}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{DB46D4BB-478E-4DEF-A07A-35B1AF0A2DC2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{39C858CA-F3FF-4207-AD81-8FFD3215F1BA}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{1A05860D-793F-4312-B495-674AEDD4CC1C}] => (Allow) C:\Program Files\avast software\avast\ng\vbox\aswFe.exe
FirewallRules: [{CA9E81E9-FE90-4922-B6F9-6B12D79B143A}] => (Allow) C:\Program Files\avast software\avast\ng\vbox\aswFe.exe
 
==================== Faulty Device Manager Devices =============
 
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/17/2015 11:27:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02
Faulting module name: Qt5Core.dll, version: 5.4.1.0, time stamp: 0x54f1783a
Exception code: 0xc0000005
Fault offset: 0x00002fb6
Faulting process id: 0x15c0
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (08/17/2015 11:22:27 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (08/16/2015 10:54:31 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (08/15/2015 11:37:17 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b32d5102-3c5d-4f94-b825-551b5587b5e0}
 
Error: (08/15/2015 11:27:36 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {01d1c86e-15e7-4d70-a0c4-abc6384586ea}
 
Error: (08/14/2015 07:50:48 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (08/14/2015 11:46:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AvastUI.exe version 10.3.2225.1172 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: b04
 
Start Time: 01d0d6b89e8c6dea
 
Termination Time: 60000
 
Application Path: C:\Program Files\Alwil Software\Avast5\AvastUI.exe
 
Report Id: 7a000836-42b4-11e5-8aeb-0019d18b394a
 
Error: (08/14/2015 11:22:31 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (08/13/2015 10:34:11 AM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x8007043c
 
Error: (08/12/2015 11:28:53 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\Alwil Software\Avast5\setup\Sfx\New\instup.exe Files\Alwil Software\Avast5\setup\Sfx\New\instup.exe"  /build_id /cookie:prt_cnet042015 /edition:1 /prod:ais /sfx /sfxstorage:C:\Users\John\AppData\Local\Temp\_av_iup.tm~a01892; Description = avast! antivirus system restore point; Error = 0x8007043c).
 
 
System errors:
=============
Error: (08/18/2015 10:37:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.203.2523.0).
 
Error: (08/17/2015 10:31:17 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070420
 
Error: (08/17/2015 10:29:23 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (08/16/2015 10:40:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%1053
 
Error: (08/16/2015 10:40:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
 
Error: (08/15/2015 11:19:32 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {49BD2028-1523-11D1-AD79-00C04FD8FDFF}
 
Error: (08/15/2015 11:17:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Avast Antivirus service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (08/15/2015 11:17:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avast Antivirus service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (08/15/2015 11:16:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avast Antivirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (08/15/2015 11:16:00 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:58:54 AM on ‎8/‎15/‎2015 was unexpected.
 
 
Microsoft Office:
=========================
Error: (08/17/2015 11:27:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe2.3.55.0557a2a02Qt5Core.dll5.4.1.054f1783ac000000500002fb615c001d0d913bb340799C:\Program Files\Malwarebytes Anti-Malware\mbam.exeC:\Program Files\Malwarebytes Anti-Malware\Qt5Core.dll95d9be4d-450d-11e5-9438-0019d18b394a
 
Error: (08/17/2015 11:22:27 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (08/16/2015 10:54:31 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (08/15/2015 11:37:17 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b32d5102-3c5d-4f94-b825-551b5587b5e0}
 
Error: (08/15/2015 11:27:36 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {01d1c86e-15e7-4d70-a0c4-abc6384586ea}
 
Error: (08/14/2015 07:50:48 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (08/14/2015 11:46:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: AvastUI.exe10.3.2225.1172b0401d0d6b89e8c6dea60000C:\Program Files\Alwil Software\Avast5\AvastUI.exe7a000836-42b4-11e5-8aeb-0019d18b394a
 
Error: (08/14/2015 11:22:31 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (08/13/2015 10:34:11 AM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x8007043c
 
Error: (08/12/2015 11:28:53 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\Alwil Software\Avast5\setup\Sfx\New\instup.exe Files\Alwil Software\Avast5\setup\Sfx\New\instup.exe"  /build_id /cookie:prt_cnet042015 /edition:1 /prod:ais /sfx /sfxstorage:C:\Users\John\AppData\Local\Temp\_av_iup.tm~a01892avast! antivirus system restore point0x8007043c
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 64%
Total physical RAM: 2029.76 MB
Available physical RAM: 724.55 MB
Total Virtual: 4059.52 MB
Available Virtual: 2251.06 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:148.95 GB) (Free:48.37 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 10EA4A23)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
==================== End of log ============================
Link to post
Share on other sites
N7xlq1

N7xlq1

Posted
  • Author
Posted

dds.txt

 

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 11.0.9600.17937  BrowserJavaVersion: 11.51.2
Run by John at 11:34:30 on 2015-08-17
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2030.436 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Google\Update\1.3.28.1\GoogleCrashHandler.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\avast software\avast\AvastUI.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIAFA.EXE
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Internet Services\AppleChromeDAV.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
mSearchAssistant = hxxp://www.google.com
mCustomizeSearch = hxxp://www.google.com
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_51\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_51\bin\jp2ssv.dll
uRun: [EPSON Stylus CX7800 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiafa.exe /fu "c:\windows\temp\E_S7A35.tmp" /EF "HKCU"
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [com.apple.dav.bookmarks.daemon] c:\program files\common files\apple\internet services\BookmarkDAV_client.exe
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [iCloudDrive] c:\program files\common files\apple\internet services\iCloudDrive.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [Nvtmru] "c:\program files\nvidia corporation\nvidia update core\nvtmru.exe"
mRun: [shadowPlay] c:\windows\system32\rundll32.exe c:\windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
mRun: [NvBackend] "c:\program files\nvidia corporation\update core\NvBackend.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.0.1.1
TCP: Interfaces\{2C8D3213-A75A-40D3-BBCB-A7F8B672DD45} : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{E9C9B606-1D83-44B0-A90E-16A1AE1BA2F6} : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{E9C9B606-1D83-44B0-A90E-16A1AE1BA2F6}\A4F686E67237024456C6C6 : DHCPNameServer = 192.168.2.1 68.105.29.12 68.105.28.11 68.105.28.11
TCP: Interfaces\{E9C9B606-1D83-44B0-A90E-16A1AE1BA2F6}\A4F686E6723702E4564776561627E2 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{E9C9B606-1D83-44B0-A90E-16A1AE1BA2F6}\A4F686E6723702E4564777F627B60213 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{E9C9B606-1D83-44B0-A90E-16A1AE1BA2F6}\A4F686E6723702E4564777F627B6E2 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{E9C9B606-1D83-44B0-A90E-16A1AE1BA2F6}\E47385C415 : DHCPNameServer = 192.168.2.1 68.105.29.12 68.105.28.11 68.105.28.11
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\44.0.2403.155\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\john\appdata\roaming\mozilla\firefox\profiles\d351k029.default-1424026281612\
FF - prefs.js: browser.startup.homepage - hxxp://zyngagames.com/
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.28.1\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_45\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_18_0_0_203.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2015-8-15 49776]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2015-8-15 208664]
R0 ngvss;ngvss;c:\windows\system32\drivers\ngvss.sys [2015-8-15 95112]
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2009-10-29 21728]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-8-15 788784]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-8-15 433264]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-8-15 24016]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-8-15 76000]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-8-15 113592]
R2 avast! Antivirus;Avast Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2015-8-15 146600]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2015-5-1 1394816]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2015-5-1 1772672]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-13 20992]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2014-9-18 14624]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2015-8-14 1871160]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2015-8-14 1133880]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\nvidia corporation\netservice\NvNetworkService.exe [2014-1-17 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe [2013-11-13 17536800]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-7-25 681056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2015-2-25 409800]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-17 450848]
R2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\avast software\avast\ng\vbox\VBoxAswDrv.sys [2015-8-15 220752]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\avast software\avast\ng\vbox\AvastVBoxSVC.exe [2015-8-15 3218624]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-8-14 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-8-14 98520]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-8-14 51928]
R3 NvStreamKms;NvStreamKms;c:\program files\nvidia corporation\nvstreamsrv\NvStreamKms.sys [2014-5-27 19232]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-5-27 34080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-12-11 315496]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-4-6 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2015-8-14 102912]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-26 14848]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-7-25 1326176]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-10-26 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-25 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2015-08-17 17:54:54 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4cfc299f-7d37-447d-b199-885722896656}\offreg.3896.dll
2015-08-17 17:42:47 -------- d-----w- c:\users\john\appdata\local\{9C7DC106-5298-4F77-866C-31CD7EA938D4}
2015-08-16 18:10:18 -------- d-----w- c:\users\john\appdata\local\{510759CA-23EA-4A51-9CE1-4BFA92BF66B0}
2015-08-15 18:50:36 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4cfc299f-7d37-447d-b199-885722896656}\offreg.4908.dll
2015-08-15 18:45:50 -------- d-----w- c:\users\john\appdata\roaming\AVAST Software
2015-08-15 18:43:12 113592 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-08-15 18:43:11 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-08-15 18:43:09 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-08-15 18:43:09 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-08-15 18:43:07 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-08-15 18:43:07 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-08-15 18:43:02 788784 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-08-15 18:43:01 95112 ----a-w- c:\windows\system32\drivers\ngvss.sys
2015-08-15 18:42:49 43112 ----a-w- c:\windows\avastSS.scr
2015-08-15 18:22:48 -------- d-----w- c:\users\john\appdata\local\{DC109936-A5B9-4277-B9BF-448EB0AFB17C}
2015-08-15 02:59:29 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-08-15 02:39:36 44032 ----a-w- c:\windows\system32\basesrv.dll
2015-08-15 02:38:02 1390592 ----a-w- c:\windows\system32\msxml6.dll
2015-08-15 02:38:02 1241088 ----a-w- c:\windows\system32\msxml3.dll
2015-08-15 02:38:01 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-15 02:38:01 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-14 18:51:48 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 18:41:06 9252608 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4cfc299f-7d37-447d-b199-885722896656}\mpengine.dll
2015-08-14 17:50:25 98520 ----a-w- c:\windows\system32\drivers\241A4120.sys
2015-08-14 17:49:50 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-14 17:49:37 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-14 17:49:37 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-14 17:49:37 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-14 17:49:37 -------- d-----w- c:\programdata\Malwarebytes
2015-08-14 17:49:37 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-08-14 17:44:27 -------- d-----w- c:\users\john\appdata\local\{D71A9C0E-BDD2-4596-900F-B62A95915EB2}
2015-08-12 18:41:30 -------- d-----w- C:\AdwCleaner
2015-08-11 16:13:19 -------- d-----w- C:\Installer_WinsockXPFix
2015-07-27 17:50:09 -------- d-----w- c:\program files\iPod
2015-07-27 17:50:08 -------- d-----w- c:\program files\iTunes
2015-07-22 20:04:34 17318592 ----a-w- c:\program files\common files\microsoft shared\office12\MSO.DLL
2015-07-22 03:57:48 1375896 ----a-w- c:\program files\common files\microsoft shared\office11\msxml5.dll
.
==================== Find3M  ====================
.
2015-07-30 17:57:31 909824 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 17:57:30 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- c:\windows\system32\DWrite.dll
2015-07-30 17:57:12 26624 ----a-w- c:\windows\system32\lpk.dll
2015-07-30 17:57:08 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-07-30 17:57:05 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-07-30 17:57:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-07-30 16:52:25 2384384 ----a-w- c:\windows\system32\win32k.sys
2015-07-30 16:49:55 299520 ----a-w- c:\windows\system32\atmfd.dll
2015-07-28 20:04:44 15808 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-07-28 20:00:18 635904 ----a-w- c:\windows\system32\invagent.dll
2015-07-28 20:00:16 598528 ----a-w- c:\windows\system32\generaltel.dll
2015-07-28 20:00:12 346112 ----a-w- c:\windows\system32\devinv.dll
2015-07-28 20:00:09 952832 ----a-w- c:\windows\system32\appraiser.dll
2015-07-28 20:00:08 60416 ----a-w- c:\windows\system32\acmigration.dll
2015-07-28 20:00:08 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-07-28 19:54:01 934400 ----a-w- c:\windows\system32\aeinv.dll
2015-07-28 16:39:44 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-07-28 16:39:44 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-07-21 17:38:21 96352 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-07-20 17:56:49 93184 ----a-w- c:\windows\system32\wudriver.dll
2015-07-20 17:56:49 2943488 ----a-w- c:\windows\system32\wucltux.dll
2015-07-20 17:56:49 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-07-20 17:56:24 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-07-20 17:56:12 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-07-20 17:56:08 34816 ----a-w- c:\windows\system32\wuapp.exe
2015-07-16 20:06:43 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-07-16 20:06:26 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-07-16 19:51:47 504320 ----a-w- c:\windows\system32\vbscript.dll
2015-07-16 19:51:46 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-07-16 19:50:54 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-07-16 19:50:38 341504 ----a-w- c:\windows\system32\html.iec
2015-07-16 19:49:37 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-07-16 19:39:29 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-07-16 19:39:20 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2015-07-16 19:38:51 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-07-16 19:32:13 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-07-16 19:12:39 4520448 ----a-w- c:\windows\system32\jscript9.dll
2015-07-16 19:12:22 37376 ----a-w- c:\windows\system32\tsgqec.dll
2015-07-16 19:12:21 4922368 ----a-w- c:\windows\system32\mstscax.dll
2015-07-16 19:12:17 269824 ----a-w- c:\windows\system32\aaclient.dll
2015-07-16 19:06:06 2052608 ----a-w- c:\windows\system32\inetcpl.cpl
2015-07-16 19:05:15 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-07-16 18:42:02 1951232 ----a-w- c:\windows\system32\wininet.dll
2015-07-15 17:59:45 3989952 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-07-15 17:59:45 3934656 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-07-15 17:59:44 78784 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-07-15 17:59:44 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-07-15 17:59:44 137664 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-07-15 17:56:24 1308160 ----a-w- c:\windows\system32\ntdll.dll
2015-07-15 17:55:07 172032 ----a-w- c:\windows\system32\wdigest.dll
2015-07-15 17:55:04 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-07-15 17:55:03 15872 ----a-w- c:\windows\system32\sspisrv.dll
2015-07-15 17:55:03 1159168 ----a-w- c:\windows\system32\sysmain.dll
2015-07-15 17:55:03 100352 ----a-w- c:\windows\system32\sspicli.dll
2015-07-15 17:55:02 43008 ----a-w- c:\windows\system32\srclient.dll
2015-07-15 17:55:02 400896 ----a-w- c:\windows\system32\srcore.dll
2015-07-15 17:55:00 248832 ----a-w- c:\windows\system32\schannel.dll
2015-07-15 17:55:00 22016 ----a-w- c:\windows\system32\secur32.dll
2015-07-15 17:54:59 655360 ----a-w- c:\windows\system32\rpcrt4.dll
2015-07-15 17:54:55 221184 ----a-w- c:\windows\system32\ncrypt.dll
2015-07-15 17:54:54 259584 ----a-w- c:\windows\system32\msv1_0.dll
2015-07-15 17:54:53 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-07-15 17:54:50 1061376 ----a-w- c:\windows\system32\lsasrv.dll
2015-07-15 17:54:49 552960 ----a-w- c:\windows\system32\kerberos.dll
2015-07-15 17:54:43 38912 ----a-w- c:\windows\system32\csrsrv.dll
2015-07-15 17:54:43 36864 ----a-w- c:\windows\system32\cryptbase.dll
2015-07-15 17:54:43 17408 ----a-w- c:\windows\system32\credssp.dll
2015-07-15 17:54:24 69632 ----a-w- c:\windows\system32\smss.exe
2015-07-15 17:54:19 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-07-15 17:54:08 22528 ----a-w- c:\windows\system32\lsass.exe
2015-07-15 17:53:53 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-07-15 17:49:10 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-07-15 17:48:14 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-07-15 17:44:18 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-07-15 17:44:16 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-07-15 17:43:40 2560 ----a-w- c:\windows\system32\drivers\en-us\mountmgr.sys.mui
2015-07-15 16:36:44 225792 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-07-15 16:36:23 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-07-15 16:36:23 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2015-07-09 18:44:28 17996976 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2015-07-09 17:42:27 179712 ----a-w- c:\windows\system32\notepad.exe
2015-07-09 17:42:27 179712 ----a-w- c:\windows\notepad.exe
2015-07-04 17:48:36 1414656 ----a-w- c:\windows\system32\ole32.dll
2015-07-01 20:30:43 206848 ----a-w- c:\windows\system32\WebClnt.dll
2015-07-01 20:30:21 82432 ----a-w- c:\windows\system32\davclnt.dll
2015-06-23 20:27:10 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-06-17 17:39:13 305664 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 07:23:50 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2015-06-17 07:23:50 69632 ----a-w- c:\windows\system32\QuickTime.qts
2015-06-15 21:47:30 101824 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:43:35 337408 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:43:35 2364416 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:43:24 1805824 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:43:23 47104 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:42:49 73216 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:37:15 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-09 19:35:10 2745856 ----a-w- c:\windows\system32\rdpcorets.dll
2015-06-09 19:35:10 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-06-01 23:47:09 210432 ----a-w- c:\windows\system32\cewmdm.dll
.
============= FINISH: 11:37:45.99 ===============
Link to post
Share on other sites
N7xlq1

N7xlq1

Posted
  • Author
Posted (edited)

DDS ATTACH.TXT

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 10/29/2009 12:53:33 PM
System Uptime: 8/17/2015 10:27:08 AM (1 hours ago)
.
Motherboard: Intel Corporation |  | DG33BU
Processor: Intel® Core2 Duo CPU     E6750  @ 2.66GHz | J1PR | 2664/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 49.011 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_29C4&SUBSYS_50448086&REV_02\3&18D45AA6&0&18
Manufacturer: 
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_29C4&SUBSYS_50448086&REV_02\3&18D45AA6&0&18
Service: 
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 18 ActiveX
Adobe Flash Player 18 NPAPI
Adobe Reader XI (11.0.12)
Adobe Refresh Manager
AirPort
Apple Application Support (32-bit)
Apple Mobile Device Support
Apple Software Update
Avast Free Antivirus
Battle of Britain II
Bing Rewards Client Installer
Bonjour
Bonjour Print Services
CameraHelperMsi
D3DX10
EPSON Printer Software
EPSON Scan
erLT
Google Chrome
Google Earth
Google Update Helper
iCloud
Internet TV for Windows Media Center
iTunes
Java 8 Update 51
Java Auto Updater
Junk Mail filter update
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 2.1.8.1057
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 4 Runtime
Microsoft Default Manager
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X Service Pack 2
Microsoft Mouse and Keyboard Center
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
MobileMe Control Panel
Mozilla Firefox 39.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
NVIDIA 3D Vision Controller Driver 340.50
NVIDIA 3D Vision Driver 341.44
NVIDIA Control Panel 341.44
NVIDIA GeForce Experience 2.1.1
NVIDIA Graphics Driver 341.44
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.1220
NVIDIA ShadowPlay 15.3.33
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 15.3.33
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.23
OGA Notifier 2.0.0048.0
OpenOffice.org 3.4.1
QuickTime 7
RealUpgrade 1.1
Safari
Secunia PSI (3.0.0.3001)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB3023224)
Security Update for Microsoft .NET Framework 4.5.1 (KB3035490)
Security Update for Microsoft .NET Framework 4.5.1 (KB3037581)
SHIELD Streaming
Skype Click to Call
Skypeâ„¢ 7.0
swMSM
TeamSpeak 3 Client
Thrustmaster Force Feedback Driver
TurboTax 2013
TurboTax 2013 waziper
TurboTax 2013 WinPerFedFormset
TurboTax 2013 WinPerReleaseEngine
TurboTax 2013 WinPerTaxSupport
TurboTax 2013 wrapper
TurboTax 2014
TurboTax 2014 waziper
TurboTax 2014 WinPerFedFormset
TurboTax 2014 WinPerReleaseEngine
TurboTax 2014 WinPerTaxSupport
TurboTax 2014 wrapper
VLC media player
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
World of Tanks
.
==== Event Viewer Messages From Past Week ========
.
8/17/2015 10:31:17 AM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
8/16/2015 10:40:08 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
8/16/2015 10:40:08 AM, Error: Service Control Manager [7000]  - The MBAMScheduler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/15/2015 11:17:17 AM, Error: Service Control Manager [7034]  - The Avast Antivirus service terminated unexpectedly.  It has done this 3 time(s).
8/15/2015 11:17:09 AM, Error: Service Control Manager [7031]  - The Avast Antivirus service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/15/2015 11:16:45 AM, Error: Service Control Manager [7031]  - The Avast Antivirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/15/2015 11:00:16 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Audiosrv service.
8/15/2015 10:59:46 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nvsvc service.
8/14/2015 9:57:33 PM, Error: Service Control Manager [7034]  - The Avast Antivirus service terminated unexpectedly.  It has done this 6 time(s).
8/14/2015 9:56:36 PM, Error: Service Control Manager [7034]  - The Avast Antivirus service terminated unexpectedly.  It has done this 5 time(s).
8/14/2015 9:56:23 PM, Error: Service Control Manager [7034]  - The Avast Antivirus service terminated unexpectedly.  It has done this 4 time(s).
8/14/2015 11:15:46 AM, Error: Service Control Manager [7034]  - The Avast Antivirus service terminated unexpectedly.  It has done this 7 time(s).
8/14/2015 11:09:50 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
8/13/2015 11:25:24 AM, Error: Service Control Manager [7034]  - The Intuit Update Service v4 service terminated unexpectedly.  It has done this 1 time(s).
8/13/2015 11:25:24 AM, Error: Service Control Manager [7031]  - The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/13/2015 11:25:24 AM, Error: Service Control Manager [7031]  - The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/13/2015 11:25:20 AM, Error: Service Control Manager [7034]  - The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
8/13/2015 11:25:20 AM, Error: Service Control Manager [7031]  - The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/13/2015 11:25:19 AM, Error: Service Control Manager [7034]  - The Secunia Update Agent service terminated unexpectedly.  It has done this 1 time(s).
8/13/2015 11:25:19 AM, Error: Service Control Manager [7034]  - The NVIDIA Streamer Service service terminated unexpectedly.  It has done this 1 time(s).
8/13/2015 11:25:19 AM, Error: Service Control Manager [7034]  - The NVIDIA Network Service service terminated unexpectedly.  It has done this 1 time(s).
8/13/2015 11:25:19 AM, Error: Service Control Manager [7034]  - The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).
8/13/2015 11:25:18 AM, Error: Service Control Manager [7034]  - The UMVPFSrv service terminated unexpectedly.  It has done this 1 time(s).
8/13/2015 11:25:18 AM, Error: Service Control Manager [7034]  - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly.  It has done this 1 time(s).
8/13/2015 11:25:18 AM, Error: Service Control Manager [7034]  - The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
8/13/2015 11:25:18 AM, Error: Service Control Manager [7034]  - The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
8/13/2015 11:25:18 AM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/13/2015 11:05:01 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
8/13/2015 10:56:16 AM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
8/13/2015 10:56:16 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/13/2015 10:56:16 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/13/2015 10:56:15 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/13/2015 10:56:09 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/13/2015 10:55:41 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswRvrt aswSnx aswSP aswVmm discache spldr Wanarpv6
8/13/2015 10:54:17 AM, Error: Service Control Manager [7043]  - The Diagnostics Tracking Service service did not shut down properly after receiving a preshutdown control.
8/13/2015 10:53:44 AM, Error: Service Control Manager [7043]  - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
8/12/2015 10:45:03 AM, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.
8/11/2015 9:59:57 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/11/2015 9:59:57 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/11/2015 9:59:08 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD aswNdisFlt aswRdr aswRvrt aswSnx aswSP aswVmm DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
8/11/2015 9:59:08 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/11/2015 9:59:08 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
8/11/2015 9:59:08 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
8/11/2015 9:59:08 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
8/11/2015 9:59:08 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
8/11/2015 9:59:08 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
8/11/2015 9:59:08 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/11/2015 9:59:08 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/11/2015 9:59:08 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
8/11/2015 9:59:08 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
8/11/2015 11:18:33 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NvStreamSvc service.
8/11/2015 10:01:13 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
.
==== End Of File ===========================
Edited by N7xlq1
Link to post
Share on other sites
N7xlq1

N7xlq1

Posted
  • Author
Posted

OTL.TXT

 

OTL Extras logfile created on: 8/18/2015 11:02:43 AM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\John\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17959)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.98 Gb Total Physical Memory | 0.53 Gb Available Physical Memory | 26.64% Memory free
3.96 Gb Paging File | 1.90 Gb Available in Paging File | 47.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 48.37 Gb Free Space | 32.47% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-3492453536-2379498159-1907998561-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AD044D-001E-41A6-9E81-464C9586BF43}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{0871031C-6843-4BDC-9954-0CD584961655}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{0908F6F3-80A2-48BB-AEAD-324734C66A56}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{19CD56F6-1464-40FE-96EA-38CF32ED15E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{19E6890C-00E7-44C4-967D-5ED94CA95259}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe | 
"{1C679719-37C2-4D5C-ABF7-FC1A5AF8FB61}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1E1693E4-517D-4F91-818F-7BF2F39D54B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{23434FC4-6BE2-41FC-9058-AAD0E244EF92}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2B6EF327-7EB4-4A67-8595-AE1842906A95}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2CFC1680-01A7-4BFC-AC2D-43ED6C0ABE57}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3427E8B3-E126-4BE4-99BD-91F85046E858}" = rport=445 | protocol=6 | dir=out | app=system | 
"{36D359DA-99AD-4F90-AA36-AD9E38199F47}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{36E708C7-7C56-4AE2-8DCF-312D48D93B27}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{39C858CA-F3FF-4207-AD81-8FFD3215F1BA}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"{3B6DB91E-6662-417C-97A0-C89F7FA27528}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4318D0BC-4FCB-4229-8213-A90D461A7EF3}" = lport=139 | protocol=6 | dir=in | app=system | 
"{496FE6F0-176B-4790-AC5E-F3F16F6F6562}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4DBC8F1B-9C82-46BB-89AC-B85E883E0AC8}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{71C8D435-C469-41B0-A868-4F40DB2B37D5}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{82956676-BAE0-435E-89C9-41723667C9FA}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{87F7587F-B625-4A3D-951D-D80A71559DAA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8A645775-2208-4C91-9F95-11D06874357B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8D09570D-462F-4128-AE4D-F30911DA8704}" = lport=138 | protocol=17 | dir=in | app=system | 
"{91E3113A-D182-4913-A1B3-9EE719CC22A6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A2684D90-F721-4F9B-AF86-BDD99A5F0590}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{A2944027-3F23-4A45-A96A-69202C78F7C0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B02F733F-D1AA-407B-ADA6-A2A0B32542BF}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{D62F711E-D89B-42CA-ACDF-18CE2658504C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D6904E38-375F-4B7D-B17C-12E406503AC2}" = lport=80 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\netservice\nvnetworkservice.exe | 
"{D82943B8-CB25-4711-A66F-02067D0BD523}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DA612431-C4DF-430E-A0A8-F5B640F96AC5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E4860410-2F56-4B02-88A0-6850A60E12DE}" = lport=443 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\netservice\nvnetworkservice.exe | 
"{EA794AE9-6C75-42F4-9032-D4D1CD2F2337}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{EBB3A2A4-ED15-4A87-8CDE-3F4D1EF08530}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe | 
"{F63D72CA-9281-4B91-8923-2ABCB4B72F7B}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{FC172A30-A99C-4283-A6EB-862A6EE7767E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FDF6DF94-3374-4642-B456-34B434A334F6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A3A2546-9D72-4BBD-B1E5-B8B9B159DFF2}" = dir=in | app=c:\program files\airport\apagent.exe | 
"{1A05860D-793F-4312-B495-674AEDD4CC1C}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | 
"{1D7E4EA5-12CC-444C-A125-37A723566C15}" = protocol=58 | dir=out | [email protected],-28546 | 
"{276B9BC6-E22D-4783-BB0A-B3FE4DE72AF5}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{2A5829C1-4CA2-4A65-8BD1-77D5EB2F5BB6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2C58C062-946F-4C81-A2E5-DB8077365CE5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3008A39E-0CB3-4A87-BE09-FCB49ADAF0AF}" = protocol=1 | dir=in | [email protected],-28543 | 
"{39FB2E9A-20B2-4885-B0FD-B5DFABEE5B4F}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{4321F372-0BC7-46E0-98F2-D5D154F4470E}" = protocol=17 | dir=in | app=c:\program files\lexmark 5400 series\lxctmon.exe | 
"{49751A04-997D-4F2E-98E3-4F37920DE7F6}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{607B652E-FE9A-45B7-888A-EAE7C3ED5477}" = protocol=6 | dir=in | app=c:\program files\lexmark 5400 series\lxctaiox.exe | 
"{89792B6A-DEE4-434D-9EBC-0EEEFBC430AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8BC5B32E-ACD6-4146-9DE8-B4700EBC2546}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{93285386-4090-4008-AFFD-0263F0F53C0D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A32313C8-CEFC-412E-972E-D7D8758154B4}" = protocol=6 | dir=in | app=c:\program files\lexmark 5400 series\lxctmon.exe | 
"{A45B53E7-C84D-440C-AD81-C275C73E8553}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{AAC5D47C-276A-4A03-985C-26FEF74A914A}" = protocol=17 | dir=in | app=c:\program files\lexmark 5400 series\lxctaiox.exe | 
"{AB8068B4-AE9E-474D-AE48-FA0BCAB20319}" = protocol=17 | dir=in | app=c:\windows\system32\lxctcoms.exe | 
"{B9824CA7-EDBF-439B-B5A7-5CE165EEAB07}" = protocol=1 | dir=out | [email protected],-28544 | 
"{BFB3C874-D16D-4FFE-9A1F-05F86506ABBF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C11FB0DD-B83F-4625-9B06-98F66CC2CE55}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C6D9454B-81BE-4820-BBCF-985B829EDB5E}" = protocol=58 | dir=in | [email protected],-28545 | 
"{CA9E81E9-FE90-4922-B6F9-6B12D79B143A}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | 
"{D97541D1-F011-49B6-8D25-218908C18C0B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DB46D4BB-478E-4DEF-A07A-35B1AF0A2DC2}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{E17F4F62-8A33-45FD-B913-DD1C2B85ED28}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{E830059B-6F76-4F34-A14A-3DAC6139318A}" = protocol=6 | dir=in | app=c:\windows\system32\lxctcoms.exe | 
"{F2DECC1A-38AE-49CA-B76D-B20C0FCC2259}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{1DF3F654-A0D8-4E18-91B5-2CFF033674C0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{307EF34D-ED3A-4806-909F-527A3B2A2E3A}C:\users\john\downloads\fshostclient1.3\fshostclient.exe" = protocol=6 | dir=in | app=c:\users\john\downloads\fshostclient1.3\fshostclient.exe | 
"TCP Query User{54450FE4-C09A-4957-99FA-1F4EDB8D2316}C:\program files\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files\airport\aputil.exe | 
"TCP Query User{71B84E02-397F-45EF-9A1E-D1286805874C}C:\program files\jfilemanager\jfilemanager.exe" = protocol=6 | dir=in | app=c:\program files\jfilemanager\jfilemanager.exe | 
"TCP Query User{9CD8DB3D-1CD5-4B14-8D01-DE2EB6A95CAA}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{9D72AA14-7A48-48CF-B40C-424FAB206138}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{AB045401-7F3A-4908-8768-C3ABDF37A5BE}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{D78EF943-DEEE-4F34-8B20-CCC839F64EE8}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{0FC77C6B-AD86-4EB3-8742-48623E11D1D4}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{1DA50265-F2F7-46EF-A87F-A35E6D906F3C}C:\program files\jfilemanager\jfilemanager.exe" = protocol=17 | dir=in | app=c:\program files\jfilemanager\jfilemanager.exe | 
"UDP Query User{512B6E45-B28C-4DA3-AEE3-53669BDDB48F}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{83159B21-DA93-48E7-870C-F8DFC3BA9514}C:\users\john\downloads\fshostclient1.3\fshostclient.exe" = protocol=17 | dir=in | app=c:\users\john\downloads\fshostclient1.3\fshostclient.exe | 
"UDP Query User{B4D426AE-C41E-477A-8857-074E15D2C37C}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{BEEBF8BB-7A29-4123-80F4-A87E2E0C20E2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{D86C5FD9-3D8D-4E98-B005-87CE9EF3C88A}C:\program files\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files\airport\aputil.exe | 
"UDP Query User{E6D065CC-0DA1-4D57-838D-62FC6333B9E0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A7DD94B-B746-4FB0-8688-8598C22793A0}" = TurboTax 2013 WinPerFedFormset
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16F7FDB0-B760-4E31-A759-57157192CBC7}" = TurboTax 2013 waziper
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skypeâ„¢ 7.0
"{26A24AE4-039D-4CA4-87B4-2F83218051F0}" = Java 8 Update 51
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A4EEB5C-3BA6-4299-A87F-783861B567D9}" = TurboTax 2013 WinPerReleaseEngine
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{358C44FD-6943-4CDD-B947-7F7C4ADC8A8F}" = TurboTax 2013 WinPerTaxSupport
"{35EEDA1E-9D45-4580-8554-734F45D48A73}" = TurboTax 2014 WinPerFedFormset
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4847BBB9-EADD-4C92-90BF-4223B0892FF6}" = Microsoft Flight Simulator X Service Pack 2
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}" = Apple Mobile Device Support
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5FB042CB-B08A-481E-B076-DC6D0FEB0595}" = TurboTax 2014 WinPerTaxSupport
"{606EB5EB-AADF-4E21-B715-1CAD291181D6}" = TurboTax 2013 wrapper
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{627FFC10-CE0A-497F-BA2B-208CAC638010}" = QuickTime 7
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CD6E829-3E7D-41B7-AA35-A1F16441C2B7}" = TurboTax 2014 waziper
"{7FE25256-B7C1-480D-B736-10A67A833AEA}" = Apple Application Support (32-bit)
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{817750FA-EC6A-485D-9901-0683AE6FFDF1}" = Google Earth
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9A07AB4F-6B53-43E9-B7FC-7892E8C26BE3}" = iCloud
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D210D79-AEC5-453B-960C-4DD2C73931E1}" = Bonjour Print Services
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DBBE7B8-EE7A-4FD9-9C7F-35E69A4C19D8}" = iTunes
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA68AAAE-41F0-40B5-8896-5947F5FD6889}" = AirPort
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-0804-1033-1959-001824147215}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.12)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 341.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 341.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 341.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 340.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 15.3.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 15.3.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.23
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2283AA1-869C-4497-8F18-09E36C67A014}" = TurboTax 2014 WinPerReleaseEngine
"{F5890CC6-26B7-481E-A90E-ACE938AD294F}" = TurboTax 2014 wrapper
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player ActiveX" = Adobe Flash Player 18 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 18 NPAPI
"Avast" = Avast Free Antivirus
"Battle of Britain II" = Battle of Britain II
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.1.8.1057
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Mozilla Firefox 39.0 (x86 en-US)" = Mozilla Firefox 39.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Secunia PSI" = Secunia PSI (3.0.0.3001)
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"TurboTax 2013" = TurboTax 2013
"TurboTax 2014" = TurboTax 2014
"VLC media player" = VLC media player
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3492453536-2379498159-1907998561-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/13/2015 1:34:11 PM | Computer Name = Alex-PC | Source = SignInAssistant | ID = 0
Description = 
 
Error - 8/14/2015 2:22:31 PM | Computer Name = Alex-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 8/14/2015 2:46:13 PM | Computer Name = Alex-PC | Source = Application Hang | ID = 1002
Description = The program AvastUI.exe version 10.3.2225.1172 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: b04    Start
 Time: 01d0d6b89e8c6dea    Termination Time: 60000    Application Path: C:\Program Files\Alwil
 Software\Avast5\AvastUI.exe    Report Id: 7a000836-42b4-11e5-8aeb-0019d18b394a  
 
Error - 8/14/2015 10:50:48 PM | Computer Name = Alex-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 8/15/2015 2:27:36 PM | Computer Name = Alex-PC | Source = VSS | ID = 8194
Description = 
 
Error - 8/15/2015 2:37:17 PM | Computer Name = Alex-PC | Source = VSS | ID = 8194
Description = 
 
Error - 8/16/2015 1:54:31 PM | Computer Name = Alex-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 8/17/2015 2:22:27 PM | Computer Name = Alex-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 8/17/2015 2:27:16 PM | Computer Name = Alex-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 2.3.55.0, time stamp:
 0x557a2a02  Faulting module name: Qt5Core.dll, version: 5.4.1.0, time stamp: 0x54f1783a
Exception
 code: 0xc0000005  Fault offset: 0x00002fb6  Faulting process id: 0x15c0  Faulting application
 start time: 0x01d0d913bb340799  Faulting application path: C:\Program Files\Malwarebytes
 Anti-Malware\mbam.exe  Faulting module path: C:\Program Files\Malwarebytes Anti-Malware\Qt5Core.dll
Report
 Id: 95d9be4d-450d-11e5-9438-0019d18b394a
 
Error - 8/18/2015 2:14:51 PM | Computer Name = Alex-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ Media Center Events ]
Error - 10/27/2010 7:43:42 PM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = 4:43:38 PM - Error connecting to the internet.  4:43:38 PM -     Unable
 to contact server..  
 
Error - 10/30/2010 2:48:08 AM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = 11:48:08 PM - Error connecting to the internet.  11:48:08 PM -     Unable
 to contact server..  
 
Error - 10/30/2010 2:48:15 AM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = 11:48:13 PM - Error connecting to the internet.  11:48:13 PM -     Unable
 to contact server..  
 
Error - 11/8/2010 4:38:57 PM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = 1:38:57 PM - Error connecting to the internet.  1:38:57 PM -     Unable
 to contact server..  
 
Error - 11/8/2010 4:39:03 PM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = 1:39:02 PM - Error connecting to the internet.  1:39:02 PM -     Unable
 to contact server..  
 
Error - 11/10/2010 12:58:26 PM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = 9:58:23 AM - Error connecting to the internet.  9:58:23 AM -     Unable
 to contact server..  
 
Error - 11/10/2010 2:33:17 PM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = 11:33:17 AM - Error connecting to the internet.  11:33:17 AM -     Unable
 to contact server..  
 
Error - 11/10/2010 4:36:32 PM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = 1:36:32 PM - Error connecting to the internet.  1:36:32 PM -     Unable
 to contact server..  
 
Error - 11/10/2010 4:36:38 PM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = 1:36:37 PM - Error connecting to the internet.  1:36:37 PM -     Unable
 to contact server..  
 
Error - 12/2/2013 12:34:27 AM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = 9:33:13 PM - Failed to retrieve Directory (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)
 
 
[ System Events ]
Error - 8/15/2015 2:16:00 PM | Computer Name = Alex-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:58:54 AM on ?8/?15/?2015 was unexpected.
 
Error - 8/15/2015 2:16:45 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7031
Description = The Avast Antivirus service terminated unexpectedly.  It has done 
this 1 time(s).  The following corrective action will be taken in 5000 milliseconds:
 Restart the service.
 
Error - 8/15/2015 2:17:09 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7031
Description = The Avast Antivirus service terminated unexpectedly.  It has done 
this 2 time(s).  The following corrective action will be taken in 5000 milliseconds:
 Restart the service.
 
Error - 8/15/2015 2:17:17 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7034
Description = The Avast Antivirus service terminated unexpectedly.  It has done 
this 3 time(s).
 
Error - 8/15/2015 2:19:32 PM | Computer Name = Alex-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 8/16/2015 1:40:08 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler
 service to connect.
 
Error - 8/16/2015 1:40:08 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7000
Description = The MBAMScheduler service failed to start due to the following error:
   %%1053
 
Error - 8/17/2015 1:29:23 PM | Computer Name = Alex-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 8/17/2015 1:31:17 PM | Computer Name = Alex-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 8/18/2015 1:37:13 PM | Computer Name = Alex-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition
 1.203.2523.0).
 
 
< End of report >
Link to post
Share on other sites
N7xlq1

N7xlq1

Posted
  • Author
Posted

OTL Extras.txt

 

OTL Extras logfile created on: 8/18/2015 11:02:43 AM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\John\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17959)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.98 Gb Total Physical Memory | 0.53 Gb Available Physical Memory | 26.64% Memory free
3.96 Gb Paging File | 1.90 Gb Available in Paging File | 47.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 48.37 Gb Free Space | 32.47% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-3492453536-2379498159-1907998561-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AD044D-001E-41A6-9E81-464C9586BF43}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{0871031C-6843-4BDC-9954-0CD584961655}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{0908F6F3-80A2-48BB-AEAD-324734C66A56}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{19CD56F6-1464-40FE-96EA-38CF32ED15E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{19E6890C-00E7-44C4-967D-5ED94CA95259}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe | 
"{1C679719-37C2-4D5C-ABF7-FC1A5AF8FB61}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1E1693E4-517D-4F91-818F-7BF2F39D54B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{23434FC4-6BE2-41FC-9058-AAD0E244EF92}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2B6EF327-7EB4-4A67-8595-AE1842906A95}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2CFC1680-01A7-4BFC-AC2D-43ED6C0ABE57}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3427E8B3-E126-4BE4-99BD-91F85046E858}" = rport=445 | protocol=6 | dir=out | app=system | 
"{36D359DA-99AD-4F90-AA36-AD9E38199F47}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{36E708C7-7C56-4AE2-8DCF-312D48D93B27}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{39C858CA-F3FF-4207-AD81-8FFD3215F1BA}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"{3B6DB91E-6662-417C-97A0-C89F7FA27528}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4318D0BC-4FCB-4229-8213-A90D461A7EF3}" = lport=139 | protocol=6 | dir=in | app=system | 
"{496FE6F0-176B-4790-AC5E-F3F16F6F6562}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4DBC8F1B-9C82-46BB-89AC-B85E883E0AC8}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{71C8D435-C469-41B0-A868-4F40DB2B37D5}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{82956676-BAE0-435E-89C9-41723667C9FA}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{87F7587F-B625-4A3D-951D-D80A71559DAA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{8A645775-2208-4C91-9F95-11D06874357B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8D09570D-462F-4128-AE4D-F30911DA8704}" = lport=138 | protocol=17 | dir=in | app=system | 
"{91E3113A-D182-4913-A1B3-9EE719CC22A6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A2684D90-F721-4F9B-AF86-BDD99A5F0590}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{A2944027-3F23-4A45-A96A-69202C78F7C0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B02F733F-D1AA-407B-ADA6-A2A0B32542BF}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{D62F711E-D89B-42CA-ACDF-18CE2658504C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D6904E38-375F-4B7D-B17C-12E406503AC2}" = lport=80 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\netservice\nvnetworkservice.exe | 
"{D82943B8-CB25-4711-A66F-02067D0BD523}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DA612431-C4DF-430E-A0A8-F5B640F96AC5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E4860410-2F56-4B02-88A0-6850A60E12DE}" = lport=443 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\netservice\nvnetworkservice.exe | 
"{EA794AE9-6C75-42F4-9032-D4D1CD2F2337}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{EBB3A2A4-ED15-4A87-8CDE-3F4D1EF08530}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe | 
"{F63D72CA-9281-4B91-8923-2ABCB4B72F7B}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{FC172A30-A99C-4283-A6EB-862A6EE7767E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FDF6DF94-3374-4642-B456-34B434A334F6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A3A2546-9D72-4BBD-B1E5-B8B9B159DFF2}" = dir=in | app=c:\program files\airport\apagent.exe | 
"{1A05860D-793F-4312-B495-674AEDD4CC1C}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | 
"{1D7E4EA5-12CC-444C-A125-37A723566C15}" = protocol=58 | dir=out | [email protected],-28546 | 
"{276B9BC6-E22D-4783-BB0A-B3FE4DE72AF5}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{2A5829C1-4CA2-4A65-8BD1-77D5EB2F5BB6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2C58C062-946F-4C81-A2E5-DB8077365CE5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3008A39E-0CB3-4A87-BE09-FCB49ADAF0AF}" = protocol=1 | dir=in | [email protected],-28543 | 
"{39FB2E9A-20B2-4885-B0FD-B5DFABEE5B4F}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{4321F372-0BC7-46E0-98F2-D5D154F4470E}" = protocol=17 | dir=in | app=c:\program files\lexmark 5400 series\lxctmon.exe | 
"{49751A04-997D-4F2E-98E3-4F37920DE7F6}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{607B652E-FE9A-45B7-888A-EAE7C3ED5477}" = protocol=6 | dir=in | app=c:\program files\lexmark 5400 series\lxctaiox.exe | 
"{89792B6A-DEE4-434D-9EBC-0EEEFBC430AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8BC5B32E-ACD6-4146-9DE8-B4700EBC2546}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{93285386-4090-4008-AFFD-0263F0F53C0D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A32313C8-CEFC-412E-972E-D7D8758154B4}" = protocol=6 | dir=in | app=c:\program files\lexmark 5400 series\lxctmon.exe | 
"{A45B53E7-C84D-440C-AD81-C275C73E8553}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{AAC5D47C-276A-4A03-985C-26FEF74A914A}" = protocol=17 | dir=in | app=c:\program files\lexmark 5400 series\lxctaiox.exe | 
"{AB8068B4-AE9E-474D-AE48-FA0BCAB20319}" = protocol=17 | dir=in | app=c:\windows\system32\lxctcoms.exe | 
"{B9824CA7-EDBF-439B-B5A7-5CE165EEAB07}" = protocol=1 | dir=out | [email protected],-28544 | 
"{BFB3C874-D16D-4FFE-9A1F-05F86506ABBF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C11FB0DD-B83F-4625-9B06-98F66CC2CE55}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C6D9454B-81BE-4820-BBCF-985B829EDB5E}" = protocol=58 | dir=in | [email protected],-28545 | 
"{CA9E81E9-FE90-4922-B6F9-6B12D79B143A}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | 
"{D97541D1-F011-49B6-8D25-218908C18C0B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DB46D4BB-478E-4DEF-A07A-35B1AF0A2DC2}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{E17F4F62-8A33-45FD-B913-DD1C2B85ED28}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{E830059B-6F76-4F34-A14A-3DAC6139318A}" = protocol=6 | dir=in | app=c:\windows\system32\lxctcoms.exe | 
"{F2DECC1A-38AE-49CA-B76D-B20C0FCC2259}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{1DF3F654-A0D8-4E18-91B5-2CFF033674C0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{307EF34D-ED3A-4806-909F-527A3B2A2E3A}C:\users\john\downloads\fshostclient1.3\fshostclient.exe" = protocol=6 | dir=in | app=c:\users\john\downloads\fshostclient1.3\fshostclient.exe | 
"TCP Query User{54450FE4-C09A-4957-99FA-1F4EDB8D2316}C:\program files\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files\airport\aputil.exe | 
"TCP Query User{71B84E02-397F-45EF-9A1E-D1286805874C}C:\program files\jfilemanager\jfilemanager.exe" = protocol=6 | dir=in | app=c:\program files\jfilemanager\jfilemanager.exe | 
"TCP Query User{9CD8DB3D-1CD5-4B14-8D01-DE2EB6A95CAA}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{9D72AA14-7A48-48CF-B40C-424FAB206138}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{AB045401-7F3A-4908-8768-C3ABDF37A5BE}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{D78EF943-DEEE-4F34-8B20-CCC839F64EE8}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{0FC77C6B-AD86-4EB3-8742-48623E11D1D4}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{1DA50265-F2F7-46EF-A87F-A35E6D906F3C}C:\program files\jfilemanager\jfilemanager.exe" = protocol=17 | dir=in | app=c:\program files\jfilemanager\jfilemanager.exe | 
"UDP Query User{512B6E45-B28C-4DA3-AEE3-53669BDDB48F}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{83159B21-DA93-48E7-870C-F8DFC3BA9514}C:\users\john\downloads\fshostclient1.3\fshostclient.exe" = protocol=17 | dir=in | app=c:\users\john\downloads\fshostclient1.3\fshostclient.exe | 
"UDP Query User{B4D426AE-C41E-477A-8857-074E15D2C37C}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{BEEBF8BB-7A29-4123-80F4-A87E2E0C20E2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{D86C5FD9-3D8D-4E98-B005-87CE9EF3C88A}C:\program files\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files\airport\aputil.exe | 
"UDP Query User{E6D065CC-0DA1-4D57-838D-62FC6333B9E0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A7DD94B-B746-4FB0-8688-8598C22793A0}" = TurboTax 2013 WinPerFedFormset
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16F7FDB0-B760-4E31-A759-57157192CBC7}" = TurboTax 2013 waziper
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skypeâ„¢ 7.0
"{26A24AE4-039D-4CA4-87B4-2F83218051F0}" = Java 8 Update 51
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A4EEB5C-3BA6-4299-A87F-783861B567D9}" = TurboTax 2013 WinPerReleaseEngine
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{358C44FD-6943-4CDD-B947-7F7C4ADC8A8F}" = TurboTax 2013 WinPerTaxSupport
"{35EEDA1E-9D45-4580-8554-734F45D48A73}" = TurboTax 2014 WinPerFedFormset
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4847BBB9-EADD-4C92-90BF-4223B0892FF6}" = Microsoft Flight Simulator X Service Pack 2
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}" = Apple Mobile Device Support
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5FB042CB-B08A-481E-B076-DC6D0FEB0595}" = TurboTax 2014 WinPerTaxSupport
"{606EB5EB-AADF-4E21-B715-1CAD291181D6}" = TurboTax 2013 wrapper
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{627FFC10-CE0A-497F-BA2B-208CAC638010}" = QuickTime 7
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CD6E829-3E7D-41B7-AA35-A1F16441C2B7}" = TurboTax 2014 waziper
"{7FE25256-B7C1-480D-B736-10A67A833AEA}" = Apple Application Support (32-bit)
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{817750FA-EC6A-485D-9901-0683AE6FFDF1}" = Google Earth
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9A07AB4F-6B53-43E9-B7FC-7892E8C26BE3}" = iCloud
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D210D79-AEC5-453B-960C-4DD2C73931E1}" = Bonjour Print Services
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DBBE7B8-EE7A-4FD9-9C7F-35E69A4C19D8}" = iTunes
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA68AAAE-41F0-40B5-8896-5947F5FD6889}" = AirPort
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-0804-1033-1959-001824147215}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.12)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 341.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 341.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 341.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 340.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 15.3.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 15.3.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.23
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2283AA1-869C-4497-8F18-09E36C67A014}" = TurboTax 2014 WinPerReleaseEngine
"{F5890CC6-26B7-481E-A90E-ACE938AD294F}" = TurboTax 2014 wrapper
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player ActiveX" = Adobe Flash Player 18 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 18 NPAPI
"Avast" = Avast Free Antivirus
"Battle of Britain II" = Battle of Britain II
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.1.8.1057
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Mozilla Firefox 39.0 (x86 en-US)" = Mozilla Firefox 39.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Secunia PSI" = Secunia PSI (3.0.0.3001)
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"TurboTax 2013" = TurboTax 2013
"TurboTax 2014" = TurboTax 2014
"VLC media player" = VLC media player
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3492453536-2379498159-1907998561-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/13/2015 1:34:11 PM | Computer Name = Alex-PC | Source = SignInAssistant | ID = 0
Description = 
 
Error - 8/14/2015 2:22:31 PM | Computer Name = Alex-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 8/14/2015 2:46:13 PM | Computer Name = Alex-PC | Source = Application Hang | ID = 1002
Description = The program AvastUI.exe version 10.3.2225.1172 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: b04    Start
 Time: 01d0d6b89e8c6dea    Termination Time: 60000    Application Path: C:\Program Files\Alwil
 Software\Avast5\AvastUI.exe    Report Id: 7a000836-42b4-11e5-8aeb-0019d18b394a  
 
Error - 8/14/2015 10:50:48 PM | Computer Name = Alex-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 8/15/2015 2:27:36 PM | Computer Name = Alex-PC | Source = VSS | ID = 8194
Description = 
 
Error - 8/15/2015 2:37:17 PM | Computer Name = Alex-PC | Source = VSS | ID = 8194
Description = 
 
Error - 8/16/2015 1:54:31 PM | Computer Name = Alex-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 8/17/2015 2:22:27 PM | Computer Name = Alex-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 8/17/2015 2:27:16 PM | Computer Name = Alex-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 2.3.55.0, time stamp:
 0x557a2a02  Faulting module name: Qt5Core.dll, version: 5.4.1.0, time stamp: 0x54f1783a
Exception
 code: 0xc0000005  Fault offset: 0x00002fb6  Faulting process id: 0x15c0  Faulting application
 start time: 0x01d0d913bb340799  Faulting application path: C:\Program Files\Malwarebytes
 Anti-Malware\mbam.exe  Faulting module path: C:\Program Files\Malwarebytes Anti-Malware\Qt5Core.dll
Report
 Id: 95d9be4d-450d-11e5-9438-0019d18b394a
 
Error - 8/18/2015 2:14:51 PM | Computer Name = Alex-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ Media Center Events ]
Error - 10/27/2010 7:43:42 PM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = 4:43:38 PM - Error connecting to the internet.  4:43:38 PM -     Unable
 to contact server..  
 
Error - 10/30/2010 2:48:08 AM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = 11:48:08 PM - Error connecting to the internet.  11:48:08 PM -     Unable
 to contact server..  
 
Error - 10/30/2010 2:48:15 AM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = 11:48:13 PM - Error connecting to the internet.  11:48:13 PM -     Unable
 to contact server..  
 
Error - 11/8/2010 4:38:57 PM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = 1:38:57 PM - Error connecting to the internet.  1:38:57 PM -     Unable
 to contact server..  
 
Error - 11/8/2010 4:39:03 PM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = 1:39:02 PM - Error connecting to the internet.  1:39:02 PM -     Unable
 to contact server..  
 
Error - 11/10/2010 12:58:26 PM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = 9:58:23 AM - Error connecting to the internet.  9:58:23 AM -     Unable
 to contact server..  
 
Error - 11/10/2010 2:33:17 PM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = 11:33:17 AM - Error connecting to the internet.  11:33:17 AM -     Unable
 to contact server..  
 
Error - 11/10/2010 4:36:32 PM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = 1:36:32 PM - Error connecting to the internet.  1:36:32 PM -     Unable
 to contact server..  
 
Error - 11/10/2010 4:36:38 PM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = 1:36:37 PM - Error connecting to the internet.  1:36:37 PM -     Unable
 to contact server..  
 
Error - 12/2/2013 12:34:27 AM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0
Description = 9:33:13 PM - Failed to retrieve Directory (Error: The underlying connection
 was closed: Could not establish trust relationship for the SSL/TLS secure channel.)
 
 
[ System Events ]
Error - 8/15/2015 2:16:00 PM | Computer Name = Alex-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:58:54 AM on ?8/?15/?2015 was unexpected.
 
Error - 8/15/2015 2:16:45 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7031
Description = The Avast Antivirus service terminated unexpectedly.  It has done 
this 1 time(s).  The following corrective action will be taken in 5000 milliseconds:
 Restart the service.
 
Error - 8/15/2015 2:17:09 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7031
Description = The Avast Antivirus service terminated unexpectedly.  It has done 
this 2 time(s).  The following corrective action will be taken in 5000 milliseconds:
 Restart the service.
 
Error - 8/15/2015 2:17:17 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7034
Description = The Avast Antivirus service terminated unexpectedly.  It has done 
this 3 time(s).
 
Error - 8/15/2015 2:19:32 PM | Computer Name = Alex-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 8/16/2015 1:40:08 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler
 service to connect.
 
Error - 8/16/2015 1:40:08 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7000
Description = The MBAMScheduler service failed to start due to the following error:
   %%1053
 
Error - 8/17/2015 1:29:23 PM | Computer Name = Alex-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 8/17/2015 1:31:17 PM | Computer Name = Alex-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 8/18/2015 1:37:13 PM | Computer Name = Alex-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition
 1.203.2523.0).
 
 
< End of report >
 
 
Please let me know if I miss a program logs. Have a lot of .txt files on my desktop, not sure if I posted them or not.
Link to post
Share on other sites
N7xlq1

N7xlq1

Posted
  • Author
Posted

SC Checkup.txt

 

 Results of screen317's Security Check version 1.007  

 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (3.0.0.3001)   
 Java 8 Update 51  
 Adobe Flash Player 18.0.0.203  
 Adobe Reader XI  
 Mozilla Firefox (39.0) 
 Google Chrome (44.0.2403.130) 
 Google Chrome (44.0.2403.155) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast ng vbox\aswFe.exe 
 avast software avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites
flashh4

flashh4

Posted
Posted

John, there is 1 OTL log missing that i need !! OTL.txt is the one i need ! Top line will will say OTL logfile created on:

 

Try running Malwarebytes again so we can see if it quarantined those pups it found !!

 

So i need the:

1. OTL txt log

2. Malwarebytes log

 

Chuck

 

 

Malwarebytes ........... i want to make sure it Quarantine's those found !! If it does not work this time delete/remove it & download & run it again. Make sure you place a check mark beside everything it finds then click Quarantine everything !!

Link to post
Share on other sites
N7xlq1

N7xlq1

Posted
  • Author
Posted

OLT.TXT Sorry, I had the file I just forgot it.

 

OTL logfile created on: 8/18/2015 11:02:43 AM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\John\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17959)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.98 Gb Total Physical Memory | 0.53 Gb Available Physical Memory | 26.64% Memory free
3.96 Gb Paging File | 1.90 Gb Available in Paging File | 47.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 48.37 Gb Free Space | 32.47% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/08/16 11:24:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.scr
PRC - [2015/08/15 11:42:50 | 006,109,776 | ---- | M] (AVAST Software) -- C:\Program Files\avast software\avast\AvastUI.exe
PRC - [2015/08/15 11:42:44 | 000,146,600 | ---- | M] (AVAST Software) -- C:\Program Files\avast software\avast\AvastSvc.exe
PRC - [2015/08/15 11:42:35 | 001,204,952 | ---- | M] (AVAST Software) -- C:\Program Files\avast software\avast\ng\vbox\aswFe.exe
PRC - [2015/08/15 11:41:43 | 003,218,624 | ---- | M] (Avast Software) -- C:\Program Files\avast software\avast\ng\vbox\AvastVBoxSVC.exe
PRC - [2015/08/07 17:13:30 | 000,813,896 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2015/07/28 13:04:44 | 000,015,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CompatTelRunner.exe
PRC - [2015/07/16 10:50:46 | 000,245,576 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.28.1\GoogleCrashHandler.exe
PRC - [2015/07/07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/07/04 10:47:39 | 000,438,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\GWX\GWX.exe
PRC - [2015/06/18 08:39:50 | 001,133,880 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2015/06/18 08:39:46 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2015/06/18 08:39:34 | 006,554,424 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2015/05/15 16:26:48 | 000,060,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2015/05/08 20:12:59 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2015/05/01 11:17:04 | 001,772,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2015/05/01 11:16:10 | 001,394,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2015/04/26 14:02:56 | 000,851,752 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\AppleChromeDAV.exe
PRC - [2015/04/26 14:02:14 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2015/04/26 14:02:04 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
PRC - [2015/04/26 14:02:04 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2015/04/26 14:01:50 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
PRC - [2015/02/03 19:06:25 | 000,938,184 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2015/02/03 19:06:19 | 001,818,952 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2015/02/03 16:57:21 | 000,409,800 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/09/18 18:16:34 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2014/07/25 06:51:18 | 002,403,104 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/07/25 06:51:13 | 001,720,608 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/07/25 06:51:12 | 017,536,800 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/07/25 01:46:42 | 000,681,056 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2012/01/17 23:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 05:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2009/11/11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPort\APAgent.exe
PRC - [2007/01/23 05:00:00 | 000,177,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIAFA.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/08/15 11:42:50 | 040,540,672 | ---- | M] () -- C:\Program Files\avast software\avast\libcef.dll
MOD - [2015/08/15 11:42:47 | 000,102,864 | ---- | M] () -- C:\Program Files\avast software\avast\log.dll
MOD - [2015/08/15 11:42:45 | 000,123,976 | ---- | M] () -- C:\Program Files\avast software\avast\JsonRpcServer.dll
MOD - [2015/08/07 17:13:27 | 001,405,768 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\44.0.2403.155\libglesv2.dll
MOD - [2015/08/07 17:13:26 | 000,081,224 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\44.0.2403.155\libegl.dll
MOD - [2015/05/15 16:27:04 | 001,044,776 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/11 14:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 12:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 12:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 12:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 12:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 12:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2015/08/15 11:42:44 | 000,146,600 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\avast software\avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2015/08/15 11:41:43 | 003,218,624 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\avast software\avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV - [2015/07/28 09:39:46 | 000,268,976 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/07/16 12:39:29 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2015/07/07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/07/05 11:27:50 | 000,148,136 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/06/18 08:39:50 | 001,133,880 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/06/18 08:39:46 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2015/05/25 11:01:45 | 000,853,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
SRV - [2015/05/01 11:17:04 | 001,772,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2015/05/01 11:16:10 | 001,394,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2015/02/03 16:57:21 | 000,409,800 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014/12/11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/09/18 18:16:34 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2014/07/25 06:51:13 | 001,720,608 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/07/25 06:51:12 | 017,536,800 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/25 01:46:44 | 001,326,176 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/07/25 01:46:42 | 000,681,056 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/01/17 23:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/02/25 00:15:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wg111v2.sys -- (RTL8187)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - [2015/08/18 10:47:50 | 000,098,520 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2015/08/15 11:42:52 | 000,433,264 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2015/08/15 11:42:52 | 000,208,664 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2015/08/15 11:42:52 | 000,113,592 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
DRV - [2015/08/15 11:42:52 | 000,076,000 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2015/08/15 11:42:52 | 000,049,776 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2015/08/15 11:42:51 | 000,081,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2015/08/15 11:42:51 | 000,024,016 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2015/08/15 11:42:35 | 000,788,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2015/08/15 11:42:35 | 000,095,112 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ngvss.sys -- (ngvss)
DRV - [2015/08/15 11:41:43 | 000,220,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\avast software\avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV - [2015/06/18 08:41:54 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2015/06/18 08:41:36 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2015/02/03 20:35:16 | 010,702,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2014/07/25 06:51:12 | 000,019,232 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV - [2014/03/31 09:42:44 | 000,034,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvvad32v.sys -- (nvvad_WaveExtensible)
DRV - [2012/08/23 07:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 07:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/01/17 23:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/17 23:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/09/01 01:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/07/13 15:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/01/19 03:20:54 | 000,021,728 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SCMNdisP.sys -- (SCMNdisP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3492453536-2379498159-1907998561-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3492453536-2379498159-1907998561-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3492453536-2379498159-1907998561-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A F4 13 DB E4 2B CE 01  [binary data]
IE - HKU\S-1-5-21-3492453536-2379498159-1907998561-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3492453536-2379498159-1907998561-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3492453536-2379498159-1907998561-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultenginename.US: "Google"
FF - prefs.js..browser.search.hiddenOneOffs: "Yahoo,Bing,Amazon.com,DuckDuckGo,eBay,Twitter,Wikipedia (en)"
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "http://zyngagames.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:39.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_203.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.51.2: C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.51.2: C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/19 23:43:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/08/15 11:42:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 39.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 39.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/06/28 21:09:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2015/04/04 12:09:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\d351k029.default-1424026281612\extensions
[2015/07/05 11:26:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015/07/05 11:28:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah\1.4.20_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccchfllceggkmiafgofdpipdpoffmop\1.0_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
 
O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\avast software\avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvBackend] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Nvtmru] "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" File not found
O4 - HKLM..\Run: [shadowPlay] C:\Windows\System32\nvspcap.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-3492453536-2379498159-1907998561-1004..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3492453536-2379498159-1907998561-1004..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe File not found
O4 - HKU\S-1-5-21-3492453536-2379498159-1907998561-1004..\Run: [EPSON Stylus CX7800 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3492453536-2379498159-1907998561-1004..\Run: [iCloudDrive] C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3492453536-2379498159-1907998561-1004..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3492453536-2379498159-1907998561-1004..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab(Java Plug-in 11.51.2)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab(Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab(Java Plug-in 11.51.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab(Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C8D3213-A75A-40D3-BBCB-A7F8B672DD45}: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9C9B606-1D83-44B0-A90E-16A1AE1BA2F6}: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/08/18 10:48:07 | 000,000,000 | ---D | C] -- C:\FRST
[2015/08/18 10:38:41 | 001,677,312 | ---- | C] (Farbar) -- C:\Users\John\Desktop\FRST.exe
[2015/08/18 10:34:00 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{617FACEC-3271-4D81-860C-F84A3F7DE0A7}
[2015/08/17 10:42:47 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{9C7DC106-5298-4F77-866C-31CD7EA938D4}
[2015/08/16 11:24:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.scr
[2015/08/16 11:23:32 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\John\Desktop\dds.scr
[2015/08/16 11:10:18 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{510759CA-23EA-4A51-9CE1-4BFA92BF66B0}
[2015/08/15 11:45:50 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\AVAST Software
[2015/08/15 11:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2015/08/15 11:43:12 | 000,113,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
[2015/08/15 11:43:11 | 000,208,664 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswVmm.sys
[2015/08/15 11:43:10 | 000,433,264 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2015/08/15 11:43:09 | 000,076,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2015/08/15 11:43:09 | 000,049,776 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRvrt.sys
[2015/08/15 11:43:07 | 000,081,728 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2015/08/15 11:43:07 | 000,024,016 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswHwid.sys
[2015/08/15 11:43:02 | 000,788,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2015/08/15 11:43:01 | 000,095,112 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\ngvss.sys
[2015/08/15 11:42:57 | 000,313,472 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2015/08/15 11:42:49 | 000,043,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2015/08/15 11:22:48 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{DC109936-A5B9-4277-B9BF-448EB0AFB17C}
[2015/08/14 20:00:59 | 000,952,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll
[2015/08/14 20:00:59 | 000,934,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2015/08/14 20:00:59 | 000,635,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\invagent.dll
[2015/08/14 20:00:59 | 000,598,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll
[2015/08/14 20:00:59 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devinv.dll
[2015/08/14 20:00:59 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\acmigration.dll
[2015/08/14 20:00:58 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2015/08/14 20:00:58 | 000,015,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CompatTelRunner.exe
[2015/08/14 20:00:55 | 001,251,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2015/08/14 20:00:55 | 000,299,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2015/08/14 20:00:54 | 002,384,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2015/08/14 20:00:53 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2015/08/14 20:00:53 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2015/08/14 20:00:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2015/08/14 20:00:53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2015/08/14 20:00:49 | 002,943,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2015/08/14 20:00:48 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2015/08/14 20:00:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2015/08/14 20:00:48 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2015/08/14 20:00:48 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSetupUI.dll
[2015/08/14 20:00:48 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2015/08/14 20:00:48 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2015/08/14 20:00:48 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2015/08/14 20:00:48 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wu.upgrade.ps.dll
[2015/08/14 20:00:38 | 000,269,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2015/08/14 20:00:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2015/08/14 20:00:32 | 003,934,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2015/08/14 20:00:31 | 003,989,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2015/08/14 20:00:30 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2015/08/14 20:00:29 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2015/08/14 20:00:29 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2015/08/14 20:00:29 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\auditpol.exe
[2015/08/14 20:00:29 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2015/08/14 20:00:28 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2015/08/14 20:00:28 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmmsp.dll
[2015/08/14 20:00:27 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2015/08/14 20:00:27 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2015/08/14 20:00:27 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msobjs.dll
[2015/08/14 20:00:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apisetschema.dll
[2015/08/14 19:59:29 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2015/08/14 19:59:29 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2015/08/14 19:59:29 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2015/08/14 19:59:28 | 000,685,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2015/08/14 19:59:28 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2015/08/14 19:59:28 | 000,342,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2015/08/14 19:59:28 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2015/08/14 19:59:28 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2015/08/14 19:59:28 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2015/08/14 19:59:27 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2015/08/14 19:59:27 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2015/08/14 19:59:27 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2015/08/14 19:59:27 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2015/08/14 19:59:27 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2015/08/14 19:59:26 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2015/08/14 19:59:26 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2015/08/14 19:59:26 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2015/08/14 19:59:25 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2015/08/14 19:59:24 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2015/08/14 19:59:24 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2015/08/14 19:59:23 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2015/08/14 19:59:22 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2015/08/14 19:59:22 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2015/08/14 19:59:21 | 004,520,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2015/08/14 19:39:36 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basesrv.dll
[2015/08/14 19:38:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2015/08/14 19:38:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2015/08/14 11:51:48 | 000,103,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2015/08/14 10:50:25 | 000,098,520 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\241A4120.sys
[2015/08/14 10:49:50 | 000,098,520 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015/08/14 10:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/08/14 10:49:37 | 000,094,936 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015/08/14 10:49:37 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2015/08/14 10:49:37 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2015/08/14 10:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2015/08/14 10:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/08/14 10:44:27 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{D71A9C0E-BDD2-4596-900F-B62A95915EB2}
[2015/08/13 11:15:09 | 001,791,580 | ---- | C] (Malwarebytes Corporation) -- C:\Users\John\Desktop\JRT.exe
[2015/08/12 11:41:30 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/08/11 09:13:19 | 000,000,000 | ---D | C] -- C:\Installer_WinsockXPFix
[2015/08/01 11:00:16 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
[2015/08/01 11:00:07 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015/07/27 10:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2015/07/27 10:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2015/07/27 10:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2015/07/21 10:39:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/08/18 10:56:12 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/08/18 10:56:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/08/18 10:47:50 | 000,098,520 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015/08/18 10:38:42 | 001,677,312 | ---- | M] (Farbar) -- C:\Users\John\Desktop\FRST.exe
[2015/08/18 10:36:15 | 000,023,392 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/08/18 10:36:14 | 000,023,392 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/08/18 10:20:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3492453536-2379498159-1907998561-1003UA.job
[2015/08/18 10:14:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/08/18 10:14:54 | 1596,264,448 | -HS- | M] () -- C:\hiberfil.sys
[2015/08/17 11:20:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3492453536-2379498159-1907998561-1003Core.job
[2015/08/16 11:24:46 | 000,852,694 | ---- | M] () -- C:\Users\John\Desktop\SecurityCheck.exe
[2015/08/16 11:24:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.scr
[2015/08/16 11:23:43 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\John\Desktop\dds.scr
[2015/08/15 11:43:57 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/08/15 11:42:52 | 000,433,264 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2015/08/15 11:42:52 | 000,208,664 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswVmm.sys
[2015/08/15 11:42:52 | 000,113,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
[2015/08/15 11:42:52 | 000,076,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2015/08/15 11:42:52 | 000,049,776 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRvrt.sys
[2015/08/15 11:42:51 | 000,081,728 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2015/08/15 11:42:51 | 000,024,016 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswHwid.sys
[2015/08/15 11:42:49 | 000,313,472 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2015/08/15 11:42:49 | 000,043,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2015/08/15 11:42:35 | 000,788,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2015/08/15 11:42:35 | 000,095,112 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\ngvss.sys
[2015/08/15 10:22:50 | 000,307,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2015/08/14 20:26:54 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/08/14 10:50:25 | 000,098,520 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\241A4120.sys
[2015/08/14 10:49:40 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/08/13 11:15:11 | 001,791,580 | ---- | M] (Malwarebytes Corporation) -- C:\Users\John\Desktop\JRT.exe
[2015/08/12 11:38:45 | 002,248,704 | ---- | M] () -- C:\Users\John\Desktop\adwcleaner_4.208.exe
[2015/08/01 11:00:07 | 000,002,209 | ---- | M] () -- C:\Users\John\Desktop\Chrome App Launcher.lnk
[2015/07/30 10:57:30 | 001,987,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2015/07/30 10:57:30 | 001,251,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2015/07/30 10:57:08 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2015/07/30 10:57:05 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2015/07/30 10:57:02 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2015/07/30 10:39:17 | 000,819,915 | ---- | M] () -- C:\Users\John\Documents\15-16_13game.pdf
[2015/07/30 09:52:25 | 002,384,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2015/07/30 09:49:55 | 000,299,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2015/07/30 06:13:38 | 000,103,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2015/07/28 13:04:44 | 000,015,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CompatTelRunner.exe
[2015/07/28 13:00:18 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\invagent.dll
[2015/07/28 13:00:16 | 000,598,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll
[2015/07/28 13:00:12 | 000,346,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devinv.dll
[2015/07/28 13:00:09 | 000,952,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appraiser.dll
[2015/07/28 13:00:08 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2015/07/28 13:00:08 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\acmigration.dll
[2015/07/28 12:54:01 | 000,934,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2015/07/28 09:39:44 | 000,778,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2015/07/28 09:39:44 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2015/07/27 10:51:20 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2015/07/21 10:38:21 | 000,096,352 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2015/07/20 17:12:30 | 000,342,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2015/07/20 10:56:49 | 002,943,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2015/07/20 10:56:49 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2015/07/20 10:56:49 | 000,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2015/07/20 10:56:49 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2015/07/20 10:56:49 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2015/07/20 10:56:48 | 000,566,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2015/07/20 10:56:24 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinSetupUI.dll
[2015/07/20 10:56:12 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wu.upgrade.ps.dll
[2015/07/20 10:56:08 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/08/16 11:24:43 | 000,852,694 | ---- | C] () -- C:\Users\John\Desktop\SecurityCheck.exe
[2015/08/15 11:43:57 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/08/14 10:49:40 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/08/12 11:38:44 | 002,248,704 | ---- | C] () -- C:\Users\John\Desktop\adwcleaner_4.208.exe
[2015/08/01 11:00:07 | 000,002,209 | ---- | C] () -- C:\Users\John\Desktop\Chrome App Launcher.lnk
[2015/07/30 10:39:08 | 000,819,915 | ---- | C] () -- C:\Users\John\Documents\15-16_13game.pdf
[2014/07/29 10:47:11 | 004,229,086 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2013/04/27 10:52:42 | 000,000,080 | ---- | C] () -- C:\Users\John\AppData\Local\X-Plane Installer.prf
[2012/08/13 10:57:00 | 000,012,927 | ---- | C] () -- C:\Program Files\readme.html
[2012/05/08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link
[2012/03/25 10:50:22 | 000,001,053 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2009/10/29 13:40:59 | 006,251,583 | ---- | C] () -- C:\Program Files\wg111v2_3_4_0.zip
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/07/10 10:34:07 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009/11/12 19:15:10 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\5400 Series
[2010/01/30 21:35:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\AddThis
[2015/08/16 10:41:52 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\AVAST Software
[2010/03/06 15:02:00 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Blitware
[2010/01/30 21:35:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Internet Explorer
[2010/02/25 20:17:46 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org
[2015/08/15 11:45:50 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVAST Software
[2013/02/08 10:59:13 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\EPSON
[2011/12/18 21:12:12 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech
[2011/12/19 10:38:10 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\OpenOffice.org
[2013/10/20 11:02:04 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Oracle
[2013/07/02 10:41:00 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TS3Client
[2013/10/14 21:43:12 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Wargaming.net
[2011/12/22 10:22:08 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
< End of report >
Link to post
Share on other sites
N7xlq1

N7xlq1

Posted
  • Author
Posted

John, there is 1 OTL log missing that i need !! OTL.txt is the one i need ! Top line will will say OTL logfile created on:

 

Try running Malwarebytes again so we can see if it quarantined those pups it found !!

 

So i need the:

1. OTL txt log

2. Malwarebytes log

 

Chuck

 

 

Malwarebytes ........... i want to make sure it Quarantine's those found !! If it does not work this time delete/remove it & download & run it again. Make sure you place a check mark beside everything it finds then click Quarantine everything !!

 

 

So, you still want MB file eh, after I reposted the OTL.TXT ?

Link to post
Share on other sites
flashh4

flashh4

Posted
Posted

John, yes we still need the MBAM (malwarebytes) log !

 

So after posting it (not before) we need to do a OTL fix !!

 

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the customFix.png.  text box of the OTL tool/program ! Start with and include the colon plus  :OTL

:OTLIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRCIE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRCIE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-3492453536-2379498159-1907998561-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-3492453536-2379498159-1907998561-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRCFF - user.js - File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found[2013/06/28 21:09:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions[2015/04/04 12:09:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\d351k029.default-1424026281612\extensions[2015/07/05 11:26:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensionsCHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah\1.4.20_0\CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.5_0\CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccchfllceggkmiafgofdpipdpoffmop\1.0_0\CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\CHR - Extension: No name found = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\O4 - HKLM..\Run: [Nvtmru] "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" File not foundO4 - HKU\S-1-5-21-3492453536-2379498159-1907998561-1004..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe File not foundO4 - HKU\S-1-5-21-3492453536-2379498159-1907998561-1004..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not foundO4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk =  File not foundO13 - gopher Prefix: missingO21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.


Post that OTL fix log when done !!

 

Thanks

Chuck

Link to post
Share on other sites
N7xlq1

N7xlq1

Posted
  • Author
Posted

John Try running MBAM in safe mode !!

 

 

Chuck

 

It looks like I have to re-run MB again, to get it the Q part done.  Unless I can find

a log file of the previous run.. It was complete too. it showed 132 things that was wrong.

and I'm sure you don't want me to post the other log before MB right?

Link to post
Share on other sites
N7xlq1

N7xlq1

Posted
  • Author
Posted

MB stopped working in Safe mode,when I hit "remove Selected" But I exported the log again.. Is this what you

wanted?

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/21/2015
Scan Time: 10:48 AM
Logfile: Malwarebytes2.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.08.21.08
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: John
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 426880
Time Elapsed: 27 min, 10 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 5
PUP.Optional.InboxToolBar.A, HKU\S-1-5-21-3492453536-2379498159-1907998561-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, , [acd0f615632861d539e9920936cc47b9], 
PUP.Optional.InboxToolBar.A, HKU\S-1-5-21-3492453536-2379498159-1907998561-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, , [acd0f615632861d539e9920936cc47b9], 
PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\ONESOFTPERDAY, , [3c40967598f3241234b6221fa3608d73], 
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [ee8e30dbaedd0531d649b1fbde2631cf], 
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-21-3492453536-2379498159-1907998561-1000\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [d9a3e5261873c67076a9f4b8a95b27d9], 
 
Registry Values: 4
PUP.Optional.InboxToolBar.A, HKU\S-1-5-21-3492453536-2379498159-1907998561-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, , [acd0f615632861d539e9920936cc47b9], 
PUP.Optional.InboxToolBar.A, HKU\S-1-5-21-3492453536-2379498159-1907998561-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, , [c0bc34d7eaa164d22bf79a3943bf629e], 
PUP.Optional.InboxToolBar.A, HKU\S-1-5-21-3492453536-2379498159-1907998561-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, exéבäAÅ“Ã%« WLè, , [c0bc34d7eaa164d22bf79a3943bf629e]
PUP.Optional.InboxToolBar.A, HKU\S-1-5-21-3492453536-2379498159-1907998561-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, , [07752edd315a2b0b77abfba039c93ac6], 
 
Registry Data: 2
Hijack.StartPage, HKU\S-1-5-21-3492453536-2379498159-1907998561-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language, Good: (www.google.com), Bad: (http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language),,[e597fb10b0db7abce6a695c10ff632ce]
Hijack.SearchBar, HKU\S-1-5-21-3492453536-2379498159-1907998561-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language, Good: (www.google.com/), Bad: (http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language),,[e69639d24e3de155f698c492d62f639d]
 
Folders: 16
Rogue.Multiple, C:\ProgramData\2308189059, , [2b51c04b513a7db91335865234ce10f0], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\EmailNotifier, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\ExternalComponent, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\Logs, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\RadioPlayer, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\RadioPlayer\Skins, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\Repository, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\ToolbarLogin, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\ToolbarSettings, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_en-us, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_en-us\ToolbarTranslation, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\SearchInNewTab, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\UserDefinedItems, , [661662a9fd8e87afe897609b30d2d927], 
 
Files: 267
PUP.Optional.DownloadAdmin.C, C:\Users\Alex\Downloads\openoffice-suite.aptupgwbas01.78.exe, , [7b01d338d2b9fb3b9e9cd4b750b5946c], 
PUP.Optional.InstallCore, C:\Users\John\Downloads\FileOpenerSetup.exe, , [5f1dfb10dead181ec605839dba4b9c64], 
PUP.Optional.DomaIQ, C:\Users\John\Downloads\Setup.exe, , [d7a5a4674b400e28af53320cd32d54ac], 
PUP.Optional.SnapDo.A, C:\Users\John\AppData\Local\Temp241\15034.msi, , [b9c30dfe84074cea841bd951b64bef11], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSIB4E6.tmp, , [bebecd3e5b307cbac18769c69967d52b], 
PUP.Optional.SnapDo.A, C:\Windows\Installer\1e1ab9.msi, , [c3b9d635206b44f27629b575956c1ce4], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSIB4E6.tmp-\Smartbar.Installer.CustomActions.dll, , [c7b544c71a7164d2a3a546e9738d48b8], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\ThirdPartyComponents.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_634223263838350000_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_PopUpBlocker-03_gif-Shiny-634223929360968750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankimages_commandcomps_block_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_SearchEngines_site_search_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654717003737500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734242800000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734629831250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735080143750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735423893750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642233431250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642273587500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642308275000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642347650000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642391868750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642426400000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642461087500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642507025000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642588275000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642638587500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642673743750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642707181250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642737650000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642769212500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642807650000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642838431250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642916400000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642967493750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643010775000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643052806250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643105150000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643143900000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643184212500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643245462500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643283275000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643319056250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643356868750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643436087500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643468587500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643505775000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643543431250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643598275000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643637650000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643682493750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643718587500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643754681250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_45_203_CT2038145_Images_633628017266675000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633637554254375000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633637555161093750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633637556125468750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633637557088906250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654716861862500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654716928737500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643839993750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633936819456468750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_634223252648000000_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_634223252976750000_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_634223253362843750_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_634223254379406250_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_634223255083468750_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_configure_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_games_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_mail_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_news_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_notepad_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_timer_alarm_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_tools_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738499675000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738555300000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738609987500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655641918900000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642019837500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642057650000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642098587500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642135462500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737988425000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738030300000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738178112500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738224675000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738258425000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738311393750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738350925000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737647487500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737682800000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737718737500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737755456250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737804987500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737880612500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737917018750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737065612500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737144050000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737428268750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737462018750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737494675000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737531706250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737572331250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654717076393750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654717188112500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654733928425000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654733969518750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734005143750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734064206250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734099518750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734144831250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734198268750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736728737500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736765456250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736832018750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736867487500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736904987500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736937643750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736969518750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642551400000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642876556250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643398431250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643795931250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_634223262649250000_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_Error_GIF.GIF, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_pause_dn_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_slider_dn_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_about_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736374831250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736409675000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736449675000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736489675000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736543268750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736592018750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736642175000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736078737500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736116706250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736145768750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736175300000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736222643750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736253112500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736296237500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735772956250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735806393750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735840300000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735883268750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735924518750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735957800000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735999987500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735467331250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735526550000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735566081250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735597643750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735635300000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735672487500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735702018750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735121862500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735153112500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735187487500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735227018750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735260300000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735296393750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735342175000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735383893750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734684050000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734761862500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734850768750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734920300000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734953737500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734993425000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735038893750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736038893750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736337331250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736686862500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737014050000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737605925000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737956550000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738403581250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735734362500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642176400000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___Storage_conduit_com_BankImages_ConduitEngine_ContextMenu_Upgrade_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_chevron_menu_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_chevron_play_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_chevron_stop_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_display_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_Equalizer_GIF.GIF, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734306862500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734346081250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734383425000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734427175000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734476706250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734525300000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734567800000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_pause_dn_mini_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_pause_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_pause_mini_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_pause_over_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_pause_over_mini_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_play_dn_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_play_dn_mini_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_play_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_play_mini_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_play_over_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_play_over_mini_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_slider_bg_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_slider_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_slider_over_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_stop_dn_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_stop_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_stop_over_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_vol_dn_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_vol_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_vol_over_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_silkset_control_play_blue_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_idel_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_Loading_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_maxi_dn_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_maxi_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_maxi_over_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_minimize_dn_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_minimize_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_minimize_over_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\EmailNotifier\AccountTypes.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\EmailNotifier\aol.com.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\EmailNotifier\comcast.net.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\EmailNotifier\google.com.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\EmailNotifier\hotmail.com.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\EmailNotifier\yahoo.com.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en-us.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en-us.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en-us.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en-us.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\RadioPlayer\IP_Stations_Media_List.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\RadioPlayer\Predefined_Media_List.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\RadioPlayer\Skins\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_display_xml.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\ToolbarLogin\data.txt, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\ToolbarSettings\data.txt, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_en-us\ToolbarTranslation\data.txt, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\SearchInNewTab\SearchInNewTabContent.xml, , [661662a9fd8e87afe897609b30d2d927], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Not sure what you want me to do now? OLT fix?
Link to post
Share on other sites
flashh4

flashh4

Posted
Posted

John, did you place a check by each one in your log above, then click "Remove Selected" ????

 

Look at your log:

 

PUP.Optional.InboxToolBar.A, HKU\S-1-5-21-3492453536-2379498159-1907998561-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, , [acd0f615632861d539e9920936cc47b9], 
PUP.Optional.InboxToolBar.A, HKU\S-1-5-21-3492453536-2379498159-1907998561-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, , [acd0f615632861d539e9920936cc47b9], 
PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\ONESOFTPERDAY, , [3c40967598f3241234b6221fa3608d73], 
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [ee8e30dbaedd0531d649b1fbde2631cf], 
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-21-3492453536-2379498159-1907998561-1000\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [d9a3e5261873c67076a9f4b8a95b27d9],

 

This is from a log i selected that was infected:

 

PUP.Optional.Mindspark.A, C:\Program Files (x86)\5zres.dll, Quarantined, [50b8f39de0aa49edd3071b3380866997], 
PUP.Optional.Mindspark.A, C:\Program Files (x86)\5zUninstall CouponXplorer.dll, Quarantined, [d038fe922b5fe1557f5bbd91d630e51b], 
PUP.Optional.Mindspark.A, C:\Users\HazelJanice\Downloads\Guffins.exe, Quarantined, [e820266a63270135e9f17bd380861ee2], 
PUP.Optional.MindSpark.A, C:\Users\HazelJanice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mytransitguide.dl.myway.com_0.localstorage, Quarantined, [23e56a26098176c0a011f272cc39fb05], 
PUP.Optional.MindSpark.A, C:\Users\HazelJanice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mytransitguide.dl.myway.com_0.localstorage-journal, Quarantined, [47c1a2ee3d4db482c0f184e092738878],
 
 
See the difference ....... Quarantined in the other one but not in yours.
 
So you must not of did this part where you MUST place a check mark in EVERY box to have them Quarantined/removed then click the Remove Selected !!!!!!!!
 
Capture%20Malwarebytes.jpg
 
 
Try again because we MUST get rid of those !!!!!!
 
Chuck
Link to post
Share on other sites
N7xlq1

N7xlq1

Posted
  • Author
Posted (edited)

Chuck,

I couldn't QUARANTINE (with the items checked) the log, cause I got "Not Responding" message at the top, then got the MS looking

for solution box, then it quit.

What am I SUPPOSE to do. I'm following your instructions the T.

I'll try again later.

Edited by N7xlq1
Link to post
Share on other sites
flashh4

flashh4

Posted
Posted

John, did try deleting/removing MBAM and re-downloading it to see that helps !!

 

Ok 2 things to try"

 

1. Download & run Kill Box >>> http://www.majorgeeks.com/files/details/pocket_killbox.html

Pocket KillBox Read more at: http://tr.im/SLkrj
Pocket KillBox Read more at: http://tr.im/SLkrj

 

 

 

2. Windows 7 ----------- download > save file > right click the download of Malwarebytes, open Containing Folder  >  find mbam- setup, right click & choose rename, give it a name like "my setup" ! Close then run "my setup"
 

Try the Kill Box first Then run a scan with MBAM newely installed !!!

 

Chuck

Link to post
Share on other sites
N7xlq1

N7xlq1

Posted
  • Author
Posted (edited)

So it can stop processes and end tasks so you can run MBAM if something is causing it to stall on you !!

 

Alright I've almost have had it with MB, no mater what mode I run it stops working.

 

A few things I must tell you under HISTORY/QUARANTINE/APPLICATION LOGS

 

There were a lot of logs under each of them, which deleted, but I before I did, I was able to copy a log and here it is:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/21/2015
Scan Time: 10:48 AM
Logfile: Malwarebytes2.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.08.21.08
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: John
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 426880
Time Elapsed: 27 min, 10 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 5
PUP.Optional.InboxToolBar.A, HKU\S-1-5-21-3492453536-2379498159-1907998561-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, , [acd0f615632861d539e9920936cc47b9], 
PUP.Optional.InboxToolBar.A, HKU\S-1-5-21-3492453536-2379498159-1907998561-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, , [acd0f615632861d539e9920936cc47b9], 
PUP.Optional.OneSoftPerDay.A, HKLM\SOFTWARE\ONESOFTPERDAY, , [3c40967598f3241234b6221fa3608d73], 
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [ee8e30dbaedd0531d649b1fbde2631cf], 
PUP.Optional.SuperOptimizer.C, HKU\S-1-5-21-3492453536-2379498159-1907998561-1000\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [d9a3e5261873c67076a9f4b8a95b27d9], 
 
Registry Values: 4
PUP.Optional.InboxToolBar.A, HKU\S-1-5-21-3492453536-2379498159-1907998561-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, , [acd0f615632861d539e9920936cc47b9], 
PUP.Optional.InboxToolBar.A, HKU\S-1-5-21-3492453536-2379498159-1907998561-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, , [c0bc34d7eaa164d22bf79a3943bf629e], 
PUP.Optional.InboxToolBar.A, HKU\S-1-5-21-3492453536-2379498159-1907998561-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, exéבäAÅ“Ã%« WLè, , [c0bc34d7eaa164d22bf79a3943bf629e]
PUP.Optional.InboxToolBar.A, HKU\S-1-5-21-3492453536-2379498159-1907998561-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, , [07752edd315a2b0b77abfba039c93ac6], 
 
Registry Data: 2
Hijack.StartPage, HKU\S-1-5-21-3492453536-2379498159-1907998561-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language, Good: (www.google.com), Bad: (http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language),,[e597fb10b0db7abce6a695c10ff632ce]
Hijack.SearchBar, HKU\S-1-5-21-3492453536-2379498159-1907998561-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language, Good: (www.google.com/), Bad: (http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language),,[e69639d24e3de155f698c492d62f639d]
 
Folders: 16
Rogue.Multiple, C:\ProgramData\2308189059, , [2b51c04b513a7db91335865234ce10f0], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\EmailNotifier, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\ExternalComponent, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\Logs, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\RadioPlayer, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\RadioPlayer\Skins, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\Repository, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\ToolbarLogin, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\ToolbarSettings, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_en-us, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_en-us\ToolbarTranslation, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\SearchInNewTab, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\UserDefinedItems, , [661662a9fd8e87afe897609b30d2d927], 
 
Files: 267
PUP.Optional.DownloadAdmin.C, C:\Users\Alex\Downloads\openoffice-suite.aptupgwbas01.78.exe, , [7b01d338d2b9fb3b9e9cd4b750b5946c], 
PUP.Optional.InstallCore, C:\Users\John\Downloads\FileOpenerSetup.exe, , [5f1dfb10dead181ec605839dba4b9c64], 
PUP.Optional.DomaIQ, C:\Users\John\Downloads\Setup.exe, , [d7a5a4674b400e28af53320cd32d54ac], 
PUP.Optional.SnapDo.A, C:\Users\John\AppData\Local\Temp241\15034.msi, , [b9c30dfe84074cea841bd951b64bef11], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSIB4E6.tmp, , [bebecd3e5b307cbac18769c69967d52b], 
PUP.Optional.SnapDo.A, C:\Windows\Installer\1e1ab9.msi, , [c3b9d635206b44f27629b575956c1ce4], 
PUP.Optional.SmartBar, C:\Windows\Installer\MSIB4E6.tmp-\Smartbar.Installer.CustomActions.dll, , [c7b544c71a7164d2a3a546e9738d48b8], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\ThirdPartyComponents.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_634223263838350000_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_PopUpBlocker-03_gif-Shiny-634223929360968750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankimages_commandcomps_block_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_SearchEngines_site_search_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654717003737500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734242800000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734629831250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735080143750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735423893750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642233431250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642273587500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642308275000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642347650000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642391868750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642426400000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642461087500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642507025000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642588275000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642638587500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642673743750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642707181250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642737650000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642769212500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642807650000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642838431250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642916400000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642967493750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643010775000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643052806250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643105150000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643143900000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643184212500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643245462500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643283275000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643319056250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643356868750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643436087500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643468587500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643505775000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643543431250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643598275000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643637650000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643682493750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643718587500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643754681250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_45_203_CT2038145_Images_633628017266675000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633637554254375000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633637555161093750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633637556125468750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633637557088906250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654716861862500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654716928737500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643839993750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633936819456468750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_634223252648000000_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_634223252976750000_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_634223253362843750_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_634223254379406250_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_634223255083468750_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_configure_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_games_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_mail_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_news_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_notepad_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_timer_alarm_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_tools_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738499675000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738555300000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738609987500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655641918900000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642019837500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642057650000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642098587500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642135462500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737988425000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738030300000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738178112500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738224675000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738258425000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738311393750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738350925000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737647487500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737682800000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737718737500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737755456250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737804987500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737880612500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737917018750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737065612500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737144050000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737428268750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737462018750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737494675000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737531706250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737572331250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654717076393750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654717188112500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654733928425000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654733969518750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734005143750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734064206250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734099518750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734144831250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734198268750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736728737500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736765456250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736832018750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736867487500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736904987500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736937643750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736969518750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642551400000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642876556250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643398431250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655643795931250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_634223262649250000_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_Error_GIF.GIF, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_pause_dn_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_slider_dn_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_vectoria_about_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736374831250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736409675000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736449675000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736489675000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736543268750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736592018750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736642175000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736078737500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736116706250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736145768750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736175300000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736222643750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736253112500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736296237500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735772956250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735806393750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735840300000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735883268750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735924518750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735957800000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735999987500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735467331250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735526550000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735566081250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735597643750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735635300000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735672487500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735702018750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735121862500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735153112500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735187487500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735227018750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735260300000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735296393750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735342175000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735383893750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734684050000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734761862500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734850768750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734920300000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734953737500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734993425000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735038893750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736038893750_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736337331250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654736686862500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737014050000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737605925000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654737956550000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654738403581250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654735734362500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633655642176400000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___Storage_conduit_com_BankImages_ConduitEngine_ContextMenu_Upgrade_png.png, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_chevron_menu_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_chevron_play_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_chevron_stop_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_display_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_Equalizer_GIF.GIF, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734306862500_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734346081250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734383425000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734427175000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734476706250_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734525300000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_48_280_CT2801948_Images_633654734567800000_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_pause_dn_mini_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_pause_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_pause_mini_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_pause_over_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_pause_over_mini_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_play_dn_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_play_dn_mini_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_play_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_play_mini_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_play_over_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_play_over_mini_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_slider_bg_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_slider_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_slider_over_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_stop_dn_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_stop_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_stop_over_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_vol_dn_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_vol_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_vol_over_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_silkset_control_play_blue_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_idel_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_Loading_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_maxi_dn_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_maxi_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_maxi_over_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_minimize_dn_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_minimize_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_minimize_over_gif.gif, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\EmailNotifier\AccountTypes.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\EmailNotifier\aol.com.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\EmailNotifier\comcast.net.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\EmailNotifier\google.com.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\EmailNotifier\hotmail.com.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\EmailNotifier\yahoo.com.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en-us.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en-us.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en-us.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en-us.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\RadioPlayer\IP_Stations_Media_List.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\RadioPlayer\Predefined_Media_List.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\RadioPlayer\Skins\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_display_xml.xml, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\ToolbarLogin\data.txt, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_CT2801948\ToolbarSettings\data.txt, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\Repository\conduit_CT2801948_en-us\ToolbarTranslation\data.txt, , [661662a9fd8e87afe897609b30d2d927], 
PUP.Optional.Conduit.A, C:\Users\Alex\AppData\LocalLow\NCH_EN\SearchInNewTab\SearchInNewTabContent.xml, , [661662a9fd8e87afe897609b30d2d927], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Other than redo it again. I have no idea what to do.
 
didn't you want another OTL fix? 
 
And now I have two desktop.ini files on my desktop, not sure why.
Edited by N7xlq1
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 0
Go to topic listing