woodshopfun Posted November 2, 2013 Report Share Posted November 2, 2013 I have noticed that my computer is getting slower to start up in the mornings when I turn it on. Sometimes it seems to take forever before I can start doing things, MSN, email, etc. I haven't realyy noticed anything dramatic after start up, but it does seem to be a little slower doing some things than it used to be. Link to post Share on other sites
flashh4 Posted November 3, 2013 Report Share Posted November 3, 2013 Howdy woodshopfun and welcome to BestTechie !!! My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!Do Not Remove anything or run any tools/programs until advised to do so !Perform all actions in the order given.Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up ! Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log in the Malware Removal forum and wait for help. =================================== AdwCleaner Please download adwcleaner by Xplode onto your desktop.Double click on AdwCleaner.exe to run the tool again. Windows XP : Double click on the icon to run it. Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" *Click on the Scan button. *AdwCleaner will begin to scan your computer like it did before. *After the scan has finished ....... This time, click on the Clean button. *Press OK when asked to close all programs and follow the onscreen prompts. *Press OK again to allow AdwCleaner to restart the computer and complete the removal process. *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. *Copy and paste the contents of that logfile in your next reply. *A copy of that logfile will also be saved in the C:\AdwCleaner folder.NEXT Please download Junkware Removal Tool and save to your desk top. Shut down your protection software now to avoid potential conflicts. * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". * The tool will open and start scanning your system. * Please be patient as this can take a while to complete depending on your system's specifications. * On completion, a log (JRT.txt) is saved to your desktop and will automatically open. * Post the contents of JRT.txt into your next reply !Re-Boot your computer now !!NEXTMALWAREBYTES with Pics:Please download Malwarebytes' Anti-Malware to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results. * Then click Remove Selected . * When completed, a log will open in Notepad. Please save it to a convenient location and post the results. * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt Or via the Logs tab when the application is started.Please don't attach the scans / logs, use "copy/paste". You can work these at your own pace & time, just make sure you have a response within 5 days of my last post or i have to lock your topic unless you notify me in advance !! Post next:1. AdwCleaner Log2. Junkware Removal Log3. Malwarebytes logThanksChuck Link to post Share on other sites
woodshopfun Posted November 3, 2013 Author Report Share Posted November 3, 2013 # AdwCleaner v3.010 - Report created 03/11/2013 at 07:49:15# Updated 20/10/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Chris - CHRIS-PC# Running from : C:\Users\Chris\Desktop\adwcleaner.exe# Option : Clean***** [ Services ] *****Service Deleted : CltMngSvc***** [ Files / Folders ] *****Folder Deleted : C:\SearchprotectFolder Deleted : C:\Program Files (x86)\alotappbarFolder Deleted : C:\Program Files (x86)\ConduitFolder Deleted : C:\Program Files (x86)\SearchprotectFolder Deleted : C:\Program Files (x86)\Common Files\spigotFolder Deleted : C:\Users\Chris\AppData\Local\ConduitFolder Deleted : C:\Users\Chris\AppData\Local\PackageAwareFolder Deleted : C:\Users\Chris\AppData\Local\Temp\AirInstallerFolder Deleted : C:\Users\Chris\AppData\Local\Temp\AskSearchFolder Deleted : C:\Users\Chris\AppData\LocalLow\alotappbarFolder Deleted : C:\Users\Chris\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Chris\AppData\LocalLow\CouponAlert_2pFolder Deleted : C:\Users\Chris\AppData\LocalLow\facemoods.comFolder Deleted : C:\Users\Chris\AppData\LocalLow\PriceGongFolder Deleted : C:\Users\Chris\AppData\Roaming\SearchprotectFile Deleted : C:\END***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiifValue Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchProtect]Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXEKey Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObjectKey Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObjectKey Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCSValue Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchProtectAll]Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3277370Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298583Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_stanza-desktop_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_stanza-desktop_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449B-83DA-872725C6D0ED}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A531D99C-5A22-449B-83DA-872725C6D0ED}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A531D99C-5A22-449B-83DA-872725C6D0ED}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{343263AB-D732-4066-A274-4A487A07F108}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C42103E4-7D10-4CC9-B2B4-C546BCCF8706}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{09971CEE-01B8-42BC-9D91-456B1FAAD6BE}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449B-83DA-872725C6D0ED}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971CEE-01B8-42BC-9D91-456B1FAAD6BE}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A531D99C-5A22-449B-83DA-872725C6D0ED}]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}Key Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\SearchProtectKey Deleted : HKCU\Software\SoftonicKey Deleted : HKCU\Software\ZugoKey Deleted : HKCU\Software\AppDataLow\Software\alotAppbarKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Deleted : HKCU\Software\AppDataLow\Software\iWonKey Deleted : HKCU\Software\AppDataLow\Software\PriceGongKey Deleted : HKCU\Software\AppDataLow\Software\smartbarKey Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\Freeze.comKey Deleted : HKLM\Software\InstallIQKey Deleted : HKLM\Software\SearchProtectKey Deleted : HKLM\Software\StartNow ToolbarKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotAppbarKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtectKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar***** [ Browsers ] *****-\\ Internet Explorer v9.0.8112.16496Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [search Page]Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Default_Page_URL]Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [search Page]Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [searchAssistant]Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)]*************************AdwCleaner[R0].txt - [10774 octets] - [03/11/2013 07:46:03]AdwCleaner[s0].txt - [10077 octets] - [03/11/2013 07:49:15]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10138 octets] ########## Link to post Share on other sites
flashh4 Posted November 3, 2013 Report Share Posted November 3, 2013 woodshopfun, that program/tool works so good !Do Not remove these tools until i give you the all clean in case we have to re-run one of them later ! Chuck Link to post Share on other sites
woodshopfun Posted November 3, 2013 Author Report Share Posted November 3, 2013 OK, thanks, will continue on. Link to post Share on other sites
woodshopfun Posted November 3, 2013 Author Report Share Posted November 3, 2013 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.7 (10.15.2013:3)OS: Windows 7 Home Premium x64Ran by Chris on Sun 11/03/2013 at 9:10:25.51~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623A8C4-150D-4983-8982-68C01E7D6541}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCSSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2E45402A-D795-4183-9840-FB2EDECA8946}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C8AE9BF3-944A-4F68-9C6F-E8AAE7D64412} ~~~ Files ~~~ FoldersSuccessfully deleted: [Folder] "C:\ProgramData\w3i"Successfully deleted: [Folder] "C:\Users\Chris\appdata\locallow\couponalert_2pei"Successfully deleted: [Folder] "C:\Program Files (x86)\couponalert_2pei"Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"Successfully deleted: [Folder] "C:\Program Files (x86)\w3i"Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sun 11/03/2013 at 9:16:09.85End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites
flashh4 Posted November 3, 2013 Report Share Posted November 3, 2013 Now we need the Malwarebytes log/report !!Then i will have a few more programs for you to run !! Chuck Link to post Share on other sites
woodshopfun Posted November 4, 2013 Author Report Share Posted November 4, 2013 Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.11.03.04Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Chris :: CHRIS-PC [administrator]Protection: Enabled11/3/2013 5:07:27 PMMBAM-log-2013-11-03 (18-02-19) results.txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 281617Time elapsed: 19 minute(s), 42 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 2C:\Users\Chris\AppData\Local\Temp\ct3277370 (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3298583 (PUP.Optional.Conduit.A) -> No action taken.Files Detected: 22C:\Users\Chris\AppData\Local\Temp\checktbexist.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\nsd5F05.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\nsy689.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\SecondStepInstaller.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3277370\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3277370\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3277370\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3298583\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3298583\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3298583\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\is-5B2F8.tmp\MixiCND_CID19.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Windows\Temp\TBU014\ToolbarUpdate.exe (PUP.Optional.SweetPacks.A) -> No action taken.C:\Users\Chris\Downloads\agsetup183se.exe (PUP.Funmoods) -> No action taken.C:\Users\Chris\Downloads\pinochle for windows setup.exe (PUP.Optional.AdBundle) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3277370\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3277370\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3277370\stub.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3298583\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3298583\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3298583\stub.exe (PUP.Optional.Conduit.A) -> No action taken.(end) Link to post Share on other sites
flashh4 Posted November 4, 2013 Report Share Posted November 4, 2013 Hey, woods ......... Now run Malwarebytes again please check the small box beside each that it found ! then the box that says "Remove Selected" And post that log !! Security Check Please download and save SecurityCheck.exe to your Desktop from one of the links below.Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box. * A Notepad document should open automatically called checkup.txt * Please post the contents of that document in your next reply. NEXT Download OldTimer to your desk top !Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr If you already have a copy of OTL delete it and use this version. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).* Double click OTL.exe to launch the program.* Check the following.o Scan all users.o Standard Output. o Lop check.o Purity check. oExtra Registry > Use SafeList * Under Extra Registry section, select Use SafeList* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).* When finished it will produce two logs.o OTL.txt (open on your desktop).o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.* Please post me both logs. This may have to be broken into more than one post ! Post next:1. New Malwarebytes log2. SecurityCheck3. OTL log(s) ThanksChuck Link to post Share on other sites
woodshopfun Posted November 5, 2013 Author Report Share Posted November 5, 2013 Results of screen317's Security Check version 0.99.76 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton AntiVirus Online WMI entry may not exist for antivirus; attempting automatic update.`````````Anti-malware/Other Utilities Check:````````` Spyder4Elite Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Reader 9 Adobe Reader out of Date!````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Norton AntiVirus Engine 19.9.1.14 ccSvcHst.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3%````````````````````End of Log`````````````````````` Link to post Share on other sites
woodshopfun Posted November 5, 2013 Author Report Share Posted November 5, 2013 OTL logfile created on: 11/4/2013 9:02:30 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.75 Gb Total Physical Memory | 5.75 Gb Available Physical Memory | 74.24% Memory free15.50 Gb Paging File | 13.36 Gb Available in Paging File | 86.22% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 913.84 Gb Total Space | 705.35 Gb Free Space | 77.19% Space Free | Partition Type: NTFS Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/11/04 20:59:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.comPRC - [2013/10/08 16:35:48 | 000,829,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exePRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exePRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exePRC - [2012/06/15 19:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccsvchst.exePRC - [2012/02/24 02:43:50 | 000,070,136 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXEPRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exePRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.acPRC - [2010/08/04 05:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exePRC - [2010/06/29 19:26:30 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exePRC - [2010/05/26 19:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exePRC - [2010/05/10 09:06:06 | 000,650,240 | ---- | M] (Emdem Technologies (M-Soft)) -- C:\Program Files (x86)\M-Soft\M-Minder\Minder.exePRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exePRC - [2010/03/10 22:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exePRC - [2010/03/10 22:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exePRC - [2010/01/28 16:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exePRC - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exePRC - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exePRC - [2009/05/08 03:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exePRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe ========== Modules (No Company Name) ========== MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2010/08/04 05:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exeMOD - [2010/08/04 02:47:32 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)SRV:64bit: - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)SRV:64bit: - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)SRV:64bit: - [2010/12/19 21:59:06 | 000,100,176 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\LPESP\cnwilsv6.exe -- (LPESPSVC)SRV:64bit: - [2010/01/28 16:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)SRV:64bit: - [2009/10/09 14:25:24 | 000,713,488 | ---- | M] (CANON INC) [Auto | Running] -- C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe -- (Canon imagePROGRAF Status Monitor)SRV:64bit: - [2009/04/19 08:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)SRV:64bit: - [2009/04/19 08:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)SRV:64bit: - [2008/12/08 08:29:24 | 000,210,944 | ---- | M] (CANON INC.) [Auto | Running] -- C:\Windows\SysNative\cnwiols6.exe -- (iPFDeviceAgentService)SRV - [2013/10/08 16:35:50 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2013/02/25 23:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)SRV - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)SRV - [2012/06/15 19:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe -- (NAV)SRV - [2012/02/24 02:43:50 | 000,070,136 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)SRV - [2011/09/11 09:17:00 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)SRV - [2010/05/26 19:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)SRV - [2010/04/03 16:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)SRV - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)SRV - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)SRV - [2007/12/16 20:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)SRV - [2007/01/10 20:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2013/02/18 08:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2012/07/05 19:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\srtspx64.sys -- (SRTSPX)DRV:64bit: - [2012/07/05 19:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\srtsp64.sys -- (SRTSP)DRV:64bit: - [2012/06/06 21:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\ccsetx64.sys -- (ccSet_NAV)DRV:64bit: - [2012/05/21 18:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\symefa64.sys -- (SymEFA)DRV:64bit: - [2012/04/20 17:44:38 | 000,007,808 | ---- | M] (GretagMacbeth LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\i1display_x64.sys -- (EyeOneDisplay)DRV:64bit: - [2012/04/17 19:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\symnets.sys -- (SymNetS)DRV:64bit: - [2012/04/17 18:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\ironx64.sys -- (SymIRON)DRV:64bit: - [2012/03/23 07:46:52 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/07/25 19:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\symds64.sys -- (SymDS)DRV:64bit: - [2011/06/02 14:56:52 | 000,015,360 | ---- | M] (Datacolor) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dccmtr.sys -- (Spyder4)DRV:64bit: - [2011/05/17 18:01:54 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/08/12 11:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/06/02 19:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)DRV:64bit: - [2009/06/02 19:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)DRV:64bit: - [2009/06/02 19:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)DRV:64bit: - [2007/11/15 19:33:58 | 000,528,256 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkTMini.sys -- (StkTMini)DRV:64bit: - [2007/11/06 11:08:30 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Spyder3.sys -- (Spyder3)DRV:64bit: - [2006/05/18 15:13:02 | 000,007,808 | ---- | M] (GretagMacbeth LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SeqCal.sys -- (SeqCal)DRV - [2013/10/25 13:17:18 | 000,521,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20131101.001\IDSviA64.sys -- (IDSVia64)DRV - [2013/10/22 16:11:13 | 001,524,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20131022.001\BHDrvx64.sys -- (BHDrvx64)DRV - [2013/09/22 13:37:10 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20131104.017\ex64.sys -- (NAVEX15)DRV - [2013/09/22 13:37:10 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)DRV - [2013/09/22 13:37:10 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)DRV - [2013/09/22 13:37:10 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20131104.017\eng64.sys -- (NAVENG)DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.comIE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.comIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBoxIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.comIE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HPIE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.comIE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1IE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.comIE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/IE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.comIE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.comIE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..\SearchScopes\{5D59D0FD-EFA3-4F0F-8180-83C9E2D77E12}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9MI&pc=BIE9&src=IE-SearchBoxIE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..\SearchScopes\{725DF0A4-9B06-4712-8E7C-2E70F0E4AFF0}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}IE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not foundFF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFF [2013/10/09 09:08:48 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/07 19:34:23 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/07 19:34:23 | 000,000,000 | ---D | M] [2011/06/03 15:04:35 | 000,003,189 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\acpro.xml[2010/11/22 09:33:08 | 000,002,037 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchaudio.xml O1 HOSTS File: ([2012/06/04 21:15:32 | 000,001,306 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 activate.adobe.comO1 - Hosts: 127.0.0.1 activate.adobe.comO1 - Hosts: 127.0.0.1 practivate.adobe.comO1 - Hosts: 127.0.0.1 ereg.adobe.comO1 - Hosts: 127.0.0.1 activate.wip3.adobe.comO1 - Hosts: 127.0.0.1 wip3.adobe.comO1 - Hosts: 127.0.0.1 3dns-3.adobe.comO1 - Hosts: 127.0.0.1 3dns-2.adobe.comO1 - Hosts: 127.0.0.1 adobe-dns.adobe.comO1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.comO1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.comO1 - Hosts: 127.0.0.1 ereg.wip3.adobe.comO1 - Hosts: 127.0.0.1 activate-sea.adobe.comO1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.comO1 - Hosts: 127.0.0.1 activate-sjc0.adobe.comO2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)O4:64bit: - HKLM..\Run: [CnwiDeviceAgent] C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe (CANON INC.)O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not foundO4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not foundO4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)O4 - HKLM..\Run: [QwestTouchPointAgent] C:\Program Files (x86)\Qwest\Desktop\QwestTouchPointAgent.exe (Qwest Communications)O4 - HKLM..\Run: [suiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)O4 - HKU\.DEFAULT..\Run: [searchProtect] \SearchProtect\bin\cltmng.exe File not foundO4 - HKU\S-1-5-18..\Run: [searchProtect] \SearchProtect\bin\cltmng.exe File not foundO4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001..\Run: [AdobeBridge] File not foundO4 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001..\Run: [EPSON WorkForce 30 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Windows\TEMP\E_S386E.tmp" /EF "HKCU" File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\M-Minder.lnk = C:\Program Files (x86)\M-Soft\M-Minder\Minder.exe (Emdem Technologies (M-Soft))O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO15 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..Trusted Domains: centurylink.com ([qwest] https in Trusted sites)O15 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..Trusted Domains: verizonwireless.com ([support] https in Trusted sites)O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B47D2C2-3636-4E51-B6DA-6EEF1042FFAC}: DhcpNameServer = 192.168.0.1 205.171.2.25O18:64bit: - Protocol\Handler\ipp - No CLSID value foundO18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/11/04 20:59:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.com[2013/11/03 17:05:56 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes[2013/11/03 17:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2013/11/03 17:05:46 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2013/11/03 17:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2013/11/03 17:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013/11/03 17:03:52 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Chris\Desktop\mbam-setup-1.75.0.1300.exe[2013/11/03 09:10:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2013/11/03 09:08:56 | 001,033,335 | ---- | C] (Thisisu) -- C:\Users\Chris\Desktop\JRT.exe[2013/11/03 07:36:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner[2013/10/31 21:26:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\GMG pics[2013/10/21 21:02:41 | 000,000,000 | ---D | C] -- C:\Chevelle[2011/05/17 18:01:54 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ][3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/11/04 20:59:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.com[2013/11/04 20:57:50 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013/11/04 20:57:50 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013/11/04 20:57:50 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013/11/04 20:46:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/11/04 20:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013/11/04 19:08:16 | 000,891,184 | ---- | M] () -- C:\Users\Chris\Desktop\SecurityCheck.exe[2013/11/04 19:06:54 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/11/04 19:06:54 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/11/04 18:59:14 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/11/04 18:59:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/11/04 18:58:58 | 1945,554,943 | -HS- | M] () -- C:\hiberfil.sys[2013/11/03 21:07:33 | 000,000,000 | ---- | M] () -- C:\Users\Chris\Documents\SG_Local_4[2013/11/03 17:05:48 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/11/03 17:04:06 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Chris\Desktop\mbam-setup-1.75.0.1300.exe[2013/11/03 17:00:15 | 000,000,132 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Adobe BMP Format CS5 Prefs[2013/11/03 15:02:10 | 006,902,211 | ---- | M] () -- C:\Users\Chris\Desktop\RY34420_RY34440_405_trilingual.pdf[2013/11/03 09:08:56 | 001,033,335 | ---- | M] (Thisisu) -- C:\Users\Chris\Desktop\JRT.exe[2013/11/03 07:35:40 | 001,060,070 | ---- | M] () -- C:\Users\Chris\Desktop\adwcleaner.exe[2013/10/31 21:23:38 | 011,133,600 | ---- | M] () -- C:\Users\Chris\Documents\Build sheet.bmp[2013/10/23 20:19:04 | 002,811,656 | ---- | M] () -- C:\Users\Chris\Documents\IMG_002.bmp[2013/10/23 20:19:03 | 002,791,856 | ---- | M] () -- C:\Users\Chris\Documents\IMG_001.bmp[2013/10/23 20:14:41 | 002,983,342 | ---- | M] () -- C:\Users\Chris\Documents\IMG.bmp[2013/10/23 16:27:01 | 000,014,216 | ---- | M] () -- C:\Users\Chris\Documents\ordqteJS.html[2013/10/12 21:09:06 | 002,433,948 | ---- | M] () -- C:\Users\Chris\Documents\2006_chevy_monte_carlo.pdf[2013/10/09 10:35:39 | 009,625,938 | ---- | M] () -- C:\Users\Chris\Desktop\Yellow_Channel.prn[2013/10/09 10:28:19 | 009,625,938 | ---- | M] () -- C:\Users\Chris\Desktop\Cyan_Channel.prn[2013/10/09 10:27:45 | 009,625,938 | ---- | M] () -- C:\Users\Chris\Desktop\Magenta_Channel.prn[2013/10/08 16:35:48 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe[2013/10/08 16:35:48 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl[2013/10/08 13:48:04 | 000,000,434 | ---- | M] () -- C:\Users\Chris\Desktop\Yahoo! Mail.url[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ][3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/11/04 19:08:16 | 000,891,184 | ---- | C] () -- C:\Users\Chris\Desktop\SecurityCheck.exe[2013/11/03 17:05:47 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/11/03 15:02:10 | 006,902,211 | ---- | C] () -- C:\Users\Chris\Desktop\RY34420_RY34440_405_trilingual.pdf[2013/11/03 07:35:40 | 001,060,070 | ---- | C] () -- C:\Users\Chris\Desktop\adwcleaner.exe[2013/10/31 21:18:10 | 011,133,600 | ---- | C] () -- C:\Users\Chris\Documents\Build sheet.bmp[2013/10/23 20:18:10 | 002,811,656 | ---- | C] () -- C:\Users\Chris\Documents\IMG_002.bmp[2013/10/23 20:16:52 | 002,791,856 | ---- | C] () -- C:\Users\Chris\Documents\IMG_001.bmp[2013/10/23 20:14:41 | 002,983,342 | ---- | C] () -- C:\Users\Chris\Documents\IMG.bmp[2013/10/23 16:27:01 | 000,014,216 | ---- | C] () -- C:\Users\Chris\Documents\ordqteJS.html[2013/10/12 21:08:56 | 002,433,948 | ---- | C] () -- C:\Users\Chris\Documents\2006_chevy_monte_carlo.pdf[2013/10/09 10:27:43 | 009,625,938 | ---- | C] () -- C:\Users\Chris\Desktop\Yellow_Channel.prn[2013/10/09 10:27:36 | 009,625,938 | ---- | C] () -- C:\Users\Chris\Desktop\Cyan_Channel.prn[2013/10/09 10:27:27 | 009,625,938 | ---- | C] () -- C:\Users\Chris\Desktop\Magenta_Channel.prn[2013/09/23 17:07:19 | 000,000,044 | ---- | C] () -- C:\Windows\EPWF30.ini[2013/04/27 11:00:39 | 000,723,230 | ---- | C] () -- C:\Windows\unins000.exe[2013/04/27 11:00:39 | 000,071,913 | ---- | C] () -- C:\Windows\unins000.dat[2013/04/27 07:50:19 | 000,002,157 | ---- | C] () -- C:\Windows\cdplayer.ini[2013/01/13 11:05:30 | 000,600,928 | ---- | C] () -- C:\Users\Chris\2012 Jensen C Form 1040 Individual Tax Return.tax2012[2013/01/05 21:38:50 | 000,000,015 | ---- | C] () -- C:\ProgramData\sdpN.tst[2013/01/04 21:42:01 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI[2012/12/09 16:06:59 | 000,000,132 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Adobe GIF Format CS5 Prefs[2012/11/11 16:52:52 | 000,000,132 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Adobe PNG Format CS5 Prefs[2012/11/07 19:29:43 | 000,221,304 | ---- | C] () -- C:\Windows\hpoins19.dat[2012/11/07 19:29:43 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat[2012/10/26 07:49:24 | 000,001,456 | ---- | C] () -- C:\Users\Chris\AppData\Local\Adobe Save for Web 12.0 Prefs[2012/06/17 10:08:22 | 000,221,304 | ---- | C] () -- C:\Windows\hpoins19.dat.temp[2012/06/17 10:08:22 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp[2012/04/20 16:46:08 | 000,000,197 | ---- | C] () -- C:\Windows\i1Share.ini[2012/04/10 07:41:07 | 000,000,132 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Adobe BMP Format CS5 Prefs[2012/04/09 20:14:04 | 000,000,000 | ---- | C] () -- C:\Windows\ui.INI[2012/04/02 20:55:35 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI[2012/03/31 10:28:25 | 000,000,031 | ---- | C] () -- C:\Windows\AutoRun.ini[2012/03/31 05:53:19 | 000,000,044 | ---- | C] () -- C:\Windows\PERFV30V300.ini[2012/03/04 15:00:46 | 000,006,688 | ---- | C] () -- C:\Windows\SysWow64\Digita.sys[2012/03/04 15:00:45 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\ldf252.dll[2012/02/19 19:17:11 | 000,263,550 | ---- | C] () -- C:\Users\Chris\2011 Jensen K Form 1040 Individual Tax Return_Records.pdf[2012/02/13 10:49:41 | 000,072,080 | ---- | C] () -- C:\Users\Chris\g2mdlhlpx.exe[2012/01/29 11:38:11 | 000,559,160 | ---- | C] () -- C:\Users\Chris\2011 Jensen K Form 1040 Individual Tax Return.tax2011[2012/01/29 11:34:45 | 000,619,736 | ---- | C] () -- C:\Users\Chris\2011 Jensen C Form 1040 Individual Tax Return.tax2011[2012/01/28 21:42:47 | 000,000,737 | ---- | C] () -- C:\Windows\XMLEditor4.INI[2012/01/16 19:33:45 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat[2012/01/16 19:33:45 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat[2012/01/16 19:33:45 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat[2012/01/16 19:33:45 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat[2012/01/16 19:33:45 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat[2012/01/16 19:33:45 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat[2012/01/16 19:33:45 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat[2012/01/16 19:33:45 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat[2012/01/16 19:33:45 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat[2012/01/16 19:33:45 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat[2012/01/16 19:33:45 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat[2012/01/16 19:33:45 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat[2012/01/16 19:33:45 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat[2012/01/16 19:33:45 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat[2012/01/16 19:33:45 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat[2012/01/16 19:33:45 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini[2012/01/16 19:32:21 | 000,000,080 | ---- | C] () -- C:\Windows\EPWF1100.ini[2012/01/15 12:36:49 | 000,000,479 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc[2011/11/07 23:08:38 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll[2011/05/18 22:14:34 | 000,005,120 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2011/05/17 18:03:13 | 000,001,057 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml[2011/05/17 18:01:54 | 000,099,384 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\inst.exe[2011/05/17 18:01:54 | 000,007,859 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat[2011/05/17 18:01:54 | 000,001,167 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf ========== ZeroAccess Check ========== [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011/06/01 18:44:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OEM[2011/05/17 19:59:24 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ACD Systems[2011/09/03 20:04:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AnvSoft[2011/05/17 17:21:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Barnes & Noble[2013/03/03 08:02:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\BitComet[2011/05/20 18:17:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Camersoft[2011/06/01 21:02:46 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Canneverbe Limited[2012/01/14 09:27:37 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Canon[2012/01/08 10:31:15 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1[2012/01/07 21:15:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant[2011/06/01 17:36:30 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Digiarty[2012/02/26 15:25:05 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Downloaded Installations[2013/09/22 13:16:36 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Dropbox[2012/04/09 07:52:13 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\EPSON[2011/06/01 17:01:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ImTOO[2012/02/22 17:36:17 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\InFiles[2012/01/16 19:43:14 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leader Technologies[2012/01/16 19:38:50 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leadertech[2011/06/19 16:35:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\NCH Swift Sound[2012/02/26 21:32:16 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Nitro PDF[2011/05/16 21:01:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OEM[2011/07/12 07:15:30 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PCHC[2012/01/08 07:42:06 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PDAppFlex[2013/09/22 12:58:37 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PDFlite[2011/07/27 20:30:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PowerCinema[2012/11/07 18:18:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ScannerData[2011/05/17 20:05:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SoftGrid Client[2011/05/22 10:22:46 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Temp[2011/05/17 20:04:21 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TP[2013/02/10 08:55:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent[2013/07/07 09:52:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vso[2011/06/21 15:09:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WeatherBug[2011/05/17 17:20:20 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WildTangent ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 256 bytes -> C:\Windows:nlsPreferences< End of report > Link to post Share on other sites
woodshopfun Posted November 5, 2013 Author Report Share Posted November 5, 2013 OTL Extras logfile created on: 11/4/2013 9:02:30 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.75 Gb Total Physical Memory | 5.75 Gb Available Physical Memory | 74.24% Memory free 15.50 Gb Paging File | 13.36 Gb Available in Paging File | 86.22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 913.84 Gb Total Space | 705.35 Gb Free Space | 77.19% Space Free | Partition Type: NTFS Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDBrowse] -- "C:\PROGRA~2\ACDSYS~1\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.) Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDBrowse] -- "C:\PROGRA~2\ACDSYS~1\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.) Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 1 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 1 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 1 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0263F5A4-066E-446C-BCF6-81DAEB511529}" = lport=9948 | protocol=6 | dir=in | name=bitcomet 9948 tcp | "{1338B448-9584-4865-A529-77C4EDB81AEB}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | "{22A98113-4C79-4FFB-AD4B-472542F3F348}" = lport=139 | protocol=6 | dir=in | app=system | "{256359A0-20B3-40F1-B1A3-09251D58521F}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe | "{2CCB7376-6E3B-4AE5-8F7D-1A8D5FE596A2}" = rport=445 | protocol=6 | dir=out | app=system | "{31340FBF-564D-4F50-BF9D-CE59BA33FF9E}" = rport=10243 | protocol=6 | dir=out | app=system | "{3C640939-9BBE-43B1-AAD4-9BFCDDC9C3E4}" = rport=138 | protocol=17 | dir=out | app=system | "{4598C4E8-CE46-46AD-9047-996D849D130E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{477D3B3D-813B-4EAB-BC71-34F43B3861E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{537930F8-46DF-4163-9824-38580CDF39A9}" = lport=9948 | protocol=17 | dir=in | name=bitcomet 9948 udp | "{5EC773AC-D50F-4A55-8507-F1E548A0E07D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{60B3736B-F1C1-4F7B-9151-CA937983101B}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | "{6142C676-32AA-411F-8294-91C7EE6E119A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{65A4ADB6-8746-46D6-B685-80CE9F5CF80E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{696A6073-BA18-4697-9A7A-723CD90F9E42}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6DF8F2DC-4B24-45D9-A66C-2AB7170BD3AE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6F30700D-4D8A-46F7-B47C-105A72301B5F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8966649D-BF1B-4064-BD4D-31BD0D65C880}" = rport=137 | protocol=17 | dir=out | app=system | "{91ED04E6-4A72-4AD8-8529-C10141021974}" = lport=445 | protocol=6 | dir=in | app=system | "{9511AD1F-A4DB-46A0-AB89-8CF5AA175576}" = lport=137 | protocol=17 | dir=in | app=system | "{9BD3D0E3-5C50-4598-9EE1-544FE34FE172}" = rport=139 | protocol=6 | dir=out | app=system | "{ABA57B80-EBF9-4C73-8C91-2E6411D2228B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{AD3A8C07-AE05-4299-89D8-E6F77415B93B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ADC08A0B-1164-449B-B6C5-F77E8CE6C02C}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | "{B1EB61F1-E109-4B4B-8C8C-E3F7626A1394}" = lport=10243 | protocol=6 | dir=in | app=system | "{C1077D54-12B4-4DCC-897A-492E6F5BC4F6}" = lport=2869 | protocol=6 | dir=in | app=system | "{CE84891F-37E8-42AB-9F92-C3444832D074}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D320F822-844A-4425-A926-B05D8ECDAE94}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E08659AE-CEC8-44A3-AB9C-272FBF8C63CC}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe | "{ECA3D0E8-0B24-44A0-8151-B4F67D765A20}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{027E84AD-C48E-4806-BD49-1918AAF76089}" = protocol=6 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwida.exe | "{033CF974-FC9F-4334-AD9A-3F5DC69E3582}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0616E7C3-B62B-4E66-993D-7835134CEC3C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{077DAA4D-4192-4CC4-B84D-09DCAD10BD74}" = protocol=17 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwida.exe | "{07E7A5CB-5944-44A0-9EBD-C859E4DB16FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{0B5730B8-EC59-466D-A79D-FC8635A2984E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0C87F825-DB70-42BD-B3A6-060F046388CD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{0EF9D254-C114-4AA9-B87E-D4074F21D39F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1A2B5163-9AA6-4E05-8BFB-213F4AB97D4C}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{1A44CB02-3280-4002-B455-C1FAAC09E359}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1C452AC3-FD69-4895-AF42-2C7980677BC4}" = protocol=17 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwism.exe | "{1FAE9523-7125-434F-BAD6-B990EE83C1C8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{234BFFA3-0E88-473F-901A-909E2531F090}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe | "{3CD2EADE-0D02-44AD-8CC9-F47687A39F2E}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe | "{40F62F5A-0EEC-4B47-9C3D-6ED67BFF50C5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{42F38AC4-1C8E-4935-BF43-253772B8CEB1}" = protocol=1 | dir=in | [email protected],-28543 | "{43E7D67F-AA90-4A24-B575-BC0EB7F16BAC}" = protocol=1 | dir=out | [email protected],-28544 | "{4D88ADFC-543F-42BC-B781-1FD4BC1E84E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4FD3CF08-2552-49CF-A93D-C29DED23A5D1}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{52A463DA-17BD-4197-A30A-762BD88AB8FB}" = protocol=6 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwism.exe | "{55B0DBCA-3360-44D2-A13B-5034A52DBA97}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe | "{5A2D046D-6A43-4ED6-B11B-E7BADC7ECC87}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "{5FAED20F-9CC8-4CAF-8E04-198397994342}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{61AC5CF2-0EFB-49AC-9EBD-E63470A2A97D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{674B288B-B6E1-4D55-89D5-3903953E3910}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | "{6980B2FD-2A56-4D17-9A1B-5E67B7FB76A6}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{69BDCBCE-E2CD-41EA-8E62-65FCC83F9CD1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{7157C1DE-12FA-4C25-9C2A-AB1FEAEA9A04}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{744A3719-A9A1-4B3F-B1B8-3F706AE10C82}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{7764D3B1-B939-4081-A76A-E2C4E2101225}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\clmlsvc.exe | "{78ABFCE8-3695-43F0-840F-03027B4DA713}" = protocol=58 | dir=out | [email protected],-503 | "{7BA83E5C-D421-4039-8110-2C10FC4B8F15}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{7DDB5964-8D41-49DF-832A-E8F98D963E2D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | "{8008F2D7-D2F1-4A21-9087-08F3CB81ABB8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{8101F437-97E3-43E5-8FD4-294F87366901}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8E5B79BE-C9D1-4EB3-87CC-44A8CE35FBAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8E9DB9D0-8CDC-47A4-B01E-2F5AEF7DEA6D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{9083C5BB-24EB-4109-AC3F-AE4905BCC82E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{910212B0-F712-41F2-B293-71544C1E04BA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{96E1379E-A4BE-4A4D-BE5E-5BBD6513B210}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | "{978B1C6F-AFB1-482B-85F3-344BA04E8DF3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{993CC130-5B23-4A1A-BDAD-7EEDE2D12A27}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{9A75BDD3-0008-41F1-AD5F-16C2A9E85868}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A4E6033E-FD39-4B58-92CC-526F186D2EB8}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe | "{A855E219-8F36-4548-9F5D-8FF0F5A86140}" = protocol=6 | dir=out | app=system | "{A8DD326E-6327-4A9D-8E98-02264558D269}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\arcadedeluxeagent.exe | "{AEE9C64A-990D-4F42-AC1E-294F0D9B3DD2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{B76303DA-A626-4FA0-9035-FB73B813F320}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{BAC06B63-486A-4BF7-956A-E482D27C6272}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BD22FF84-5FE3-4B92-968D-81A26CCC81A3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{C3A557B6-0D92-458D-9E46-EEE8BA4CD55E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C5468079-87E4-43AD-92F6-EF98C25E2F3E}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{C5720CF1-94A5-49CA-BE4E-6ADAC9A60105}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{CADE649F-FC8B-4F52-948A-896EF14C4CDF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{D678AF46-99C8-47B9-A1A2-A6540A5A6881}" = protocol=58 | dir=in | [email protected],-28545 | "{DB7FB793-2C55-4DAF-81D7-584E83C83366}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E5BA9490-1C9B-4E90-BA6F-450D36998DEF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{E5BDB54C-D056-41E3-A964-966E4DF383A3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{E8CB8650-2AAE-44C1-867B-156B4D9569BC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | "{E94E1A2D-F234-4FD4-9CE9-BB664DA3C095}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{EA2AE888-1262-4A9F-89E7-3B35B0A1C2ED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{EF430E01-0C9C-44B1-B78D-B873BEF7A035}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{F3A25586-5004-4E94-90E5-CB46A7176036}" = protocol=58 | dir=in | app=system | "{FBBEA0E1-D2AE-429E-BCDB-2ED98FEC6624}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FF0C85A1-9292-45B4-807D-9AC892EC5377}" = protocol=58 | dir=out | [email protected],-28546 | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS) "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL) "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR) "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS) "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR) "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE) "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL) "{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN) "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND) "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT) "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN) "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN) "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN) "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CANONLPESP100" = Canon Large Format Printer Extended Survey Program "EPSON WorkForce 30 Series" = EPSON WorkForce 30 Series Printer Uninstall "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Drivers" = NVIDIA Drivers "Recuva" = Recuva "Shop for HP Supplies" = Shop for HP Supplies "VueScan" = VueScan "Zune" = Zune [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0BE576BC-49F3-4F3F-89AB-0E2ABF35122F}" = Canon iPF8300 Print Plug-In for Photoshop CS5 x64 "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan "{13273B8A-E750-4FD4-B6E0-AFC689FCF283}" = iPF8300 Media Configuration Tool "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{174126E2-5F05-41BD-A377-FAA44C15EC71}" = CarveWright System "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{22E23DF0-7FAE-4DA2-9DA2-45B984AA742C}_is1" = CenturyLink QuickAssist Desktop Tools "{256595b8-8ce7-4e31-8e8b-9923ba7c4e80}_is1" = Media converter "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{384E10CC-9455-40BC-B79C-0708C1D42302}" = Canon PosterArtist Lite "{3C873221-12B9-475D-8DCB-62D0B2179AF9}" = USB2.0 ATV "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{66392B7C-C522-450D-97B7-B3E41E170C3B}" = imagePROGRAF Status Monitor "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{729E16B3-1B80-4F3F-8D19-342A89631E0A}_is1" = Media converter "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset "{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print "{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1 "{91D27E68-979D-450F-82CC-418C5267C43E}" = Canon iPF8300 Print Plug-In for Photoshop CS5 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth "{982AC07C-985C-42D8-990E-2EEF443D53CE}" = ArcSoft MediaImpression "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software "{A4B68C10-AEF9-4068-8CB5-216963AFC86C}" = Light Source Check Tool "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B67A83A0-DBE5-482E-8437-5E0AD6D0EF1D}" = Canon iPF8300 User Manual "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie "{BCE2ED29-2E42-4481-8071-5D3E9FD270EE}" = MAX Console "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C5B66421-3963-4ACD-9074-2648A4741033}" = Nero 7 Essentials "{C96FF998-45BD-411E-9253-B7F2660FE280}" = Qwest Installer "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq "{DB3A97C0-EEC1-43FE-AB56-E2EA972CF111}" = 1600 "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365 "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper "{EA79DC46-98B0-4A26-A76F-448A032E5E4D}" = 1600Trb "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper "{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FEA5A8ED-93A1-44EE-9A7D-43103DB3F78D}" = 1600_Help "{FF484104-ECC5-499C-9B12-D0F8178A16A5}" = ScanExpress A3 USB 2400 Pro V1.2 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 4.65 "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint "ACDSee" = ACDSee "Acer Game Console" = Acer Game Console "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Applian Director2.1" = Applian Director "ArcSoft Camera Suite" = ArcSoft Camera Suite "Audiograbber" = Audiograbber 1.83 SE "Audiograbber-Lame" = Audiograbber MP3 Plugin "BN_DesktopReader" = NOOK for PC "Cfont Pro_is1" = Cfont Pro v4 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows "ExpressRip" = Express Rip "Flash Player Pro_is1" = Flash Player Pro V5.4 "FutureMatDesigner" = FutureMatDesigner "Hotkey Utility" = Hotkey Utility "Hoyle Card Games 5" = Hoyle Card Games 5 "Identity Card" = Identity Card "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "InstallShield_{BCE2ED29-2E42-4481-8071-5D3E9FD270EE}" = MAX Console "InstallShield_{FF484104-ECC5-499C-9B12-D0F8178A16A5}" = ScanExpress A3 USB 2400 Pro V1.2 "Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.1 "MagicISO v5.5_is1" = MagicISO v5.5 (build 0274) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "M-Minder_is1" = M-Minder 3.1 "NAV" = Norton AntiVirus "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Pinochle_is1" = Pinochle 4.14 "Replay Video Capture3.1B" = Replay Video Capture "Replay Video Capture4.2" = Replay Video Capture "Silent Package Run-Time Sample" = WorkForce 30 Series Info Center "Spyder4Elite" = Spyder4Elite "TurboTax 2011" = TurboTax 2011 "TurboTax 2012" = TurboTax 2012 "WF30IQ" = PowerDriver IQ WF30 "WildTangent acer Master Uninstall" = Acer Games "WT088295" = Agatha Christie - Death on the Nile "WT088300" = Bejeweled 2 Deluxe "WT088310" = Build-a-lot 2 "WT088312" = Chuzzle Deluxe "WT088318" = Diner Dash 2 Restaurant Rescue "WT088350" = Jewel Quest Solitaire 2 "WT088364" = Plants vs. Zombies "WT088373" = Blackhawk Striker 2 "WT088393" = Dora's Carnival Adventure "WT088413" = FATE "WT088445" = John Deere Drive Green "WT088449" = Penguins! "WT088453" = Polar Bowler "WT088457" = Polar Golfer "WT088517" = Zuma's Revenge "WT088553" = Virtual Villagers 4 - The Tree of Life "WT088649" = 18 Wheels of Steel - American Long Haul "WT088653" = Jewel Quest - Heritage "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Mail" = Yahoo! Internet Mail "Yahoo! Mail Advisor" = Yahoo! Mail Advisor "Yahoo! Software Update" = Yahoo! Software Update "YInstHelper" = Yahoo! Install Manager ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GoToMeeting" = GoToMeeting 5.1.0.880 ========== Last 20 Event Log Errors ========== [ System Events ] Error - 11/3/2013 5:15:21 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000 Description = The PDIHWCTL service failed to start due to the following error: %%2 Error - 11/3/2013 5:17:46 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7038 Description = The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 11/3/2013 5:17:46 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000 Description = The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error - 11/4/2013 9:50:51 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000 Description = The PDIHWCTL service failed to start due to the following error: %%2 Error - 11/4/2013 9:53:18 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7038 Description = The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 11/4/2013 9:53:18 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000 Description = The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error - 11/4/2013 9:59:16 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000 Description = The PDIHWCTL service failed to start due to the following error: %%2 Error - 11/4/2013 10:01:50 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7038 Description = The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 11/4/2013 10:01:50 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000 Description = The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 < End of report > Link to post Share on other sites
flashh4 Posted November 5, 2013 Report Share Posted November 5, 2013 Hi Chris, you have signs of P2P programs on your computer ! >>> bitcomet and uTorrent P2P WarningThere are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect to become infected & malware to occurOnce upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.Please read these short reports on the dangers of peer-2-peer programs and file sharing.FBI Cyber Education Letter http://www.fbi.gov/cyberinvest/cyberedletter.htmFile sharing infects 500,000 computers http://www.itpro.co.uk/195672/file-sharing-infects-500-000-computersUSAToday http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htminfoworld http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theftBelow are a few more articles on P2P that you may wish to read ....http://www.us-cert.gov/cas/tips/ST05-007.htmlhttp://www.fbi.gov/scams-safety/peertopeer/oeertopeerhttp://www.benedelman.org/spyware/p2p/http://www.pcworld.com/article/126230/i ... works.htmlEither refrain from using this program or simply remove, i would remove it before you become infected with something that we may not be able to clean ! I have seen this happen. !!! With that said lets continue ! ===================== We need to Run an OTL fix !! * Double-click OTL.exe to start the program. * Copy and Paste the following code into the . Do not include the word Code:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBoxIE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRCIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not foundO3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not foundO4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not foundO4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not foundO4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not foundO4 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001..\Run: [AdobeBridge] File not foundO4 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001..\Run: [EPSON WorkForce 30 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Windows\TEMP\E_S386E.tmp" /EF "HKCU" File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO18:64bit: - Protocol\Handler\ipp - No CLSID value foundO18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. :Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]# Then click the Run Fix button at the top.# Click # Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.Remember to enable your real time protection. Post that log next !! ThanksChuck Chris i still need a new Malwarebytes that i asked for !!Now run Malwarebytes again please check the small box beside each that it found ! then the box that says "Remove Selected" And post that log !! Link to post Share on other sites
woodshopfun Posted November 6, 2013 Author Report Share Posted November 6, 2013 All processes killedError: Unable to interpret <:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox> in the current context!Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope => in the current context!Error: Unable to interpret <IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC> in the current context!Error: Unable to interpret <IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope => in the current context!Error: Unable to interpret <IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope => in the current context!Error: Unable to interpret <IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope => in the current context!Error: Unable to interpret <IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope => in the current context!Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found> in the current context!Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found> in the current context!Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found> in the current context!Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found> in the current context!Error: Unable to interpret <O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!Error: Unable to interpret <O3 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.> in the current context!Error: Unable to interpret <O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found> in the current context!Error: Unable to interpret <O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found> in the current context!Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [searchProtect] \SearchProtect\bin\cltmng.exe File not found> in the current context!Error: Unable to interpret <O4 - HKU\S-1-5-18..\Run: [searchProtect] \SearchProtect\bin\cltmng.exe File not found> in the current context!Error: Unable to interpret <O4 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001..\Run: [AdobeBridge] File not found> in the current context!Error: Unable to interpret <O4 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001..\Run: [EPSON WorkForce 30 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Windows\TEMP\E_S386E.tmp" /EF "HKCU" File not found> in the current context!Error: Unable to interpret <O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!Error: Unable to interpret <O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!Error: Unable to interpret <O1364bit: - gopher Prefix: missing> in the current context!Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context!Error: Unable to interpret <O18:64bit: - Protocol\Handler\ipp - No CLSID value found> in the current context!Error: Unable to interpret <O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found> in the current context!Error: Unable to interpret <O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found> in the current context!Error: Unable to interpret <O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found> in the current context!Error: Unable to interpret <O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found> in the current context!Error: Unable to interpret <O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!========== COMMANDS ========== [EMPTYJAVA] User: Administrator User: All Users User: Chris User: Default User: Default User User: Public User: UpdatusUser Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: Administrator->Flash cache emptied: 56579 bytes User: All Users User: Chris->Flash cache emptied: 57422 bytes User: Default->Flash cache emptied: 56475 bytes User: Default User->Flash cache emptied: 0 bytes User: Public User: UpdatusUser->Flash cache emptied: 56475 bytes Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: Administrator->Temp folder emptied: 57361 bytes->Temporary Internet Files folder emptied: 35618 bytes->Flash cache emptied: 0 bytes User: All Users User: Chris->Temp folder emptied: 1718 bytes->Temporary Internet Files folder emptied: 135063266 bytes->Flash cache emptied: 0 bytes User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytes->Flash cache emptied: 0 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytes User: Public User: UpdatusUser->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytes->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 788596175 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytesRecycleBin emptied: 36422215910 bytes Total Files Cleaned = 35,616.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully.HOSTS file reset successfullyRestore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 11062013_111619Files\Folders moved on Reboot...C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WM2ZTFGB\ads[1].htm moved successfully.C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WM2ZTFGB\postmessageRelay[1].htm moved successfully.C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WM2ZTFGB\xd_arbiter[1].htm moved successfully.C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WM2ZTFGB\zrt_lookup[1].htm moved successfully.C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UMJ94ZW2\34434-slow-start-up[1].htm moved successfully.C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FJ3OTI6K\si[1].htm moved successfully.C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZKIAPBT\like[1].htm moved successfully.C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZKIAPBT\xd_arbiter[1].htm moved successfully.C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3UQ0WNOF\fastbutton[1].htm moved successfully.C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\29Y4NO7G\ads[1].htm moved successfully.C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\29Y4NO7G\si[1].htm moved successfully.C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.PendingFileRenameOperations files...Registry entries deleted on Reboot.. Link to post Share on other sites
flashh4 Posted November 6, 2013 Report Share Posted November 6, 2013 Chris there was a typo in my fix above so it was not complete ! I fixed the typo & i need you to run the OTL fix above again ! And post the log ! Also the Malwarebytes log !! Sorry, i am human !! Chuck Link to post Share on other sites
woodshopfun Posted November 7, 2013 Author Report Share Posted November 7, 2013 OTL logfile created on: 11/6/2013 7:59:35 PM - Run 2OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.75 Gb Total Physical Memory | 5.79 Gb Available Physical Memory | 74.66% Memory free15.50 Gb Paging File | 13.47 Gb Available in Paging File | 86.90% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 913.84 Gb Total Space | 745.24 Gb Free Space | 81.55% Space Free | Partition Type: NTFS Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days ========== Processes (SafeList) ========== PRC - [2013/11/04 20:59:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.comPRC - [2013/10/08 16:35:48 | 000,829,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exePRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exePRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exePRC - [2012/06/15 19:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccsvchst.exePRC - [2012/02/24 02:43:50 | 000,070,136 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXEPRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exePRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.acPRC - [2010/08/04 05:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exePRC - [2010/06/29 19:26:30 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exePRC - [2010/05/26 19:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exePRC - [2010/05/10 09:06:06 | 000,650,240 | ---- | M] (Emdem Technologies (M-Soft)) -- C:\Program Files (x86)\M-Soft\M-Minder\Minder.exePRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exePRC - [2010/03/10 22:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exePRC - [2010/03/10 22:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exePRC - [2010/01/28 16:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exePRC - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exePRC - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exePRC - [2009/05/08 03:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exePRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe ========== Modules (No Company Name) ========== MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2010/08/04 05:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exeMOD - [2010/08/04 02:47:32 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)SRV:64bit: - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)SRV:64bit: - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)SRV:64bit: - [2010/12/19 21:59:06 | 000,100,176 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\LPESP\cnwilsv6.exe -- (LPESPSVC)SRV:64bit: - [2010/01/28 16:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)SRV:64bit: - [2009/10/09 14:25:24 | 000,713,488 | ---- | M] (CANON INC) [Auto | Running] -- C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe -- (Canon imagePROGRAF Status Monitor)SRV:64bit: - [2009/04/19 08:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)SRV:64bit: - [2009/04/19 08:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)SRV:64bit: - [2008/12/08 08:29:24 | 000,210,944 | ---- | M] (CANON INC.) [Auto | Running] -- C:\Windows\SysNative\cnwiols6.exe -- (iPFDeviceAgentService)SRV - [2013/10/08 16:35:50 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2013/02/25 23:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)SRV - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)SRV - [2012/06/15 19:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe -- (NAV)SRV - [2012/02/24 02:43:50 | 000,070,136 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)SRV - [2011/09/11 09:17:00 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)SRV - [2010/05/26 19:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)SRV - [2010/04/03 16:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)SRV - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)SRV - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)SRV - [2007/12/16 20:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)SRV - [2007/01/10 20:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2013/02/18 08:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2012/07/05 19:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\srtspx64.sys -- (SRTSPX)DRV:64bit: - [2012/07/05 19:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\srtsp64.sys -- (SRTSP)DRV:64bit: - [2012/06/06 21:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\ccsetx64.sys -- (ccSet_NAV)DRV:64bit: - [2012/05/21 18:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\symefa64.sys -- (SymEFA)DRV:64bit: - [2012/04/20 17:44:38 | 000,007,808 | ---- | M] (GretagMacbeth LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\i1display_x64.sys -- (EyeOneDisplay)DRV:64bit: - [2012/04/17 19:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\symnets.sys -- (SymNetS)DRV:64bit: - [2012/04/17 18:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\ironx64.sys -- (SymIRON)DRV:64bit: - [2012/03/23 07:46:52 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/07/25 19:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\symds64.sys -- (SymDS)DRV:64bit: - [2011/06/02 14:56:52 | 000,015,360 | ---- | M] (Datacolor) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dccmtr.sys -- (Spyder4)DRV:64bit: - [2011/05/17 18:01:54 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/08/12 11:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/06/02 19:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)DRV:64bit: - [2009/06/02 19:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)DRV:64bit: - [2009/06/02 19:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)DRV:64bit: - [2007/11/15 19:33:58 | 000,528,256 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkTMini.sys -- (StkTMini)DRV:64bit: - [2007/11/06 11:08:30 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Spyder3.sys -- (Spyder3)DRV:64bit: - [2006/05/18 15:13:02 | 000,007,808 | ---- | M] (GretagMacbeth LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SeqCal.sys -- (SeqCal)DRV - [2013/10/25 13:17:18 | 000,521,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20131106.001\IDSviA64.sys -- (IDSVia64)DRV - [2013/10/22 16:11:13 | 001,524,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20131101.003\BHDrvx64.sys -- (BHDrvx64)DRV - [2013/09/22 13:37:10 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20131106.002\ex64.sys -- (NAVEX15)DRV - [2013/09/22 13:37:10 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)DRV - [2013/09/22 13:37:10 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)DRV - [2013/09/22 13:37:10 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20131106.002\eng64.sys -- (NAVENG)DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.comIE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.comIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBoxIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.comIE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HPIE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.comIE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1IE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.comIE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/IE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.comIE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.comIE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..\SearchScopes\{5D59D0FD-EFA3-4F0F-8180-83C9E2D77E12}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9MI&pc=BIE9&src=IE-SearchBoxIE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..\SearchScopes\{725DF0A4-9B06-4712-8E7C-2E70F0E4AFF0}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}IE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not foundFF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFF [2013/10/09 09:08:48 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/07 19:34:23 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/07 19:34:23 | 000,000,000 | ---D | M] [2011/06/03 15:04:35 | 000,003,189 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\acpro.xml[2010/11/22 09:33:08 | 000,002,037 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchaudio.xml O1 HOSTS File: ([2013/11/06 11:17:59 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: ::1 localhostO2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)O4:64bit: - HKLM..\Run: [CnwiDeviceAgent] C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe (CANON INC.)O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not foundO4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not foundO4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)O4 - HKLM..\Run: [QwestTouchPointAgent] C:\Program Files (x86)\Qwest\Desktop\QwestTouchPointAgent.exe (Qwest Communications)O4 - HKLM..\Run: [suiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)O4 - HKU\.DEFAULT..\Run: [searchProtect] \SearchProtect\bin\cltmng.exe File not foundO4 - HKU\S-1-5-18..\Run: [searchProtect] \SearchProtect\bin\cltmng.exe File not foundO4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001..\Run: [AdobeBridge] File not foundO4 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001..\Run: [EPSON WorkForce 30 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Windows\TEMP\E_S386E.tmp" /EF "HKCU" File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\M-Minder.lnk = C:\Program Files (x86)\M-Soft\M-Minder\Minder.exe (Emdem Technologies (M-Soft))O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO15 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..Trusted Domains: centurylink.com ([qwest] https in Trusted sites)O15 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..Trusted Domains: verizonwireless.com ([support] https in Trusted sites)O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B47D2C2-3636-4E51-B6DA-6EEF1042FFAC}: DhcpNameServer = 192.168.0.1 205.171.2.25O18:64bit: - Protocol\Handler\ipp - No CLSID value foundO18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value foundO18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [CREATERESTOREPOINT]Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 360 Days ========== [2013/11/06 11:16:19 | 000,000,000 | ---D | C] -- C:\_OTL[2013/11/04 20:59:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.com[2013/11/03 17:05:56 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes[2013/11/03 17:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2013/11/03 17:05:46 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2013/11/03 17:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2013/11/03 17:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013/11/03 17:03:52 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Chris\Desktop\mbam-setup-1.75.0.1300.exe[2013/11/03 09:10:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2013/11/03 09:08:56 | 001,033,335 | ---- | C] (Thisisu) -- C:\Users\Chris\Desktop\JRT.exe[2013/11/03 07:36:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner[2013/10/31 21:26:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\GMG pics[2013/10/21 21:02:41 | 000,000,000 | ---D | C] -- C:\Chevelle[2013/09/23 17:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Creativity Suite[2013/09/23 17:07:47 | 000,108,032 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMEEA.DLL[2013/09/23 17:07:44 | 000,081,408 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBEEA.DLL[2013/09/22 12:58:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\PDFlite[2013/09/22 12:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFlite[2013/08/26 19:12:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\Dropbox[2013/08/26 15:57:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox[2013/08/26 15:56:25 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Dropbox[2013/08/16 06:42:51 | 000,000,000 | R--D | C] -- C:\Users\Chris\Podcasts[2013/08/16 06:42:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft[2013/08/16 06:42:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ms-MY[2013/08/16 06:39:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune[2013/08/16 06:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\Zune[2013/08/16 06:39:23 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH[2013/08/05 17:51:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Sony Bloggie[2013/08/03 06:28:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Shawna's pics for Kim, Devil's Tower[2013/07/30 20:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth[2013/07/28 12:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes[2013/07/28 12:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod[2013/07/28 12:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes[2013/07/28 12:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes[2013/07/28 12:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69[2013/07/21 08:20:56 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys[2013/07/21 08:20:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll[2013/07/21 08:20:03 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll[2013/07/21 08:20:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll[2013/07/21 08:20:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe[2013/07/21 08:20:02 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys[2013/07/21 08:20:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys[2013/07/21 08:20:01 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll[2013/07/21 08:20:01 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe[2013/07/21 08:20:01 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe[2013/07/21 08:20:01 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe[2013/07/21 08:20:01 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll[2013/07/21 08:20:01 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll[2013/07/21 08:20:01 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll[2013/07/21 08:20:01 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll[2013/07/21 08:20:01 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll[2013/07/21 08:20:01 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe[2013/07/21 08:20:01 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll[2013/07/21 08:20:01 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll[2013/07/21 08:20:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll[2013/07/21 08:20:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll[2013/07/21 08:20:01 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll[2013/07/21 08:20:01 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll[2013/07/21 08:20:01 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll[2013/07/21 08:20:00 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll[2013/07/21 08:20:00 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll[2013/07/21 08:13:26 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll[2013/07/21 08:13:26 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll[2013/07/21 08:13:25 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll[2013/07/21 08:13:25 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe[2013/07/21 08:11:27 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll[2013/07/21 08:11:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll[2013/07/21 08:11:27 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll[2013/07/21 08:11:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll[2013/07/21 08:11:26 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl[2013/07/21 08:11:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl[2013/07/21 08:11:26 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll[2013/07/21 08:11:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll[2013/07/21 08:11:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe[2013/07/21 08:11:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe[2013/07/21 08:11:25 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll[2013/07/21 08:11:25 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll[2013/07/21 08:11:25 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll[2013/07/21 08:11:25 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll[2013/07/21 08:11:24 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll[2013/07/21 08:04:43 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll[2013/07/21 08:04:43 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll[2013/07/21 08:04:43 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll[2013/07/21 08:04:43 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll[2013/07/21 08:04:41 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll[2013/07/21 08:04:41 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll[2013/07/21 08:04:40 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll[2013/07/21 08:04:40 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll[2013/07/21 08:04:40 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll[2013/07/21 08:04:40 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll[2013/07/21 08:04:40 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll[2013/07/21 08:04:40 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll[2013/07/21 08:04:40 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll[2013/07/21 08:04:40 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll[2013/07/21 08:04:40 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll[2013/07/21 08:04:40 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll[2013/07/21 08:04:40 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll[2013/07/21 08:04:40 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll[2013/07/21 08:04:40 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll[2013/07/21 08:04:40 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll[2013/07/21 08:04:40 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll[2013/07/21 08:04:40 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll[2013/07/21 08:04:40 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll[2013/07/21 08:04:40 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll[2013/07/21 08:04:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll[2013/07/21 08:04:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll[2013/07/21 08:04:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll[2013/07/21 08:04:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll[2013/07/21 08:04:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll[2013/07/21 08:04:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll[2013/07/21 08:04:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll[2013/07/21 08:04:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll[2013/07/21 08:04:40 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll[2013/07/21 08:04:40 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll[2013/07/21 08:04:39 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll[2013/07/21 08:04:39 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll[2013/07/21 08:04:39 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll[2013/07/21 08:04:39 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll[2013/07/21 08:04:39 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll[2013/07/21 08:01:24 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll[2013/07/21 08:01:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll[2013/07/21 08:01:21 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll[2013/07/21 08:00:47 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll[2013/07/21 08:00:47 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs[2013/07/21 08:00:47 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs[2013/07/21 08:00:47 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs[2013/07/21 08:00:47 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs[2013/07/21 08:00:47 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs[2013/07/21 08:00:47 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs[2013/07/21 08:00:47 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs[2013/07/21 08:00:47 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs[2013/07/21 08:00:47 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs[2013/07/21 08:00:47 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs[2013/07/21 08:00:47 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs[2013/07/21 08:00:47 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs[2013/07/21 08:00:47 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs[2013/07/21 08:00:47 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs[2013/07/21 08:00:47 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs[2013/07/21 08:00:47 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs[2013/07/21 08:00:47 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs[2013/07/21 08:00:47 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs[2013/07/21 08:00:47 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs[2013/07/21 08:00:47 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs[2013/07/21 08:00:46 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll[2013/07/21 08:00:46 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll[2013/07/21 08:00:46 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll[2013/07/21 08:00:45 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs[2013/07/21 08:00:45 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs[2013/07/21 08:00:45 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs[2013/07/21 08:00:45 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs[2013/07/21 08:00:45 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs[2013/07/21 08:00:45 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs[2013/07/21 08:00:45 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs[2013/07/21 08:00:45 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs[2013/07/21 08:00:29 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll[2013/07/21 08:00:27 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll[2013/07/21 08:00:27 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll[2013/07/21 08:00:21 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll[2013/07/21 08:00:21 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll[2013/07/21 08:00:21 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll[2013/07/21 08:00:21 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll[2013/07/21 08:00:20 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll[2013/07/21 08:00:20 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll[2013/07/21 08:00:19 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL[2013/07/21 08:00:19 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL[2013/07/21 08:00:17 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe[2013/07/21 08:00:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys[2013/07/21 08:00:13 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll[2013/07/21 08:00:13 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll[2013/07/21 08:00:11 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll[2013/07/21 08:00:11 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll[2013/07/21 07:59:53 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll[2013/07/21 07:59:53 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll[2013/07/21 07:59:53 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe[2013/07/21 07:59:52 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll[2013/07/21 07:59:52 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll[2013/07/21 07:59:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll[2013/07/21 07:59:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll[2013/07/21 07:59:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll[2013/07/21 07:59:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll[2013/07/21 07:59:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll[2013/07/21 07:59:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll[2013/07/21 07:59:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll[2013/07/21 07:59:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll[2013/07/21 07:59:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll[2013/07/21 07:59:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll[2013/07/21 07:59:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll[2013/07/21 07:59:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll[2013/07/21 07:59:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll[2013/07/21 07:59:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll[2013/07/21 07:59:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll[2013/07/21 07:59:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll[2013/07/21 07:59:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll[2013/07/21 07:59:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll[2013/07/21 07:59:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll[2013/07/21 07:59:40 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll[2013/07/21 07:59:40 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll[2013/07/21 07:56:04 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll[2013/07/21 07:56:04 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll[2013/06/15 11:18:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\New folder[2013/06/12 06:06:35 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll[2013/06/12 06:06:35 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe[2013/06/12 06:06:35 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe[2013/06/12 06:06:35 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll[2013/06/12 06:06:35 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll[2013/06/12 06:06:35 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll[2013/06/12 06:06:25 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll[2013/06/12 06:06:25 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll[2013/05/16 06:01:43 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll[2013/05/16 06:01:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll[2013/05/16 06:01:42 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll[2013/05/16 06:01:42 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe[2013/05/16 06:00:46 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys[2013/05/16 06:00:46 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll[2013/04/27 11:05:02 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Downloads[2013/04/27 11:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media converter[2013/04/27 11:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Media converter[2013/04/27 07:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber[2013/04/27 07:49:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audiograbber[2013/04/21 08:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\eBay[2013/04/21 08:23:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eBay[2013/04/10 17:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SupportSoft[2013/04/10 06:02:23 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe[2013/04/10 06:02:21 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe[2013/04/10 06:02:18 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe[2013/04/10 06:02:13 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe[2013/04/10 06:02:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll[2013/04/10 06:02:13 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll[2013/03/25 16:24:50 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys[2013/02/26 10:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight[2013/02/26 10:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight[2013/02/26 10:37:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight[2013/02/25 23:32:44 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll[2013/02/25 23:32:44 | 002,505,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll[2013/02/25 23:32:42 | 015,129,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll[2013/02/25 23:32:40 | 006,262,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll[2013/02/25 23:32:38 | 018,055,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll[2013/02/25 23:32:36 | 026,929,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll[2013/02/25 23:32:36 | 002,720,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll[2013/02/25 23:32:34 | 007,932,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll[2013/02/25 23:32:34 | 002,346,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll[2013/02/25 23:32:28 | 002,904,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll[2013/02/25 23:32:26 | 020,449,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll[2013/02/25 23:32:24 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll[2013/02/25 23:32:08 | 012,641,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll[2013/02/25 23:32:08 | 007,564,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll[2013/02/25 23:32:08 | 001,985,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll[2013/02/25 23:32:06 | 009,390,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll[2013/02/25 08:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Player Pro[2013/02/25 08:48:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Flash Player Pro[2013/02/25 08:48:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flash Player Pro[2013/02/18 08:22:18 | 001,472,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll[2013/02/18 08:22:18 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll[2013/02/18 08:22:16 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys[2013/02/18 08:22:16 | 000,072,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapo64v.dll[2013/02/13 06:52:07 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll[2013/02/13 06:52:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe[2013/02/13 06:52:07 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll[2013/02/13 06:52:07 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe[2013/02/13 06:52:07 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll[2013/02/13 06:52:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe[2013/02/13 06:52:02 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS[2013/02/10 08:13:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\uTorrent[2013/01/26 09:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2012[2013/01/18 19:32:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes[2013/01/18 07:15:24 | 000,550,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe[2013/01/09 06:46:47 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll[2013/01/09 06:46:20 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe[2013/01/05 21:38:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPino[2013/01/05 21:38:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPino[2013/01/02 20:38:35 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys[2013/01/02 20:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime[2012/12/21 21:55:51 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll[2012/12/21 21:55:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll[2012/12/21 21:55:50 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll[2012/12/21 21:55:50 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll[2012/12/13 12:50:38 | 006,112,864 | ---- | C] (Apple, Inc.) -- C:\Windows\SysNative\usbaaplrc.dll[2012/12/13 12:50:36 | 000,054,784 | ---- | C] (Apple, Inc.) -- C:\Windows\SysNative\drivers\usbaapl64.sys[2012/12/12 06:52:20 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll[2012/12/12 06:52:20 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll[2012/12/01 14:28:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\For Sale Stuff[2012/11/21 20:57:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP[2012/11/18 11:57:53 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\NVIDIA[2012/11/17 22:55:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation[2012/11/17 22:54:54 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll[2012/11/17 22:54:54 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll[2012/11/17 22:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation[2012/11/14 07:17:55 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll[2012/11/14 07:17:55 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll[2011/05/17 18:01:54 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ][3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 360 Days ========== [2013/11/06 19:46:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/11/06 19:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013/11/06 13:09:30 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/11/06 13:09:30 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/11/06 13:06:08 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013/11/06 13:06:08 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013/11/06 13:06:08 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013/11/06 13:01:25 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/11/06 13:01:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/11/06 13:01:14 | 1945,554,943 | -HS- | M] () -- C:\hiberfil.sys[2013/11/06 11:17:59 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts[2013/11/04 20:59:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.com[2013/11/04 19:08:16 | 000,891,184 | ---- | M] () -- C:\Users\Chris\Desktop\SecurityCheck.exe[2013/11/03 21:07:33 | 000,000,000 | ---- | M] () -- C:\Users\Chris\Documents\SG_Local_4[2013/11/03 17:05:48 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/11/03 17:04:06 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Chris\Desktop\mbam-setup-1.75.0.1300.exe[2013/11/03 17:00:15 | 000,000,132 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Adobe BMP Format CS5 Prefs[2013/11/03 15:02:10 | 006,902,211 | ---- | M] () -- C:\Users\Chris\Desktop\RY34420_RY34440_405_trilingual.pdf[2013/11/03 09:08:56 | 001,033,335 | ---- | M] (Thisisu) -- C:\Users\Chris\Desktop\JRT.exe[2013/11/03 07:35:40 | 001,060,070 | ---- | M] () -- C:\Users\Chris\Desktop\adwcleaner.exe[2013/10/31 21:23:38 | 011,133,600 | ---- | M] () -- C:\Users\Chris\Documents\Build sheet.bmp[2013/10/31 16:56:01 | 000,017,830 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\VT20131031.017[2013/10/23 20:19:04 | 002,811,656 | ---- | M] () -- C:\Users\Chris\Documents\IMG_002.bmp[2013/10/23 20:19:03 | 002,791,856 | ---- | M] () -- C:\Users\Chris\Documents\IMG_001.bmp[2013/10/23 20:14:41 | 002,983,342 | ---- | M] () -- C:\Users\Chris\Documents\IMG.bmp[2013/10/23 16:27:01 | 000,014,216 | ---- | M] () -- C:\Users\Chris\Documents\ordqteJS.html[2013/10/12 21:09:06 | 002,433,948 | ---- | M] () -- C:\Users\Chris\Documents\2006_chevy_monte_carlo.pdf[2013/10/09 10:35:39 | 009,625,938 | ---- | M] () -- C:\Users\Chris\Desktop\Yellow_Channel.prn[2013/10/09 10:28:19 | 009,625,938 | ---- | M] () -- C:\Users\Chris\Desktop\Cyan_Channel.prn[2013/10/09 10:27:45 | 009,625,938 | ---- | M] () -- C:\Users\Chris\Desktop\Magenta_Channel.prn[2013/10/08 16:35:48 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe[2013/10/08 16:35:48 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl[2013/10/08 13:48:04 | 000,000,434 | ---- | M] () -- C:\Users\Chris\Desktop\Yahoo! Mail.url[2013/09/29 15:53:42 | 009,941,282 | ---- | M] () -- C:\Users\Chris\Documents\man_e510_e.pdf[2013/09/23 17:18:06 | 000,000,044 | ---- | M] () -- C:\Windows\EPWF30.ini[2013/09/23 17:15:18 | 000,001,167 | ---- | M] () -- C:\Users\Public\Desktop\WorkForce 30 Series Info Center.lnk[2013/09/23 17:07:52 | 002,485,294 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\Cat.DB[2013/09/06 13:49:03 | 000,000,000 | ---- | M] () -- C:\Users\Chris\Documents\SG_Local_3[2013/08/29 20:18:35 | 000,000,446 | ---- | M] () -- C:\Users\Chris\Desktop\Outlook.url[2013/08/26 05:12:44 | 000,087,040 | ---- | M] () -- C:\Windows\SysNative\redmonnt.dll[2013/08/16 06:39:44 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk[2013/08/15 19:31:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf[2013/08/15 19:31:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf[2013/07/31 06:27:06 | 000,002,157 | ---- | M] () -- C:\Windows\cdplayer.ini[2013/07/28 12:04:22 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk[2013/07/21 08:34:07 | 005,133,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2013/07/07 09:52:58 | 000,001,057 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml[2013/06/27 19:18:56 | 000,000,800 | ---- | M] () -- C:\Windows\photoprn.ini[2013/06/27 06:29:41 | 002,472,158 | ---- | M] () -- C:\Users\Chris\Documents\D52W15_manual.pdf[2013/06/03 23:00:13 | 000,624,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll[2013/06/03 21:53:07 | 000,509,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll[2013/05/28 22:43:16 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll[2013/05/28 22:34:14 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl[2013/05/28 22:33:15 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll[2013/05/28 22:29:56 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe[2013/05/28 22:29:05 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll[2013/05/28 22:29:02 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll[2013/05/28 22:27:57 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll[2013/05/28 22:25:46 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll[2013/05/28 22:18:27 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll[2013/05/28 18:41:52 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl[2013/05/28 18:40:26 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll[2013/05/28 18:37:15 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe[2013/05/28 18:35:56 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll[2013/05/28 18:33:32 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll[2013/05/28 18:29:36 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll[2013/05/17 16:09:53 | 001,368,983 | ---- | M] () -- C:\Users\Chris\Documents\Proform 400 treadmill manual.pdf[2013/05/12 22:51:00 | 001,464,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll[2013/05/12 22:51:00 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll[2013/05/12 22:50:40 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll[2013/05/12 20:43:55 | 001,192,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe[2013/05/12 20:08:10 | 000,903,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe[2013/05/12 20:08:06 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll[2013/05/09 22:49:27 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll[2013/05/09 20:20:54 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll[2013/05/05 23:03:49 | 001,887,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL[2013/05/05 21:56:35 | 001,620,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL[2013/04/30 17:04:15 | 000,073,974 | ---- | M] () -- C:\Users\Chris\Documents\ITS000000175715 - Thank You - Invoice Receipt Attached.pdf[2013/04/28 08:20:21 | 004,747,948 | ---- | M] () -- C:\Users\Chris\Documents\51_57_65F710_S.pdf[2013/04/27 11:01:19 | 000,001,118 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Media converter.lnk[2013/04/27 11:00:41 | 000,071,913 | ---- | M] () -- C:\Windows\unins000.dat[2013/04/27 10:59:20 | 000,723,230 | ---- | M] () -- C:\Windows\unins000.exe[2013/04/27 07:50:03 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\Audiograbber.lnk[2013/04/25 22:51:36 | 000,751,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll[2013/04/25 21:55:21 | 000,492,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll[2013/04/25 16:30:32 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll[2013/04/24 19:14:08 | 008,332,249 | ---- | M] () -- C:\Users\Chris\Documents\HT-7450-usermanual.pdf[2013/04/11 07:22:56 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll[2013/04/11 07:22:56 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll[2013/04/09 23:01:54 | 000,265,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys[2013/04/05 06:45:04 | 000,600,928 | ---- | M] () -- C:\Users\Chris\2012 Jensen C Form 1040 Individual Tax Return.tax2012[2013/04/05 06:43:46 | 000,613,212 | ---- | M] () -- C:\Users\Chris\Documents\2012 Jensen C Form 1040 Individual Tax Return_Records.pdf[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2013/03/31 15:52:16 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll[2013/03/30 10:26:27 | 000,020,480 | ---- | M] () -- C:\Users\Chris\Documents\A2D1D000[2013/03/30 10:25:29 | 000,000,674 | ---- | M] () -- C:\Users\Chris\Documents\Square Transactions 1st qtr 2013.csv[2013/03/18 23:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe[2013/03/18 22:53:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll[2013/03/18 22:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll[2013/03/18 22:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe[2013/03/18 22:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe[2013/03/18 21:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll[2013/03/18 20:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe[2013/02/26 23:02:44 | 000,111,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe[2013/02/26 22:52:55 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll[2013/02/26 22:48:00 | 001,930,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll[2013/02/26 21:49:24 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll[2013/02/25 23:32:44 | 025,256,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll[2013/02/25 23:32:44 | 002,505,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll[2013/02/25 23:32:42 | 015,129,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll[2013/02/25 23:32:40 | 006,262,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll[2013/02/25 23:32:40 | 002,826,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll[2013/02/25 23:32:38 | 018,055,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll[2013/02/25 23:32:38 | 001,814,304 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll[2013/02/25 23:32:36 | 026,929,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll[2013/02/25 23:32:36 | 002,720,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll[2013/02/25 23:32:34 | 007,932,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll[2013/02/25 23:32:34 | 002,346,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll[2013/02/25 23:32:32 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll[2013/02/25 23:32:28 | 002,904,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll[2013/02/25 23:32:26 | 020,449,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll[2013/02/25 23:32:26 | 015,053,264 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll[2013/02/25 23:32:24 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll[2013/02/25 23:32:08 | 012,641,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll[2013/02/25 23:32:08 | 007,564,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll[2013/02/25 23:32:08 | 001,985,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll[2013/02/25 23:32:08 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb[2013/02/25 23:32:06 | 009,390,760 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll[2013/02/25 08:49:52 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite[2013/02/18 08:22:18 | 001,472,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll[2013/02/18 08:22:18 | 000,031,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll[2013/02/18 08:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys[2013/02/18 08:22:16 | 000,072,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapo64v.dll[2013/02/11 21:12:05 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys[2013/02/03 10:14:10 | 000,619,736 | ---- | M] () -- C:\Users\Chris\2011 Jensen C Form 1040 Individual Tax Return.tax2011[2013/02/01 23:31:42 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\isolate.ini[2013/01/23 21:32:16 | 000,000,015 | ---- | M] () -- C:\ProgramData\sdpN.tst[2013/01/18 08:00:28 | 006,390,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll[2013/01/18 08:00:28 | 003,460,896 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll[2013/01/18 08:00:11 | 002,558,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll[2013/01/18 08:00:11 | 000,118,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll[2013/01/18 08:00:11 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll[2013/01/18 07:15:24 | 000,550,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe[2013/01/13 14:17:03 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll[2013/01/13 14:17:02 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll[2013/01/13 14:16:42 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll[2013/01/13 14:12:46 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll[2013/01/13 14:11:21 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll[2013/01/13 14:11:08 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll[2013/01/13 14:11:07 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll[2013/01/13 14:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll[2013/01/13 14:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll[2013/01/13 13:35:31 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll[2013/01/13 13:35:31 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll[2013/01/13 13:35:18 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll[2013/01/13 13:32:07 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll[2013/01/13 13:31:48 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll[2013/01/13 13:31:41 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll[2013/01/13 13:31:40 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll[2013/01/13 13:31:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll[2013/01/13 13:31:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll[2013/01/13 12:59:04 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll[2013/01/13 12:53:14 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll[2013/01/13 12:51:30 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll[2013/01/13 12:49:17 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll[2013/01/13 12:38:39 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll[2013/01/13 12:38:21 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll[2013/01/13 12:25:04 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll[2013/01/13 12:24:33 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll[2013/01/13 12:24:30 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll[2013/01/13 12:20:42 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll[2013/01/13 12:20:04 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll[2013/01/13 12:15:40 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll[2013/01/13 12:10:36 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll[2013/01/13 12:02:06 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll[2013/01/13 11:34:58 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll[2013/01/13 11:32:43 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll[2013/01/13 11:09:52 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll[2013/01/13 10:26:42 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll[2013/01/13 10:19:56 | 000,000,479 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc[2013/01/13 10:05:09 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll[2013/01/05 21:38:47 | 000,001,814 | ---- | M] () -- C:\Users\Chris\Desktop\Pinochle.lnk[2013/01/04 21:42:01 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI[2013/01/03 23:11:21 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll[2013/01/03 23:11:13 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll[2013/01/03 22:46:09 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll[2013/01/03 21:51:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll[2013/01/03 19:47:35 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe[2013/01/03 19:47:34 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe[2013/01/03 19:47:34 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe[2013/01/03 19:47:33 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll[2013/01/02 23:00:42 | 000,288,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS[2013/01/01 12:52:51 | 005,670,056 | ---- | M] () -- C:\Users\Chris\Documents\Mileage log.bmp[2012/12/31 18:01:10 | 000,010,859 | ---- | M] () -- C:\Users\Chris\Documents\planner-style3.gif[2012/12/16 10:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll[2012/12/16 07:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll[2012/12/16 07:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll[2012/12/16 07:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll[2012/12/13 12:50:38 | 006,112,864 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\usbaaplrc.dll[2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\drivers\usbaapl64.sys[2012/12/09 16:06:59 | 000,000,132 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Adobe GIF Format CS5 Prefs[2012/12/09 15:15:26 | 000,000,292 | ---- | M] () -- C:\Windows\wininit.ini[2012/12/08 21:08:39 | 000,001,121 | ---- | M] () -- C:\Users\Chris\Documents\Square Transactions 2012.csv[2012/12/07 06:20:16 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll[2012/12/07 06:15:31 | 002,746,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll[2012/12/07 05:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll[2012/12/07 05:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll[2012/12/07 04:20:04 | 000,030,720 | ---- | M] (Microsoft) -- C:\Windows\SysNative\usk.rs[2012/12/07 04:20:03 | 000,043,520 | ---- | M] (Microsoft) -- C:\Windows\SysNative\csrr.rs[2012/12/07 04:20:03 | 000,023,552 | ---- | M] (Microsoft) -- C:\Windows\SysNative\oflc.rs[2012/12/07 04:20:01 | 000,045,568 | ---- | M] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs[2012/12/07 04:20:01 | 000,044,544 | ---- | M] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs[2012/12/07 04:20:01 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs[2012/12/07 04:20:00 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs[2012/12/07 04:19:59 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysNative\pegi.rs[2012/12/07 04:19:58 | 000,046,592 | ---- | M] (Microsoft) -- C:\Windows\SysNative\fpb.rs[2012/12/07 04:19:57 | 000,040,960 | ---- | M] (Microsoft) -- C:\Windows\SysNative\cob-au.rs[2012/12/07 04:19:57 | 000,021,504 | ---- | M] (Microsoft) -- C:\Windows\SysNative\grb.rs[2012/12/07 04:19:57 | 000,015,360 | ---- | M] (Microsoft) -- C:\Windows\SysNative\djctq.rs[2012/12/07 04:19:56 | 000,055,296 | ---- | M] (Microsoft) -- C:\Windows\SysNative\cero.rs[2012/12/07 04:19:55 | 000,051,712 | ---- | M] (Microsoft) -- C:\Windows\SysNative\esrb.rs[2012/12/07 03:46:42 | 000,043,520 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\csrr.rs[2012/12/07 03:46:42 | 000,030,720 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\usk.rs[2012/12/07 03:46:41 | 000,045,568 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs[2012/12/07 03:46:41 | 000,044,544 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs[2012/12/07 03:46:41 | 000,023,552 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\oflc.rs[2012/12/07 03:46:41 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs[2012/12/07 03:46:40 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs[2012/12/07 03:46:39 | 000,046,592 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\fpb.rs[2012/12/07 03:46:39 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegi.rs[2012/12/07 03:46:38 | 000,021,504 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\grb.rs[2012/12/07 03:46:37 | 000,040,960 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs[2012/12/07 03:46:37 | 000,015,360 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\djctq.rs[2012/12/07 03:46:36 | 000,055,296 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\cero.rs[2012/12/07 03:46:36 | 000,051,712 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\esrb.rs[2012/12/03 13:06:31 | 004,378,676 | ---- | M] () -- C:\Users\Chris\Documents\True Grit lightened 1.bmp[2012/12/03 13:06:17 | 004,378,680 | ---- | M] () -- C:\Users\Chris\Documents\True Grit original 1.bmp[2012/12/03 13:01:02 | 009,850,676 | ---- | M] () -- C:\Users\Chris\Documents\True Grit lightened.bmp[2012/12/03 12:59:50 | 009,850,680 | ---- | M] () -- C:\Users\Chris\Documents\True Grit original.bmp[2012/12/02 09:15:06 | 000,004,964 | ---- | M] () -- C:\Users\Chris\Desktop\Facebook.url[2012/11/29 22:45:35 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll[2012/11/29 22:45:35 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll[2012/11/29 22:45:35 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll[2012/11/29 22:43:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll[2012/11/29 22:41:07 | 001,161,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll[2012/11/29 22:41:07 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll[2012/11/29 22:38:45 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll[2012/11/29 22:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll[2012/11/29 22:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll[2012/11/29 22:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll[2012/11/29 22:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll[2012/11/29 22:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll[2012/11/29 22:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll[2012/11/29 22:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll[2012/11/29 22:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll[2012/11/29 22:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll[2012/11/29 22:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll[2012/11/29 22:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll[2012/11/29 22:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll[2012/11/29 22:38:44 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll[2012/11/29 22:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll[2012/11/29 22:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll[2012/11/29 22:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll[2012/11/29 22:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll[2012/11/29 22:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll[2012/11/29 22:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll[2012/11/29 22:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll[2012/11/29 22:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll[2012/11/29 22:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll[2012/11/29 22:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll[2012/11/29 22:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll[2012/11/29 22:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll[2012/11/29 22:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll[2012/11/29 22:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll[2012/11/29 21:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll[2012/11/29 21:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll[2012/11/29 21:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll[2012/11/29 21:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll[2012/11/29 21:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll[2012/11/29 21:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll[2012/11/29 21:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll[2012/11/29 21:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll[2012/11/29 21:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll[2012/11/29 21:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll[2012/11/29 21:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll[2012/11/29 21:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll[2012/11/29 21:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll[2012/11/29 21:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll[2012/11/29 21:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll[2012/11/29 21:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll[2012/11/29 21:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll[2012/11/29 21:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll[2012/11/29 21:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll[2012/11/29 21:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll[2012/11/29 21:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll[2012/11/29 21:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll[2012/11/29 21:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll[2012/11/29 21:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll[2012/11/29 20:23:48 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe[2012/11/29 19:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll[2012/11/29 19:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll[2012/11/29 19:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll[2012/11/29 19:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll[2012/11/22 20:13:57 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe[2012/11/21 22:44:23 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll[2012/11/19 22:48:49 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ][3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/11/04 19:08:16 | 000,891,184 | ---- | C] () -- C:\Users\Chris\Desktop\SecurityCheck.exe[2013/11/03 17:05:47 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/11/03 15:02:10 | 006,902,211 | ---- | C] () -- C:\Users\Chris\Desktop\RY34420_RY34440_405_trilingual.pdf[2013/11/03 07:35:40 | 001,060,070 | ---- | C] () -- C:\Users\Chris\Desktop\adwcleaner.exe[2013/10/31 21:18:10 | 011,133,600 | ---- | C] () -- C:\Users\Chris\Documents\Build sheet.bmp[2013/10/23 20:18:10 | 002,811,656 | ---- | C] () -- C:\Users\Chris\Documents\IMG_002.bmp[2013/10/23 20:16:52 | 002,791,856 | ---- | C] () -- C:\Users\Chris\Documents\IMG_001.bmp[2013/10/23 20:14:41 | 002,983,342 | ---- | C] () -- C:\Users\Chris\Documents\IMG.bmp[2013/10/23 16:27:01 | 000,014,216 | ---- | C] () -- C:\Users\Chris\Documents\ordqteJS.html[2013/10/12 21:08:56 | 002,433,948 | ---- | C] () -- C:\Users\Chris\Documents\2006_chevy_monte_carlo.pdf[2013/10/09 10:27:43 | 009,625,938 | ---- | C] () -- C:\Users\Chris\Desktop\Yellow_Channel.prn[2013/10/09 10:27:36 | 009,625,938 | ---- | C] () -- C:\Users\Chris\Desktop\Cyan_Channel.prn[2013/10/09 10:27:27 | 009,625,938 | ---- | C] () -- C:\Users\Chris\Desktop\Magenta_Channel.prn[2013/09/29 15:53:42 | 009,941,282 | ---- | C] () -- C:\Users\Chris\Documents\man_e510_e.pdf[2013/09/23 20:53:22 | 000,000,000 | ---- | C] () -- C:\Users\Chris\Documents\SG_Local_4[2013/09/23 17:15:18 | 000,001,167 | ---- | C] () -- C:\Users\Public\Desktop\WorkForce 30 Series Info Center.lnk[2013/09/23 17:07:19 | 000,000,044 | ---- | C] () -- C:\Windows\EPWF30.ini[2013/09/22 12:39:56 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\redmonnt.dll[2013/08/29 20:18:35 | 000,000,446 | ---- | C] () -- C:\Users\Chris\Desktop\Outlook.url[2013/08/16 06:39:44 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk[2013/08/15 19:31:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf[2013/08/15 19:31:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf[2013/07/21 08:20:58 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf[2013/07/21 08:13:25 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf[2013/06/27 06:29:21 | 002,472,158 | ---- | C] () -- C:\Users\Chris\Documents\D52W15_manual.pdf[2013/05/23 05:44:10 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013/05/17 16:09:53 | 001,368,983 | ---- | C] () -- C:\Users\Chris\Documents\Proform 400 treadmill manual.pdf[2013/04/30 17:04:13 | 000,073,974 | ---- | C] () -- C:\Users\Chris\Documents\ITS000000175715 - Thank You - Invoice Receipt Attached.pdf[2013/04/28 08:17:43 | 004,747,948 | ---- | C] () -- C:\Users\Chris\Documents\51_57_65F710_S.pdf[2013/04/27 11:01:19 | 000,001,118 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Media converter.lnk[2013/04/27 11:00:39 | 000,723,230 | ---- | C] () -- C:\Windows\unins000.exe[2013/04/27 11:00:39 | 000,071,913 | ---- | C] () -- C:\Windows\unins000.dat[2013/04/27 07:50:19 | 000,002,157 | ---- | C] () -- C:\Windows\cdplayer.ini[2013/04/27 07:50:02 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\Audiograbber.lnk[2013/04/24 19:13:45 | 008,332,249 | ---- | C] () -- C:\Users\Chris\Documents\HT-7450-usermanual.pdf[2013/04/05 06:43:45 | 000,613,212 | ---- | C] () -- C:\Users\Chris\Documents\2012 Jensen C Form 1040 Individual Tax Return_Records.pdf[2013/03/30 10:26:14 | 000,020,480 | ---- | C] () -- C:\Users\Chris\Documents\A2D1D000[2013/03/30 10:25:29 | 000,000,674 | ---- | C] () -- C:\Users\Chris\Documents\Square Transactions 1st qtr 2013.csv[2013/02/25 23:32:08 | 000,017,266 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb[2013/02/25 08:49:52 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite[2013/01/23 18:34:13 | 000,000,434 | ---- | C] () -- C:\Users\Chris\Desktop\Yahoo! Mail.url[2013/01/13 11:05:30 | 000,600,928 | ---- | C] () -- C:\Users\Chris\2012 Jensen C Form 1040 Individual Tax Return.tax2012[2013/01/05 21:38:50 | 000,000,015 | ---- | C] () -- C:\ProgramData\sdpN.tst[2013/01/05 21:38:46 | 000,001,814 | ---- | C] () -- C:\Users\Chris\Desktop\Pinochle.lnk[2013/01/04 21:42:01 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI[2013/01/01 12:52:49 | 005,670,056 | ---- | C] () -- C:\Users\Chris\Documents\Mileage log.bmp[2012/12/31 18:06:18 | 000,010,859 | ---- | C] () -- C:\Users\Chris\Documents\planner-style3.gif[2012/12/09 16:06:59 | 000,000,132 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Adobe GIF Format CS5 Prefs[2012/12/08 21:08:39 | 000,001,121 | ---- | C] () -- C:\Users\Chris\Documents\Square Transactions 2012.csv[2012/12/03 13:06:29 | 004,378,676 | ---- | C] () -- C:\Users\Chris\Documents\True Grit lightened 1.bmp[2012/12/03 13:06:16 | 004,378,680 | ---- | C] () -- C:\Users\Chris\Documents\True Grit original 1.bmp[2012/12/03 13:01:00 | 009,850,676 | ---- | C] () -- C:\Users\Chris\Documents\True Grit lightened.bmp[2012/12/03 12:59:47 | 009,850,680 | ---- | C] () -- C:\Users\Chris\Documents\True Grit original.bmp[2012/12/02 09:15:06 | 000,004,964 | ---- | C] () -- C:\Users\Chris\Desktop\Facebook.url[2012/11/11 16:52:52 | 000,000,132 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Adobe PNG Format CS5 Prefs[2012/11/07 19:29:43 | 000,221,304 | ---- | C] () -- C:\Windows\hpoins19.dat[2012/11/07 19:29:43 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat[2012/10/26 07:49:24 | 000,001,456 | ---- | C] () -- C:\Users\Chris\AppData\Local\Adobe Save for Web 12.0 Prefs[2012/06/17 10:08:22 | 000,221,304 | ---- | C] () -- C:\Windows\hpoins19.dat.temp[2012/06/17 10:08:22 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp[2012/04/20 16:46:08 | 000,000,197 | ---- | C] () -- C:\Windows\i1Share.ini[2012/04/10 07:41:07 | 000,000,132 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Adobe BMP Format CS5 Prefs[2012/04/09 20:14:04 | 000,000,000 | ---- | C] () -- C:\Windows\ui.INI[2012/04/02 20:55:35 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI[2012/03/31 10:28:25 | 000,000,031 | ---- | C] () -- C:\Windows\AutoRun.ini[2012/03/31 05:53:19 | 000,000,044 | ---- | C] () -- C:\Windows\PERFV30V300.ini[2012/03/04 15:00:46 | 000,006,688 | ---- | C] () -- C:\Windows\SysWow64\Digita.sys[2012/03/04 15:00:45 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\ldf252.dll[2012/02/19 19:17:11 | 000,263,550 | ---- | C] () -- C:\Users\Chris\2011 Jensen K Form 1040 Individual Tax Return_Records.pdf[2012/02/13 10:49:41 | 000,072,080 | ---- | C] () -- C:\Users\Chris\g2mdlhlpx.exe[2012/01/29 11:38:11 | 000,559,160 | ---- | C] () -- C:\Users\Chris\2011 Jensen K Form 1040 Individual Tax Return.tax2011[2012/01/29 11:34:45 | 000,619,736 | ---- | C] () -- C:\Users\Chris\2011 Jensen C Form 1040 Individual Tax Return.tax2011[2012/01/28 21:42:47 | 000,000,737 | ---- | C] () -- C:\Windows\XMLEditor4.INI[2012/01/16 19:33:45 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat[2012/01/16 19:33:45 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat[2012/01/16 19:33:45 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat[2012/01/16 19:33:45 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat[2012/01/16 19:33:45 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat[2012/01/16 19:33:45 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat[2012/01/16 19:33:45 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat[2012/01/16 19:33:45 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat[2012/01/16 19:33:45 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat[2012/01/16 19:33:45 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat[2012/01/16 19:33:45 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat[2012/01/16 19:33:45 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat[2012/01/16 19:33:45 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat[2012/01/16 19:33:45 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat[2012/01/16 19:33:45 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat[2012/01/16 19:33:45 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini[2012/01/16 19:32:21 | 000,000,080 | ---- | C] () -- C:\Windows\EPWF1100.ini[2012/01/15 12:36:49 | 000,000,479 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc[2011/11/07 23:08:38 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll[2011/05/18 22:14:34 | 000,005,120 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2011/05/17 18:03:13 | 000,001,057 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml[2011/05/17 18:01:54 | 000,099,384 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\inst.exe[2011/05/17 18:01:54 | 000,007,859 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat[2011/05/17 18:01:54 | 000,001,167 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf ========== ZeroAccess Check ========== [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011/06/01 18:44:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OEM[2011/05/17 19:59:24 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ACD Systems[2011/09/03 20:04:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AnvSoft[2011/05/17 17:21:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Barnes & Noble[2013/03/03 08:02:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\BitComet[2011/05/20 18:17:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Camersoft[2011/06/01 21:02:46 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Canneverbe Limited[2012/01/14 09:27:37 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Canon[2012/01/08 10:31:15 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1[2012/01/07 21:15:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant[2011/06/01 17:36:30 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Digiarty[2012/02/26 15:25:05 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Downloaded Installations[2013/09/22 13:16:36 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Dropbox[2012/04/09 07:52:13 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\EPSON[2011/06/01 17:01:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ImTOO[2012/02/22 17:36:17 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\InFiles[2012/01/16 19:43:14 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leader Technologies[2012/01/16 19:38:50 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leadertech[2011/06/19 16:35:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\NCH Swift Sound[2012/02/26 21:32:16 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Nitro PDF[2011/05/16 21:01:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OEM[2011/07/12 07:15:30 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PCHC[2012/01/08 07:42:06 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PDAppFlex[2013/09/22 12:58:37 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PDFlite[2011/07/27 20:30:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PowerCinema[2012/11/07 18:18:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ScannerData[2011/05/17 20:05:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SoftGrid Client[2011/05/22 10:22:46 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Temp[2011/05/17 20:04:21 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TP[2013/02/10 08:55:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent[2013/07/07 09:52:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vso[2011/06/21 15:09:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WeatherBug[2011/05/17 17:20:20 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WildTangent ========== Purity Check ========== ========== Custom Scans ========== < :OTL >[2009/07/13 22:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT[2009/07/13 22:08:49 | 000,032,612 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT[2012/08/10 19:02:16 | 000,000,892 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job[2012/08/10 19:02:18 | 000,000,896 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job[2013/05/23 05:44:10 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} > < IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox > < IE - HKLM\..\SearchScopes,DefaultScope = > < IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC > < IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = > < IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = > < IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = > < IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = > < FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found >Invalid Switch: GENUINE: disabled File not found < FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found >Invalid Switch: iTunes,version=: File not found < FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found >Invalid Switch: GENUINE: disabled File not found < FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found >Invalid Switch: WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found < O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. > < O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. > < O3 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. > < O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found > < O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found > < O4 - HKU\.DEFAULT..\Run: [searchProtect] \SearchProtect\bin\cltmng.exe File not found > < O4 - HKU\S-1-5-18..\Run: [searchProtect] \SearchProtect\bin\cltmng.exe File not found > < O4 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001..\Run: [AdobeBridge] File not found > < O4 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001..\Run: [EPSON WorkForce 30 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Windows\TEMP\E_S386E.tmp" /EF "HKCU" File not found > < O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found > < O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found > < O1364bit: - gopher Prefix: missing > < O13 - gopher Prefix: missing > < O18:64bit: - Protocol\Handler\ipp - No CLSID value found > < O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found > < O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found > < O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found > < O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found > < O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. > < O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. > < :Commands > < > < [emptyjava] > < [emptyflash] > < [EMPTYTEMP] > < [RESETHOSTS] > < [Reboot] > ========== Alternate Data Streams ========== @Alternate Data Stream - 256 bytes -> C:\Windows:nlsPreferences< End of report > Link to post Share on other sites
woodshopfun Posted November 7, 2013 Author Report Share Posted November 7, 2013 OTL Extras logfile created on: 11/6/2013 7:59:35 PM - Run 2OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.75 Gb Total Physical Memory | 5.79 Gb Available Physical Memory | 74.66% Memory free15.50 Gb Paging File | 13.47 Gb Available in Paging File | 86.90% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 913.84 Gb Total Space | 745.24 Gb Free Space | 81.55% Space Free | Partition Type: NTFS Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [ACDBrowse] -- "C:\PROGRA~2\ACDSYS~1\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [ACDBrowse] -- "C:\PROGRA~2\ACDSYS~1\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 1"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 1"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 1"EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0263F5A4-066E-446C-BCF6-81DAEB511529}" = lport=9948 | protocol=6 | dir=in | name=bitcomet 9948 tcp |"{1338B448-9584-4865-A529-77C4EDB81AEB}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |"{22A98113-4C79-4FFB-AD4B-472542F3F348}" = lport=139 | protocol=6 | dir=in | app=system |"{256359A0-20B3-40F1-B1A3-09251D58521F}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |"{2CCB7376-6E3B-4AE5-8F7D-1A8D5FE596A2}" = rport=445 | protocol=6 | dir=out | app=system |"{31340FBF-564D-4F50-BF9D-CE59BA33FF9E}" = rport=10243 | protocol=6 | dir=out | app=system |"{3C640939-9BBE-43B1-AAD4-9BFCDDC9C3E4}" = rport=138 | protocol=17 | dir=out | app=system |"{4598C4E8-CE46-46AD-9047-996D849D130E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |"{477D3B3D-813B-4EAB-BC71-34F43B3861E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |"{537930F8-46DF-4163-9824-38580CDF39A9}" = lport=9948 | protocol=17 | dir=in | name=bitcomet 9948 udp |"{5EC773AC-D50F-4A55-8507-F1E548A0E07D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{60B3736B-F1C1-4F7B-9151-CA937983101B}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |"{6142C676-32AA-411F-8294-91C7EE6E119A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{65A4ADB6-8746-46D6-B685-80CE9F5CF80E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{696A6073-BA18-4697-9A7A-723CD90F9E42}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{6DF8F2DC-4B24-45D9-A66C-2AB7170BD3AE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{6F30700D-4D8A-46F7-B47C-105A72301B5F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{8966649D-BF1B-4064-BD4D-31BD0D65C880}" = rport=137 | protocol=17 | dir=out | app=system |"{91ED04E6-4A72-4AD8-8529-C10141021974}" = lport=445 | protocol=6 | dir=in | app=system |"{9511AD1F-A4DB-46A0-AB89-8CF5AA175576}" = lport=137 | protocol=17 | dir=in | app=system |"{9BD3D0E3-5C50-4598-9EE1-544FE34FE172}" = rport=139 | protocol=6 | dir=out | app=system |"{ABA57B80-EBF9-4C73-8C91-2E6411D2228B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |"{AD3A8C07-AE05-4299-89D8-E6F77415B93B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{ADC08A0B-1164-449B-B6C5-F77E8CE6C02C}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |"{B1EB61F1-E109-4B4B-8C8C-E3F7626A1394}" = lport=10243 | protocol=6 | dir=in | app=system |"{C1077D54-12B4-4DCC-897A-492E6F5BC4F6}" = lport=2869 | protocol=6 | dir=in | app=system |"{CE84891F-37E8-42AB-9F92-C3444832D074}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |"{D320F822-844A-4425-A926-B05D8ECDAE94}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{E08659AE-CEC8-44A3-AB9C-272FBF8C63CC}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |"{ECA3D0E8-0B24-44A0-8151-B4F67D765A20}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{027E84AD-C48E-4806-BD49-1918AAF76089}" = protocol=6 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwida.exe |"{033CF974-FC9F-4334-AD9A-3F5DC69E3582}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{0616E7C3-B62B-4E66-993D-7835134CEC3C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{077DAA4D-4192-4CC4-B84D-09DCAD10BD74}" = protocol=17 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwida.exe |"{07E7A5CB-5944-44A0-9EBD-C859E4DB16FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{0B5730B8-EC59-466D-A79D-FC8635A2984E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{0C87F825-DB70-42BD-B3A6-060F046388CD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |"{0EF9D254-C114-4AA9-B87E-D4074F21D39F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{1A2B5163-9AA6-4E05-8BFB-213F4AB97D4C}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |"{1A44CB02-3280-4002-B455-C1FAAC09E359}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{1C452AC3-FD69-4895-AF42-2C7980677BC4}" = protocol=17 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwism.exe |"{1FAE9523-7125-434F-BAD6-B990EE83C1C8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |"{234BFFA3-0E88-473F-901A-909E2531F090}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe |"{35853AF4-0E0C-46FE-B9BB-46F277A7637A}" = protocol=58 | dir=in | app=system |"{3CD2EADE-0D02-44AD-8CC9-F47687A39F2E}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |"{40F62F5A-0EEC-4B47-9C3D-6ED67BFF50C5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |"{42F38AC4-1C8E-4935-BF43-253772B8CEB1}" = protocol=1 | dir=in | [email protected],-28543 |"{43E7D67F-AA90-4A24-B575-BC0EB7F16BAC}" = protocol=1 | dir=out | [email protected],-28544 |"{4D88ADFC-543F-42BC-B781-1FD4BC1E84E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{4FD3CF08-2552-49CF-A93D-C29DED23A5D1}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |"{52A463DA-17BD-4197-A30A-762BD88AB8FB}" = protocol=6 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwism.exe |"{55B0DBCA-3360-44D2-A13B-5034A52DBA97}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |"{5A2D046D-6A43-4ED6-B11B-E7BADC7ECC87}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |"{5FAED20F-9CC8-4CAF-8E04-198397994342}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |"{61AC5CF2-0EFB-49AC-9EBD-E63470A2A97D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |"{674B288B-B6E1-4D55-89D5-3903953E3910}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |"{6980B2FD-2A56-4D17-9A1B-5E67B7FB76A6}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |"{69BDCBCE-E2CD-41EA-8E62-65FCC83F9CD1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |"{7157C1DE-12FA-4C25-9C2A-AB1FEAEA9A04}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |"{744A3719-A9A1-4B3F-B1B8-3F706AE10C82}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |"{7764D3B1-B939-4081-A76A-E2C4E2101225}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\clmlsvc.exe |"{7BA83E5C-D421-4039-8110-2C10FC4B8F15}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |"{7DDB5964-8D41-49DF-832A-E8F98D963E2D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |"{8008F2D7-D2F1-4A21-9087-08F3CB81ABB8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |"{8101F437-97E3-43E5-8FD4-294F87366901}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |"{8E5B79BE-C9D1-4EB3-87CC-44A8CE35FBAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{8E9DB9D0-8CDC-47A4-B01E-2F5AEF7DEA6D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |"{9083C5BB-24EB-4109-AC3F-AE4905BCC82E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |"{910212B0-F712-41F2-B293-71544C1E04BA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |"{9313BD31-2B2C-4FCC-B565-C0E0E2269FFB}" = protocol=58 | dir=out | [email protected],-503 |"{96E1379E-A4BE-4A4D-BE5E-5BBD6513B210}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |"{978B1C6F-AFB1-482B-85F3-344BA04E8DF3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{993CC130-5B23-4A1A-BDAD-7EEDE2D12A27}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |"{9A75BDD3-0008-41F1-AD5F-16C2A9E85868}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{A4E6033E-FD39-4B58-92CC-526F186D2EB8}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe |"{A855E219-8F36-4548-9F5D-8FF0F5A86140}" = protocol=6 | dir=out | app=system |"{A8DD326E-6327-4A9D-8E98-02264558D269}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\arcadedeluxeagent.exe |"{AEE9C64A-990D-4F42-AC1E-294F0D9B3DD2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |"{B76303DA-A626-4FA0-9035-FB73B813F320}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{BAC06B63-486A-4BF7-956A-E482D27C6272}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{BD22FF84-5FE3-4B92-968D-81A26CCC81A3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |"{C3A557B6-0D92-458D-9E46-EEE8BA4CD55E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{C5468079-87E4-43AD-92F6-EF98C25E2F3E}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |"{C5720CF1-94A5-49CA-BE4E-6ADAC9A60105}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |"{CADE649F-FC8B-4F52-948A-896EF14C4CDF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |"{D678AF46-99C8-47B9-A1A2-A6540A5A6881}" = protocol=58 | dir=in | [email protected],-28545 |"{DB7FB793-2C55-4DAF-81D7-584E83C83366}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |"{E5BA9490-1C9B-4E90-BA6F-450D36998DEF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |"{E5BDB54C-D056-41E3-A964-966E4DF383A3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |"{E8CB8650-2AAE-44C1-867B-156B4D9569BC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |"{E94E1A2D-F234-4FD4-9CE9-BB664DA3C095}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |"{EA2AE888-1262-4A9F-89E7-3B35B0A1C2ED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |"{EF430E01-0C9C-44B1-B78D-B873BEF7A035}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |"{FBBEA0E1-D2AE-429E-BCDB-2ED98FEC6624}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{FF0C85A1-9292-45B4-807D-9AC892EC5377}" = protocol=58 | dir=out | [email protected],-28546 | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"CANONLPESP100" = Canon Large Format Printer Extended Survey Program"EPSON WorkForce 30 Series" = EPSON WorkForce 30 Series Printer Uninstall"HP Imaging Device Functions" = HP Imaging Device Functions 13.0"HP Photosmart Essential" = HP Photosmart Essential 3.5"HP Smart Web Printing" = HP Smart Web Printing 4.51"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0"HPExtendedCapabilities" = HP Customer Participation Program 13.0"HPOCR" = OCR Software by I.R.I.S. 13.0"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"NVIDIA Drivers" = NVIDIA Drivers"Recuva" = Recuva"Shop for HP Supplies" = Shop for HP Supplies"VueScan" = VueScan"Zune" = Zune [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86"{0BE576BC-49F3-4F3F-89AB-0E2ABF35122F}" = Canon iPF8300 Print Plug-In for Photoshop CS5 x64"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan"{13273B8A-E750-4FD4-B6E0-AFC689FCF283}" = iPF8300 Media Configuration Tool"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2"{174126E2-5F05-41BD-A377-FAA44C15EC71}" = CarveWright System"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{22E23DF0-7FAE-4DA2-9DA2-45B984AA742C}_is1" = CenturyLink QuickAssist Desktop Tools"{256595b8-8ce7-4e31-8e8b-9923ba7c4e80}_is1" = Media converter"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help"{384E10CC-9455-40BC-B79C-0708C1D42302}" = Canon PosterArtist Lite"{3C873221-12B9-475D-8DCB-62D0B2179AF9}" = USB2.0 ATV"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2"{66392B7C-C522-450D-97B7-B3E41E170C3B}" = imagePROGRAF Status Monitor"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{729E16B3-1B80-4F3F-8D19-342A89631E0A}_is1" = Media converter"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1"{91D27E68-979D-450F-82CC-418C5267C43E}" = Canon iPF8300 Print Plug-In for Photoshop CS5"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth"{982AC07C-985C-42D8-990E-2EEF443D53CE}" = ArcSoft MediaImpression"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software"{A4B68C10-AEF9-4068-8CB5-216963AFC86C}" = Light Source Check Tool"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime"{B67A83A0-DBE5-482E-8437-5E0AD6D0EF1D}" = Canon iPF8300 User Manual"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie"{BCE2ED29-2E42-4481-8071-5D3E9FD270EE}" = MAX Console"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant"{C5B66421-3963-4ACD-9074-2648A4741033}" = Nero 7 Essentials"{C96FF998-45BD-411E-9253-B7F2660FE280}" = Qwest Installer"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq"{DB3A97C0-EEC1-43FE-AB56-E2EA972CF111}" = 1600"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper"{EA79DC46-98B0-4A26-A76F-448A032E5E4D}" = 1600Trb"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR"{FEA5A8ED-93A1-44EE-9A7D-43103DB3F78D}" = 1600_Help"{FF484104-ECC5-499C-9B12-D0F8178A16A5}" = ScanExpress A3 USB 2400 Pro V1.2"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"7-Zip" = 7-Zip 4.65"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint"ACDSee" = ACDSee"Acer Game Console" = Acer Game Console"Acer Registration" = Acer Registration"Acer Screensaver" = Acer ScreenSaver"Acer Welcome Center" = Welcome Center"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Applian Director2.1" = Applian Director"ArcSoft Camera Suite" = ArcSoft Camera Suite"Audiograbber" = Audiograbber 1.83 SE"Audiograbber-Lame" = Audiograbber MP3 Plugin"BN_DesktopReader" = NOOK for PC"Cfont Pro_is1" = Cfont Pro v4"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows"ExpressRip" = Express Rip"Flash Player Pro_is1" = Flash Player Pro V5.4"FutureMatDesigner" = FutureMatDesigner"Hotkey Utility" = Hotkey Utility"Hoyle Card Games 5" = Hoyle Card Games 5"Identity Card" = Identity Card"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager"InstallShield_{BCE2ED29-2E42-4481-8071-5D3E9FD270EE}" = MAX Console"InstallShield_{FF484104-ECC5-499C-9B12-D0F8178A16A5}" = ScanExpress A3 USB 2400 Pro V1.2"Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.1"MagicISO v5.5_is1" = MagicISO v5.5 (build 0274)"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"M-Minder_is1" = M-Minder 3.1"NAV" = Norton AntiVirus"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver"Pinochle_is1" = Pinochle 4.14"Replay Video Capture3.1B" = Replay Video Capture"Replay Video Capture4.2" = Replay Video Capture"Silent Package Run-Time Sample" = WorkForce 30 Series Info Center"Spyder4Elite" = Spyder4Elite"TurboTax 2011" = TurboTax 2011"TurboTax 2012" = TurboTax 2012"WF30IQ" = PowerDriver IQ WF30"WildTangent acer Master Uninstall" = Acer Games"WT088295" = Agatha Christie - Death on the Nile"WT088300" = Bejeweled 2 Deluxe"WT088310" = Build-a-lot 2"WT088312" = Chuzzle Deluxe"WT088318" = Diner Dash 2 Restaurant Rescue"WT088350" = Jewel Quest Solitaire 2"WT088364" = Plants vs. Zombies"WT088373" = Blackhawk Striker 2"WT088393" = Dora's Carnival Adventure"WT088413" = FATE"WT088445" = John Deere Drive Green"WT088449" = Penguins!"WT088453" = Polar Bowler"WT088457" = Polar Golfer"WT088517" = Zuma's Revenge"WT088553" = Virtual Villagers 4 - The Tree of Life"WT088649" = 18 Wheels of Steel - American Long Haul"WT088653" = Jewel Quest - Heritage"Yahoo! Companion" = Yahoo! Toolbar"Yahoo! Mail" = Yahoo! Internet Mail"Yahoo! Mail Advisor" = Yahoo! Mail Advisor"Yahoo! Software Update" = Yahoo! Software Update"YInstHelper" = Yahoo! Install Manager ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"GoToMeeting" = GoToMeeting 5.1.0.880 ========== Last 20 Event Log Errors ========== [ System Events ]Error - 11/5/2013 9:50:46 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7038Description = The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in MicrosoftManagement Console (MMC). Error - 11/5/2013 9:50:46 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000Description = The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error - 11/6/2013 9:43:50 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000Description = The PDIHWCTL service failed to start due to the following error: %%2 Error - 11/6/2013 9:46:13 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7038Description = The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in MicrosoftManagement Console (MMC). Error - 11/6/2013 9:46:13 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000Description = The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error - 11/6/2013 2:16:19 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7034Description = The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s). Error - 11/6/2013 2:17:59 PM | Computer Name = Chris-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012Description = There was an error while attempting to read the local hosts file. Error - 11/6/2013 4:01:27 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000Description = The PDIHWCTL service failed to start due to the following error: %%2 Error - 11/6/2013 4:04:19 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7038Description = The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in MicrosoftManagement Console (MMC). Error - 11/6/2013 4:04:19 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000Description = The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 < End of report > Link to post Share on other sites
flashh4 Posted November 7, 2013 Report Share Posted November 7, 2013 Chris this is the OTL fix: We need to Run an OTL fix !! * Double-click OTL.exe to start the program. * Copy and Paste the following code into the . Do not include the word Code:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBoxIE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRCIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not foundO3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not foundO4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not foundO4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not foundO4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not foundO4 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001..\Run: [AdobeBridge] File not foundO4 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001..\Run: [EPSON WorkForce 30 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Windows\TEMP\E_S386E.tmp" /EF "HKCU" File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO18:64bit: - Protocol\Handler\ipp - No CLSID value foundO18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]# Then click the Run Fix button at the top.# Click # Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.Remember to enable your real time protection. Link to post Share on other sites
flashh4 Posted November 7, 2013 Report Share Posted November 7, 2013 Run this fix for me !! Link to post Share on other sites
flashh4 Posted November 7, 2013 Report Share Posted November 7, 2013 Chris the Malwarebytes log will look like these except it will say there are Quarantined and deleted !! Not No Action Taken !! C:\Users\Chris\AppData\Local\Temp\ct3277370 (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3298583 (PUP.Optional.Conduit.A) -> No action taken.Files Detected: 22C:\Users\Chris\AppData\Local\Temp\checktbexist.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\nsd5F05.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\nsy689.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\SecondStepInstaller.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3277370\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3277370\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3277370\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3298583\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3298583\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3298583\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\is-5B2F8.tmp\MixiCND_CID19.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Windows\Temp\TBU014\ToolbarUpdate.exe (PUP.Optional.SweetPacks.A) -> No action taken.C:\Users\Chris\Downloads\agsetup183se.exe (PUP.Funmoods) -> No action taken.C:\Users\Chris\Downloads\pinochle for windows setup.exe (PUP.Optional.AdBundle) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3277370\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3277370\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3277370\stub.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3298583\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3298583\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3298583\stub.exe (PUP.Optional.Conduit.A) -> No action taken. See if you can find me that Malwarebytes log !! And up above this is the OTL fix i need you to run !!! Link to post Share on other sites
woodshopfun Posted November 7, 2013 Author Report Share Posted November 7, 2013 Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.11.03.04Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Chris :: CHRIS-PC [administrator]Protection: Enabled11/3/2013 5:07:27 PMmbam-log-2013-11-03 (17-07-27).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 281617Time elapsed: 19 minute(s), 42 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 2C:\Users\Chris\AppData\Local\Temp\ct3277370 (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3298583 (PUP.Optional.Conduit.A) -> No action taken.Files Detected: 22C:\Users\Chris\AppData\Local\Temp\checktbexist.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\nsd5F05.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\nsy689.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\SecondStepInstaller.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3277370\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3277370\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3277370\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3298583\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3298583\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3298583\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\is-5B2F8.tmp\MixiCND_CID19.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Windows\Temp\TBU014\ToolbarUpdate.exe (PUP.Optional.SweetPacks.A) -> No action taken.C:\Users\Chris\Downloads\agsetup183se.exe (PUP.Funmoods) -> No action taken.C:\Users\Chris\Downloads\pinochle for windows setup.exe (PUP.Optional.AdBundle) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3277370\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3277370\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3277370\stub.exe (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3298583\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3298583\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.C:\Users\Chris\AppData\Local\Temp\ct3298583\stub.exe (PUP.Optional.Conduit.A) -> No action taken.(end) Link to post Share on other sites
flashh4 Posted November 7, 2013 Report Share Posted November 7, 2013 Nope !! See this line >>> C:\Users\Chris\AppData\Local\Temp\ct3277370 (PUP.Optional.Conduit.A) -> No action taken.It should look like this in the log >> C:\Users\Chris\AppData\Local\Temp\ct3277370 (PUP.Optional.Conduit.A) -> Quarantined and deleted If you don't have a log where the entries look like that then you are not selecting " Remove Selected " Malwarebytes Anti-Malware Free is a powerful on-demand, which will detect and remove trojans, rogue security software and other malicious files from your computer.1. You can download Malwarebytes Anti-Malware Free from the below link, then double click on it to install this program. MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK >>> http://malwaretips.com/download-malwarebytes <<< On the Scanner tab, select Perform quick scan and then click on the Scan button to start scanning your computer. (This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free)2. When the installation begins, keep following the prompts in order to continue with the setup process. DO NOT make any changes to default settings and when the program has finished installing, click on the Finish button.3. On the Scanner tab, select Perform quick scan and then click on the Scan button to start scanning your computer.4. Malwarebytes’ Anti-Malware will now start scanning your computer as shown below.5. When the Malwarebytes scan will be completed, click on Show Result.6. You will now be presented with a screen showing you the malware infections that Malwarebytes’ Anti-Malware has detected.Please note that the infections found may be different than what is shown in the image. Make sure that everything is Checked (ticked) and click on the Remove Selected button. Link to post Share on other sites
woodshopfun Posted November 7, 2013 Author Report Share Posted November 7, 2013 Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.11.04.08Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Chris :: CHRIS-PC [administrator]Protection: Enabled11/4/2013 6:05:47 PMmbam-log-2013-11-04 (18-05-47).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 281774Time elapsed: 22 minute(s), 2 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 2C:\Users\Chris\AppData\Local\Temp\ct3277370 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Chris\AppData\Local\Temp\ct3298583 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.Files Detected: 22C:\Users\Chris\AppData\Local\Temp\checktbexist.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Chris\AppData\Local\Temp\nsd5F05.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Chris\AppData\Local\Temp\nsy689.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Chris\AppData\Local\Temp\SecondStepInstaller.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Chris\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Chris\AppData\Local\Temp\ToolbarHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Chris\AppData\Local\Temp\ct3277370\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Chris\AppData\Local\Temp\ct3277370\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Chris\AppData\Local\Temp\ct3277370\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Chris\AppData\Local\Temp\ct3298583\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Chris\AppData\Local\Temp\ct3298583\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Chris\AppData\Local\Temp\ct3298583\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Chris\AppData\Local\Temp\is-5B2F8.tmp\MixiCND_CID19.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Windows\Temp\TBU014\ToolbarUpdate.exe (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.C:\Users\Chris\Downloads\agsetup183se.exe (PUP.Funmoods) -> Quarantined and deleted successfully.C:\Users\Chris\Downloads\pinochle for windows setup.exe (PUP.Optional.AdBundle) -> Quarantined and deleted successfully.C:\Users\Chris\AppData\Local\Temp\ct3277370\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Chris\AppData\Local\Temp\ct3277370\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Chris\AppData\Local\Temp\ct3277370\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Chris\AppData\Local\Temp\ct3298583\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Chris\AppData\Local\Temp\ct3298583\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Chris\AppData\Local\Temp\ct3298583\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.(end) Link to post Share on other sites
flashh4 Posted November 7, 2013 Report Share Posted November 7, 2013 Yep thats the malwarebytes log i was looking for !! Thanks Link to post Share on other sites
flashh4 Posted November 7, 2013 Report Share Posted November 7, 2013 Be back in a sec with the OTL FIX !!Scrool up to post #18 ............ the numbers are on the right at top of each post !! Link to post Share on other sites
Recommended Posts