Slow start up

woodshopfun

By woodshopfun,
in Malware Removal

 Share Followers 0

Recommended Posts

woodshopfun

woodshopfun

Posted
  • Author
Posted

OTL logfile created on: 11/6/2013 7:59:35 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Chris\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.75 Gb Total Physical Memory | 5.79 Gb Available Physical Memory | 74.66% Memory free
15.50 Gb Paging File | 13.47 Gb Available in Paging File | 86.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 913.84 Gb Total Space | 745.24 Gb Free Space | 81.55% Space Free | Partition Type: NTFS
 
Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/11/04 20:59:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.com
PRC - [2013/10/08 16:35:48 | 000,829,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/06/15 19:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccsvchst.exe
PRC - [2012/02/24 02:43:50 | 000,070,136 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/08/04 05:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/06/29 19:26:30 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
PRC - [2010/05/26 19:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/05/10 09:06:06 | 000,650,240 | ---- | M] (Emdem Technologies (M-Soft)) -- C:\Program Files (x86)\M-Soft\M-Minder\Minder.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/10 22:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/03/10 22:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/01/28 16:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009/05/08 03:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/08/04 05:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/08/04 02:47:32 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/12/19 21:59:06 | 000,100,176 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\LPESP\cnwilsv6.exe -- (LPESPSVC)
SRV:64bit: - [2010/01/28 16:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/10/09 14:25:24 | 000,713,488 | ---- | M] (CANON INC) [Auto | Running] -- C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe -- (Canon imagePROGRAF Status Monitor)
SRV:64bit: - [2009/04/19 08:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009/04/19 08:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2008/12/08 08:29:24 | 000,210,944 | ---- | M] (CANON INC.) [Auto | Running] -- C:\Windows\SysNative\cnwiols6.exe -- (iPFDeviceAgentService)
SRV - [2013/10/08 16:35:50 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/25 23:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/06/15 19:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe -- (NAV)
SRV - [2012/02/24 02:43:50 | 000,070,136 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/09/11 09:17:00 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2010/05/26 19:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/04/03 16:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/12/16 20:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/10 20:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/18 08:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/05 19:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 19:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/06 21:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\ccsetx64.sys -- (ccSet_NAV)
DRV:64bit: - [2012/05/21 18:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/20 17:44:38 | 000,007,808 | ---- | M] (GretagMacbeth LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\i1display_x64.sys -- (EyeOneDisplay)
DRV:64bit: - [2012/04/17 19:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 18:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/23 07:46:52 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/25 19:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/06/02 14:56:52 | 000,015,360 | ---- | M] (Datacolor) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dccmtr.sys -- (Spyder4)
DRV:64bit: - [2011/05/17 18:01:54 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/08/12 11:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 19:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 19:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 19:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2007/11/15 19:33:58 | 000,528,256 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StkTMini.sys -- (StkTMini)
DRV:64bit: - [2007/11/06 11:08:30 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Spyder3.sys -- (Spyder3)
DRV:64bit: - [2006/05/18 15:13:02 | 000,007,808 | ---- | M] (GretagMacbeth LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SeqCal.sys -- (SeqCal)
DRV - [2013/10/25 13:17:18 | 000,521,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20131106.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/10/22 16:11:13 | 001,524,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20131101.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/09/22 13:37:10 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20131106.002\ex64.sys -- (NAVEX15)
DRV - [2013/09/22 13:37:10 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/09/22 13:37:10 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/09/22 13:37:10 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20131106.002\eng64.sys -- (NAVENG)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..\SearchScopes\{5D59D0FD-EFA3-4F0F-8180-83C9E2D77E12}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9MI&pc=BIE9&src=IE-SearchBox
IE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..\SearchScopes\{725DF0A4-9B06-4712-8E7C-2E70F0E4AFF0}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFF [2013/10/09 09:08:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/07 19:34:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/07 19:34:23 | 000,000,000 | ---D | M]
 
[2011/06/03 15:04:35 | 000,003,189 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\acpro.xml
[2010/11/22 09:33:08 | 000,002,037 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchaudio.xml
 
O1 HOSTS File: ([2013/11/06 11:17:59 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CnwiDeviceAgent] C:\Program Files\Canon\imagePROGRAFStatusMonitor\cnwida.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QwestTouchPointAgent] C:\Program Files (x86)\Qwest\Desktop\QwestTouchPointAgent.exe (Qwest Communications)
O4 - HKLM..\Run: [suiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKU\.DEFAULT..\Run: [searchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-18..\Run: [searchProtect] \SearchProtect\bin\cltmng.exe File not found
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001..\Run: [EPSON WorkForce 30 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Windows\TEMP\E_S386E.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\M-Minder.lnk = C:\Program Files (x86)\M-Soft\M-Minder\Minder.exe (Emdem Technologies (M-Soft))
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present


O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..Trusted Domains: centurylink.com ([qwest] https in Trusted sites)
O15 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..Trusted Domains: verizonwireless.com ([support] https in Trusted sites)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B47D2C2-3636-4E51-B6DA-6EEF1042FFAC}: DhcpNameServer = 192.168.0.1 205.171.2.25
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 360 Days ==========
 
[2013/11/06 11:16:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/04 20:59:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.com
[2013/11/03 17:05:56 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2013/11/03 17:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/03 17:05:46 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/03 17:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/03 17:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/03 17:03:52 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Chris\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/03 09:10:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/03 09:08:56 | 001,033,335 | ---- | C] (Thisisu) -- C:\Users\Chris\Desktop\JRT.exe
[2013/11/03 07:36:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/31 21:26:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\GMG pics
[2013/10/21 21:02:41 | 000,000,000 | ---D | C] -- C:\Chevelle
[2013/09/23 17:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Creativity Suite
[2013/09/23 17:07:47 | 000,108,032 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMEEA.DLL
[2013/09/23 17:07:44 | 000,081,408 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBEEA.DLL
[2013/09/22 12:58:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\PDFlite
[2013/09/22 12:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFlite
[2013/08/26 19:12:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\Dropbox
[2013/08/26 15:57:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013/08/26 15:56:25 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Dropbox
[2013/08/16 06:42:51 | 000,000,000 | R--D | C] -- C:\Users\Chris\Podcasts
[2013/08/16 06:42:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2013/08/16 06:42:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ms-MY
[2013/08/16 06:39:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
[2013/08/16 06:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\Zune
[2013/08/16 06:39:23 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/08/05 17:51:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Sony Bloggie
[2013/08/03 06:28:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Shawna's pics for Kim, Devil's Tower
[2013/07/30 20:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/28 12:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/07/28 12:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/07/28 12:03:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/07/28 12:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/07/28 12:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/07/21 08:20:56 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013/07/21 08:20:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013/07/21 08:20:03 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/07/21 08:20:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/07/21 08:20:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/07/21 08:20:02 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/07/21 08:20:02 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/07/21 08:20:01 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/07/21 08:20:01 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/07/21 08:20:01 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/07/21 08:20:01 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/07/21 08:20:01 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/07/21 08:20:01 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/07/21 08:20:01 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/07/21 08:20:01 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/07/21 08:20:01 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/07/21 08:20:01 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/07/21 08:20:01 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/07/21 08:20:01 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/07/21 08:20:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/07/21 08:20:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/07/21 08:20:01 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/07/21 08:20:01 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/07/21 08:20:01 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/07/21 08:20:00 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/07/21 08:20:00 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/07/21 08:13:26 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2013/07/21 08:13:26 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2013/07/21 08:13:25 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2013/07/21 08:13:25 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2013/07/21 08:11:27 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/21 08:11:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/21 08:11:27 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/07/21 08:11:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/07/21 08:11:26 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/07/21 08:11:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/07/21 08:11:26 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/07/21 08:11:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/07/21 08:11:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/07/21 08:11:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/07/21 08:11:25 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/21 08:11:25 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/21 08:11:25 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/21 08:11:25 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/07/21 08:11:24 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/21 08:04:43 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/07/21 08:04:43 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/07/21 08:04:43 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/07/21 08:04:43 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/07/21 08:04:41 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/07/21 08:04:41 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/07/21 08:04:40 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/07/21 08:04:40 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/07/21 08:04:40 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/07/21 08:04:40 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/07/21 08:04:40 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/07/21 08:04:40 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/07/21 08:04:40 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/07/21 08:04:40 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/07/21 08:04:40 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/07/21 08:04:40 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/07/21 08:04:40 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/07/21 08:04:40 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/07/21 08:04:40 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/07/21 08:04:40 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/07/21 08:04:40 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/07/21 08:04:40 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/07/21 08:04:40 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/07/21 08:04:40 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/07/21 08:04:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/07/21 08:04:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/07/21 08:04:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/07/21 08:04:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/07/21 08:04:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/07/21 08:04:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/07/21 08:04:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/07/21 08:04:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/07/21 08:04:40 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/07/21 08:04:40 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/07/21 08:04:39 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/07/21 08:04:39 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/07/21 08:04:39 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/21 08:04:39 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/07/21 08:04:39 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/07/21 08:01:24 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/07/21 08:01:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/07/21 08:01:21 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/07/21 08:00:47 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/07/21 08:00:47 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/07/21 08:00:47 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/07/21 08:00:47 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/07/21 08:00:47 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/07/21 08:00:47 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/07/21 08:00:47 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/07/21 08:00:47 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/07/21 08:00:47 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/07/21 08:00:47 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/07/21 08:00:47 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/07/21 08:00:47 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/07/21 08:00:47 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/07/21 08:00:47 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/07/21 08:00:47 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/07/21 08:00:47 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/07/21 08:00:47 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/07/21 08:00:47 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/07/21 08:00:47 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/07/21 08:00:47 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/07/21 08:00:47 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/07/21 08:00:46 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/07/21 08:00:46 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/07/21 08:00:46 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/07/21 08:00:45 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/07/21 08:00:45 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/07/21 08:00:45 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/07/21 08:00:45 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/07/21 08:00:45 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/07/21 08:00:45 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/07/21 08:00:45 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/07/21 08:00:45 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/07/21 08:00:29 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013/07/21 08:00:27 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013/07/21 08:00:27 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013/07/21 08:00:21 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2013/07/21 08:00:21 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013/07/21 08:00:21 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2013/07/21 08:00:21 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2013/07/21 08:00:20 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2013/07/21 08:00:20 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2013/07/21 08:00:19 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/21 08:00:19 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/21 08:00:17 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2013/07/21 08:00:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2013/07/21 08:00:13 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/07/21 08:00:13 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/07/21 08:00:11 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/21 08:00:11 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/21 07:59:53 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/07/21 07:59:53 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/07/21 07:59:53 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/07/21 07:59:52 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/07/21 07:59:52 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/07/21 07:59:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/07/21 07:59:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/07/21 07:59:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/07/21 07:59:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/07/21 07:59:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/07/21 07:59:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/07/21 07:59:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/07/21 07:59:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/07/21 07:59:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/07/21 07:59:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/07/21 07:59:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/07/21 07:59:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/07/21 07:59:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/07/21 07:59:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/07/21 07:59:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/07/21 07:59:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/07/21 07:59:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/07/21 07:59:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/07/21 07:59:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/07/21 07:59:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/07/21 07:59:40 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/07/21 07:59:40 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/07/21 07:56:04 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/07/21 07:56:04 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/06/15 11:18:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\New folder
[2013/06/12 06:06:35 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/12 06:06:35 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/12 06:06:35 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/12 06:06:35 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/12 06:06:35 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/12 06:06:35 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/12 06:06:25 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/12 06:06:25 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/05/16 06:01:43 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/05/16 06:01:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/05/16 06:01:42 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/16 06:01:42 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/05/16 06:00:46 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/05/16 06:00:46 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/04/27 11:05:02 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Downloads
[2013/04/27 11:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media converter
[2013/04/27 11:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Media converter
[2013/04/27 07:49:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
[2013/04/27 07:49:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audiograbber
[2013/04/21 08:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\eBay
[2013/04/21 08:23:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eBay
[2013/04/10 17:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SupportSoft
[2013/04/10 06:02:23 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/10 06:02:21 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 06:02:18 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 06:02:13 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/10 06:02:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/10 06:02:13 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/03/25 16:24:50 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/02/26 10:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/02/26 10:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/02/26 10:37:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/02/25 23:32:44 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/02/25 23:32:44 | 002,505,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013/02/25 23:32:42 | 015,129,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013/02/25 23:32:40 | 006,262,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/02/25 23:32:38 | 018,055,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013/02/25 23:32:36 | 026,929,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/02/25 23:32:36 | 002,720,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/02/25 23:32:34 | 007,932,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/02/25 23:32:34 | 002,346,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/02/25 23:32:28 | 002,904,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/02/25 23:32:26 | 020,449,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/02/25 23:32:24 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/02/25 23:32:08 | 012,641,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013/02/25 23:32:08 | 007,564,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013/02/25 23:32:08 | 001,985,824 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/02/25 23:32:06 | 009,390,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/02/25 08:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Player Pro
[2013/02/25 08:48:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Flash Player Pro
[2013/02/25 08:48:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flash Player Pro
[2013/02/18 08:22:18 | 001,472,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2013/02/18 08:22:18 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2013/02/18 08:22:16 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2013/02/18 08:22:16 | 000,072,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapo64v.dll
[2013/02/13 06:52:07 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/13 06:52:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/13 06:52:07 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/13 06:52:07 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/13 06:52:07 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/13 06:52:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/13 06:52:02 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/10 08:13:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2013/01/26 09:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2012
[2013/01/18 19:32:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2013/01/18 07:15:24 | 000,550,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2013/01/09 06:46:47 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/09 06:46:20 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/01/05 21:38:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPino
[2013/01/05 21:38:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPino
[2013/01/02 20:38:35 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2013/01/02 20:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/12/21 21:55:51 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/21 21:55:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/21 21:55:50 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/21 21:55:50 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/13 12:50:38 | 006,112,864 | ---- | C] (Apple, Inc.) -- C:\Windows\SysNative\usbaaplrc.dll
[2012/12/13 12:50:36 | 000,054,784 | ---- | C] (Apple, Inc.) -- C:\Windows\SysNative\drivers\usbaapl64.sys
[2012/12/12 06:52:20 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/12 06:52:20 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/01 14:28:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\For Sale Stuff
[2012/11/21 20:57:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
[2012/11/18 11:57:53 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\NVIDIA
[2012/11/17 22:55:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/11/17 22:54:54 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/11/17 22:54:54 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/11/17 22:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/11/14 07:17:55 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/14 07:17:55 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2011/05/17 18:01:54 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Chris\AppData\Roaming\pcouffin.sys
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 360 Days ==========
 
[2013/11/06 19:46:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/06 19:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/06 13:09:30 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/06 13:09:30 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/06 13:06:08 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/06 13:06:08 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/06 13:06:08 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/06 13:01:25 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/06 13:01:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/06 13:01:14 | 1945,554,943 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/06 11:17:59 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/11/04 20:59:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.com
[2013/11/04 19:08:16 | 000,891,184 | ---- | M] () -- C:\Users\Chris\Desktop\SecurityCheck.exe
[2013/11/03 21:07:33 | 000,000,000 | ---- | M] () -- C:\Users\Chris\Documents\SG_Local_4
[2013/11/03 17:05:48 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/03 17:04:06 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Chris\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/03 17:00:15 | 000,000,132 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2013/11/03 15:02:10 | 006,902,211 | ---- | M] () -- C:\Users\Chris\Desktop\RY34420_RY34440_405_trilingual.pdf
[2013/11/03 09:08:56 | 001,033,335 | ---- | M] (Thisisu) -- C:\Users\Chris\Desktop\JRT.exe
[2013/11/03 07:35:40 | 001,060,070 | ---- | M] () -- C:\Users\Chris\Desktop\adwcleaner.exe
[2013/10/31 21:23:38 | 011,133,600 | ---- | M] () -- C:\Users\Chris\Documents\Build sheet.bmp
[2013/10/31 16:56:01 | 000,017,830 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\VT20131031.017
[2013/10/23 20:19:04 | 002,811,656 | ---- | M] () -- C:\Users\Chris\Documents\IMG_002.bmp
[2013/10/23 20:19:03 | 002,791,856 | ---- | M] () -- C:\Users\Chris\Documents\IMG_001.bmp
[2013/10/23 20:14:41 | 002,983,342 | ---- | M] () -- C:\Users\Chris\Documents\IMG.bmp
[2013/10/23 16:27:01 | 000,014,216 | ---- | M] () -- C:\Users\Chris\Documents\ordqteJS.html
[2013/10/12 21:09:06 | 002,433,948 | ---- | M] () -- C:\Users\Chris\Documents\2006_chevy_monte_carlo.pdf
[2013/10/09 10:35:39 | 009,625,938 | ---- | M] () -- C:\Users\Chris\Desktop\Yellow_Channel.prn
[2013/10/09 10:28:19 | 009,625,938 | ---- | M] () -- C:\Users\Chris\Desktop\Cyan_Channel.prn
[2013/10/09 10:27:45 | 009,625,938 | ---- | M] () -- C:\Users\Chris\Desktop\Magenta_Channel.prn
[2013/10/08 16:35:48 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/08 16:35:48 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/08 13:48:04 | 000,000,434 | ---- | M] () -- C:\Users\Chris\Desktop\Yahoo! Mail.url
[2013/09/29 15:53:42 | 009,941,282 | ---- | M] () -- C:\Users\Chris\Documents\man_e510_e.pdf
[2013/09/23 17:18:06 | 000,000,044 | ---- | M] () -- C:\Windows\EPWF30.ini
[2013/09/23 17:15:18 | 000,001,167 | ---- | M] () -- C:\Users\Public\Desktop\WorkForce 30 Series Info Center.lnk
[2013/09/23 17:07:52 | 002,485,294 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\Cat.DB
[2013/09/06 13:49:03 | 000,000,000 | ---- | M] () -- C:\Users\Chris\Documents\SG_Local_3
[2013/08/29 20:18:35 | 000,000,446 | ---- | M] () -- C:\Users\Chris\Desktop\Outlook.url
[2013/08/26 05:12:44 | 000,087,040 | ---- | M] () -- C:\Windows\SysNative\redmonnt.dll
[2013/08/16 06:39:44 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
[2013/08/15 19:31:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
[2013/08/15 19:31:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2013/07/31 06:27:06 | 000,002,157 | ---- | M] () -- C:\Windows\cdplayer.ini
[2013/07/28 12:04:22 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/07/21 08:34:07 | 005,133,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/07 09:52:58 | 000,001,057 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
[2013/06/27 19:18:56 | 000,000,800 | ---- | M] () -- C:\Windows\photoprn.ini
[2013/06/27 06:29:41 | 002,472,158 | ---- | M] () -- C:\Users\Chris\Documents\D52W15_manual.pdf
[2013/06/03 23:00:13 | 000,624,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/06/03 21:53:07 | 000,509,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/05/28 22:43:16 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/28 22:34:14 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/05/28 22:33:15 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/05/28 22:29:56 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/05/28 22:29:05 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/28 22:29:02 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/05/28 22:27:57 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/28 22:25:46 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/05/28 22:18:27 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/28 18:41:52 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/05/28 18:40:26 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/05/28 18:37:15 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/05/28 18:35:56 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/28 18:33:32 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/05/28 18:29:36 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/17 16:09:53 | 001,368,983 | ---- | M] () -- C:\Users\Chris\Documents\Proform 400 treadmill manual.pdf
[2013/05/12 22:51:00 | 001,464,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/05/12 22:51:00 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/05/12 22:50:40 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/05/12 20:43:55 | 001,192,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/05/12 20:08:10 | 000,903,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/05/12 20:08:06 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/05/09 22:49:27 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/05/09 20:20:54 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/05/05 23:03:49 | 001,887,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/05/05 21:56:35 | 001,620,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/04/30 17:04:15 | 000,073,974 | ---- | M] () -- C:\Users\Chris\Documents\ITS000000175715 - Thank You -  Invoice Receipt Attached.pdf
[2013/04/28 08:20:21 | 004,747,948 | ---- | M] () -- C:\Users\Chris\Documents\51_57_65F710_S.pdf
[2013/04/27 11:01:19 | 000,001,118 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Media converter.lnk
[2013/04/27 11:00:41 | 000,071,913 | ---- | M] () -- C:\Windows\unins000.dat
[2013/04/27 10:59:20 | 000,723,230 | ---- | M] () -- C:\Windows\unins000.exe
[2013/04/27 07:50:03 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\Audiograbber.lnk
[2013/04/25 22:51:36 | 000,751,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/04/25 21:55:21 | 000,492,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/04/25 16:30:32 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/04/24 19:14:08 | 008,332,249 | ---- | M] () -- C:\Users\Chris\Documents\HT-7450-usermanual.pdf
[2013/04/11 07:22:56 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll
[2013/04/11 07:22:56 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll
[2013/04/09 23:01:54 | 000,265,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/04/05 06:45:04 | 000,600,928 | ---- | M] () -- C:\Users\Chris\2012 Jensen C Form 1040  Individual Tax Return.tax2012
[2013/04/05 06:43:46 | 000,613,212 | ---- | M] () -- C:\Users\Chris\Documents\2012 Jensen C Form 1040  Individual Tax Return_Records.pdf
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/31 15:52:16 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/03/30 10:26:27 | 000,020,480 | ---- | M] () -- C:\Users\Chris\Documents\A2D1D000
[2013/03/30 10:25:29 | 000,000,674 | ---- | M] () -- C:\Users\Chris\Documents\Square Transactions 1st qtr 2013.csv
[2013/03/18 23:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/03/18 22:53:58 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/03/18 22:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/03/18 22:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/03/18 22:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/03/18 21:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/03/18 20:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/02/26 23:02:44 | 000,111,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/02/26 22:52:55 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/02/26 22:48:00 | 001,930,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/02/26 21:49:24 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/02/25 23:32:44 | 025,256,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/02/25 23:32:44 | 002,505,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013/02/25 23:32:42 | 015,129,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013/02/25 23:32:40 | 006,262,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/02/25 23:32:40 | 002,826,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013/02/25 23:32:38 | 018,055,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013/02/25 23:32:38 | 001,814,304 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2013/02/25 23:32:36 | 026,929,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/02/25 23:32:36 | 002,720,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/02/25 23:32:34 | 007,932,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/02/25 23:32:34 | 002,346,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/02/25 23:32:32 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2013/02/25 23:32:28 | 002,904,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/02/25 23:32:26 | 020,449,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/02/25 23:32:26 | 015,053,264 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013/02/25 23:32:24 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/02/25 23:32:08 | 012,641,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013/02/25 23:32:08 | 007,564,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013/02/25 23:32:08 | 001,985,824 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/02/25 23:32:08 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/02/25 23:32:06 | 009,390,760 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/02/25 08:49:52 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013/02/18 08:22:18 | 001,472,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2013/02/18 08:22:18 | 000,031,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2013/02/18 08:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2013/02/18 08:22:16 | 000,072,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapo64v.dll
[2013/02/11 21:12:05 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/02/03 10:14:10 | 000,619,736 | ---- | M] () -- C:\Users\Chris\2011 Jensen C Form 1040  Individual Tax Return.tax2011
[2013/02/01 23:31:42 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\isolate.ini
[2013/01/23 21:32:16 | 000,000,015 | ---- | M] () -- C:\ProgramData\sdpN.tst
[2013/01/18 08:00:28 | 006,390,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013/01/18 08:00:28 | 003,460,896 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013/01/18 08:00:11 | 002,558,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013/01/18 08:00:11 | 000,118,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013/01/18 08:00:11 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013/01/18 07:15:24 | 000,550,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2013/01/13 14:17:03 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/01/13 14:17:02 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/01/13 14:16:42 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/01/13 14:12:46 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/01/13 14:11:21 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/01/13 14:11:08 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/01/13 14:11:07 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/01/13 14:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/01/13 14:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/01/13 13:35:31 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/01/13 13:35:31 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/01/13 13:35:18 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/01/13 13:32:07 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/01/13 13:31:48 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/01/13 13:31:41 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/01/13 13:31:40 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/01/13 13:31:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/01/13 13:31:40 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/01/13 12:59:04 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/01/13 12:53:14 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/01/13 12:51:30 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/01/13 12:49:17 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/01/13 12:38:39 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/01/13 12:38:21 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/01/13 12:25:04 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/01/13 12:24:33 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/01/13 12:24:30 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/01/13 12:20:42 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/01/13 12:20:04 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/01/13 12:15:40 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/01/13 12:10:36 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/01/13 12:02:06 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/01/13 11:34:58 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/01/13 11:32:43 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/01/13 11:09:52 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/01/13 10:26:42 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/01/13 10:19:56 | 000,000,479 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/01/13 10:05:09 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/01/05 21:38:47 | 000,001,814 | ---- | M] () -- C:\Users\Chris\Desktop\Pinochle.lnk
[2013/01/04 21:42:01 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2013/01/03 23:11:21 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/01/03 23:11:13 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/01/03 22:46:09 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/03 21:51:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/03 19:47:35 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/03 19:47:34 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/03 19:47:34 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/03 19:47:33 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/02 23:00:42 | 000,288,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/01/01 12:52:51 | 005,670,056 | ---- | M] () -- C:\Users\Chris\Documents\Mileage log.bmp
[2012/12/31 18:01:10 | 000,010,859 | ---- | M] () -- C:\Users\Chris\Documents\planner-style3.gif
[2012/12/16 10:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/16 07:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/16 07:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/16 07:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/13 12:50:38 | 006,112,864 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\usbaaplrc.dll
[2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\drivers\usbaapl64.sys
[2012/12/09 16:06:59 | 000,000,132 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/12/09 15:15:26 | 000,000,292 | ---- | M] () -- C:\Windows\wininit.ini
[2012/12/08 21:08:39 | 000,001,121 | ---- | M] () -- C:\Users\Chris\Documents\Square Transactions 2012.csv
[2012/12/07 06:20:16 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2012/12/07 06:15:31 | 002,746,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2012/12/07 05:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2012/12/07 05:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2012/12/07 04:20:04 | 000,030,720 | ---- | M] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2012/12/07 04:20:03 | 000,043,520 | ---- | M] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2012/12/07 04:20:03 | 000,023,552 | ---- | M] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2012/12/07 04:20:01 | 000,045,568 | ---- | M] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2012/12/07 04:20:01 | 000,044,544 | ---- | M] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2012/12/07 04:20:01 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2012/12/07 04:20:00 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2012/12/07 04:19:59 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2012/12/07 04:19:58 | 000,046,592 | ---- | M] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2012/12/07 04:19:57 | 000,040,960 | ---- | M] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2012/12/07 04:19:57 | 000,021,504 | ---- | M] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2012/12/07 04:19:57 | 000,015,360 | ---- | M] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2012/12/07 04:19:56 | 000,055,296 | ---- | M] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2012/12/07 04:19:55 | 000,051,712 | ---- | M] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2012/12/07 03:46:42 | 000,043,520 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2012/12/07 03:46:42 | 000,030,720 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2012/12/07 03:46:41 | 000,045,568 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2012/12/07 03:46:41 | 000,044,544 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2012/12/07 03:46:41 | 000,023,552 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2012/12/07 03:46:41 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2012/12/07 03:46:40 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2012/12/07 03:46:39 | 000,046,592 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2012/12/07 03:46:39 | 000,020,480 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2012/12/07 03:46:38 | 000,021,504 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2012/12/07 03:46:37 | 000,040,960 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2012/12/07 03:46:37 | 000,015,360 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2012/12/07 03:46:36 | 000,055,296 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2012/12/07 03:46:36 | 000,051,712 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2012/12/03 13:06:31 | 004,378,676 | ---- | M] () -- C:\Users\Chris\Documents\True Grit lightened 1.bmp
[2012/12/03 13:06:17 | 004,378,680 | ---- | M] () -- C:\Users\Chris\Documents\True Grit original 1.bmp
[2012/12/03 13:01:02 | 009,850,676 | ---- | M] () -- C:\Users\Chris\Documents\True Grit lightened.bmp
[2012/12/03 12:59:50 | 009,850,680 | ---- | M] () -- C:\Users\Chris\Documents\True Grit original.bmp
[2012/12/02 09:15:06 | 000,004,964 | ---- | M] () -- C:\Users\Chris\Desktop\Facebook.url
[2012/11/29 22:45:35 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/11/29 22:45:35 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/11/29 22:45:35 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/11/29 22:43:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/11/29 22:41:07 | 001,161,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/11/29 22:41:07 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/11/29 22:38:45 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/11/29 22:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/11/29 22:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/11/29 22:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/11/29 22:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/11/29 22:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/11/29 22:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/11/29 22:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/11/29 22:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/11/29 22:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/11/29 22:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/11/29 22:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/11/29 22:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/11/29 22:38:44 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/11/29 22:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/11/29 22:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/11/29 22:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/11/29 22:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/29 22:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/11/29 22:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/11/29 22:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/11/29 22:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/11/29 22:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/11/29 22:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/11/29 22:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/11/29 22:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/11/29 22:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/11/29 22:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/11/29 21:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/11/29 21:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/11/29 21:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/11/29 21:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/11/29 21:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/11/29 21:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/11/29 21:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/11/29 21:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/11/29 21:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/11/29 21:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/29 21:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/11/29 21:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/11/29 21:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/11/29 21:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/11/29 21:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/11/29 21:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/11/29 21:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/11/29 21:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/11/29 21:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/11/29 21:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/11/29 21:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/11/29 21:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/11/29 21:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/11/29 21:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/11/29 20:23:48 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/11/29 19:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/11/29 19:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/11/29 19:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/11/29 19:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/11/22 20:13:57 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2012/11/21 22:44:23 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2012/11/19 22:48:49 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/11/04 19:08:16 | 000,891,184 | ---- | C] () -- C:\Users\Chris\Desktop\SecurityCheck.exe
[2013/11/03 17:05:47 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/03 15:02:10 | 006,902,211 | ---- | C] () -- C:\Users\Chris\Desktop\RY34420_RY34440_405_trilingual.pdf
[2013/11/03 07:35:40 | 001,060,070 | ---- | C] () -- C:\Users\Chris\Desktop\adwcleaner.exe
[2013/10/31 21:18:10 | 011,133,600 | ---- | C] () -- C:\Users\Chris\Documents\Build sheet.bmp
[2013/10/23 20:18:10 | 002,811,656 | ---- | C] () -- C:\Users\Chris\Documents\IMG_002.bmp
[2013/10/23 20:16:52 | 002,791,856 | ---- | C] () -- C:\Users\Chris\Documents\IMG_001.bmp
[2013/10/23 20:14:41 | 002,983,342 | ---- | C] () -- C:\Users\Chris\Documents\IMG.bmp
[2013/10/23 16:27:01 | 000,014,216 | ---- | C] () -- C:\Users\Chris\Documents\ordqteJS.html
[2013/10/12 21:08:56 | 002,433,948 | ---- | C] () -- C:\Users\Chris\Documents\2006_chevy_monte_carlo.pdf
[2013/10/09 10:27:43 | 009,625,938 | ---- | C] () -- C:\Users\Chris\Desktop\Yellow_Channel.prn
[2013/10/09 10:27:36 | 009,625,938 | ---- | C] () -- C:\Users\Chris\Desktop\Cyan_Channel.prn
[2013/10/09 10:27:27 | 009,625,938 | ---- | C] () -- C:\Users\Chris\Desktop\Magenta_Channel.prn
[2013/09/29 15:53:42 | 009,941,282 | ---- | C] () -- C:\Users\Chris\Documents\man_e510_e.pdf
[2013/09/23 20:53:22 | 000,000,000 | ---- | C] () -- C:\Users\Chris\Documents\SG_Local_4
[2013/09/23 17:15:18 | 000,001,167 | ---- | C] () -- C:\Users\Public\Desktop\WorkForce 30 Series Info Center.lnk
[2013/09/23 17:07:19 | 000,000,044 | ---- | C] () -- C:\Windows\EPWF30.ini
[2013/09/22 12:39:56 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\redmonnt.dll
[2013/08/29 20:18:35 | 000,000,446 | ---- | C] () -- C:\Users\Chris\Desktop\Outlook.url
[2013/08/16 06:39:44 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2013/08/15 19:31:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
[2013/08/15 19:31:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2013/07/21 08:20:58 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/07/21 08:13:25 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/06/27 06:29:21 | 002,472,158 | ---- | C] () -- C:\Users\Chris\Documents\D52W15_manual.pdf
[2013/05/23 05:44:10 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/17 16:09:53 | 001,368,983 | ---- | C] () -- C:\Users\Chris\Documents\Proform 400 treadmill manual.pdf
[2013/04/30 17:04:13 | 000,073,974 | ---- | C] () -- C:\Users\Chris\Documents\ITS000000175715 - Thank You -  Invoice Receipt Attached.pdf
[2013/04/28 08:17:43 | 004,747,948 | ---- | C] () -- C:\Users\Chris\Documents\51_57_65F710_S.pdf
[2013/04/27 11:01:19 | 000,001,118 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Media converter.lnk
[2013/04/27 11:00:39 | 000,723,230 | ---- | C] () -- C:\Windows\unins000.exe
[2013/04/27 11:00:39 | 000,071,913 | ---- | C] () -- C:\Windows\unins000.dat
[2013/04/27 07:50:19 | 000,002,157 | ---- | C] () -- C:\Windows\cdplayer.ini
[2013/04/27 07:50:02 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\Audiograbber.lnk
[2013/04/24 19:13:45 | 008,332,249 | ---- | C] () -- C:\Users\Chris\Documents\HT-7450-usermanual.pdf
[2013/04/05 06:43:45 | 000,613,212 | ---- | C] () -- C:\Users\Chris\Documents\2012 Jensen C Form 1040  Individual Tax Return_Records.pdf
[2013/03/30 10:26:14 | 000,020,480 | ---- | C] () -- C:\Users\Chris\Documents\A2D1D000
[2013/03/30 10:25:29 | 000,000,674 | ---- | C] () -- C:\Users\Chris\Documents\Square Transactions 1st qtr 2013.csv
[2013/02/25 23:32:08 | 000,017,266 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013/02/25 08:49:52 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013/01/23 18:34:13 | 000,000,434 | ---- | C] () -- C:\Users\Chris\Desktop\Yahoo! Mail.url
[2013/01/13 11:05:30 | 000,600,928 | ---- | C] () -- C:\Users\Chris\2012 Jensen C Form 1040  Individual Tax Return.tax2012
[2013/01/05 21:38:50 | 000,000,015 | ---- | C] () -- C:\ProgramData\sdpN.tst
[2013/01/05 21:38:46 | 000,001,814 | ---- | C] () -- C:\Users\Chris\Desktop\Pinochle.lnk
[2013/01/04 21:42:01 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/01/01 12:52:49 | 005,670,056 | ---- | C] () -- C:\Users\Chris\Documents\Mileage log.bmp
[2012/12/31 18:06:18 | 000,010,859 | ---- | C] () -- C:\Users\Chris\Documents\planner-style3.gif
[2012/12/09 16:06:59 | 000,000,132 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/12/08 21:08:39 | 000,001,121 | ---- | C] () -- C:\Users\Chris\Documents\Square Transactions 2012.csv
[2012/12/03 13:06:29 | 004,378,676 | ---- | C] () -- C:\Users\Chris\Documents\True Grit lightened 1.bmp
[2012/12/03 13:06:16 | 004,378,680 | ---- | C] () -- C:\Users\Chris\Documents\True Grit original 1.bmp
[2012/12/03 13:01:00 | 009,850,676 | ---- | C] () -- C:\Users\Chris\Documents\True Grit lightened.bmp
[2012/12/03 12:59:47 | 009,850,680 | ---- | C] () -- C:\Users\Chris\Documents\True Grit original.bmp
[2012/12/02 09:15:06 | 000,004,964 | ---- | C] () -- C:\Users\Chris\Desktop\Facebook.url
[2012/11/11 16:52:52 | 000,000,132 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/11/07 19:29:43 | 000,221,304 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/11/07 19:29:43 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/10/26 07:49:24 | 000,001,456 | ---- | C] () -- C:\Users\Chris\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/06/17 10:08:22 | 000,221,304 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2012/06/17 10:08:22 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2012/04/20 16:46:08 | 000,000,197 | ---- | C] () -- C:\Windows\i1Share.ini
[2012/04/10 07:41:07 | 000,000,132 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/04/09 20:14:04 | 000,000,000 | ---- | C] () -- C:\Windows\ui.INI
[2012/04/02 20:55:35 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/03/31 10:28:25 | 000,000,031 | ---- | C] () -- C:\Windows\AutoRun.ini
[2012/03/31 05:53:19 | 000,000,044 | ---- | C] () -- C:\Windows\PERFV30V300.ini
[2012/03/04 15:00:46 | 000,006,688 | ---- | C] () -- C:\Windows\SysWow64\Digita.sys
[2012/03/04 15:00:45 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\ldf252.dll
[2012/02/19 19:17:11 | 000,263,550 | ---- | C] () -- C:\Users\Chris\2011 Jensen K Form 1040  Individual Tax Return_Records.pdf
[2012/02/13 10:49:41 | 000,072,080 | ---- | C] () -- C:\Users\Chris\g2mdlhlpx.exe
[2012/01/29 11:38:11 | 000,559,160 | ---- | C] () -- C:\Users\Chris\2011 Jensen K Form 1040  Individual Tax Return.tax2011
[2012/01/29 11:34:45 | 000,619,736 | ---- | C] () -- C:\Users\Chris\2011 Jensen C Form 1040  Individual Tax Return.tax2011
[2012/01/28 21:42:47 | 000,000,737 | ---- | C] () -- C:\Windows\XMLEditor4.INI
[2012/01/16 19:33:45 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/01/16 19:33:45 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/01/16 19:33:45 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/01/16 19:33:45 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/01/16 19:33:45 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/01/16 19:33:45 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/01/16 19:33:45 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/01/16 19:33:45 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/01/16 19:33:45 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/01/16 19:33:45 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/01/16 19:33:45 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/01/16 19:33:45 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/01/16 19:33:45 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/01/16 19:33:45 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/01/16 19:33:45 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/01/16 19:33:45 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012/01/16 19:32:21 | 000,000,080 | ---- | C] () -- C:\Windows\EPWF1100.ini
[2012/01/15 12:36:49 | 000,000,479 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/11/07 23:08:38 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2011/05/18 22:14:34 | 000,005,120 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/17 18:03:13 | 000,001,057 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
[2011/05/17 18:01:54 | 000,099,384 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\inst.exe
[2011/05/17 18:01:54 | 000,007,859 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.cat
[2011/05/17 18:01:54 | 000,001,167 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\pcouffin.inf
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/06/01 18:44:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OEM
[2011/05/17 19:59:24 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ACD Systems
[2011/09/03 20:04:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AnvSoft
[2011/05/17 17:21:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Barnes & Noble
[2013/03/03 08:02:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\BitComet
[2011/05/20 18:17:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Camersoft
[2011/06/01 21:02:46 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Canneverbe Limited
[2012/01/14 09:27:37 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Canon
[2012/01/08 10:31:15 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/07 21:15:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/06/01 17:36:30 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Digiarty
[2012/02/26 15:25:05 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Downloaded Installations
[2013/09/22 13:16:36 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Dropbox
[2012/04/09 07:52:13 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\EPSON
[2011/06/01 17:01:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ImTOO
[2012/02/22 17:36:17 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\InFiles
[2012/01/16 19:43:14 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leader Technologies
[2012/01/16 19:38:50 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leadertech
[2011/06/19 16:35:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\NCH Swift Sound
[2012/02/26 21:32:16 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Nitro PDF
[2011/05/16 21:01:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OEM
[2011/07/12 07:15:30 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PCHC
[2012/01/08 07:42:06 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PDAppFlex
[2013/09/22 12:58:37 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PDFlite
[2011/07/27 20:30:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PowerCinema
[2012/11/07 18:18:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ScannerData
[2011/05/17 20:05:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SoftGrid Client
[2011/05/22 10:22:46 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Temp
[2011/05/17 20:04:21 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TP
[2013/02/10 08:55:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2013/07/07 09:52:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Vso
[2011/06/21 15:09:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WeatherBug
[2011/05/17 17:20:20 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< :OTL >
[2009/07/13 22:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/13 22:08:49 | 000,032,612 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/10 19:02:16 | 000,000,892 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/08/10 19:02:18 | 000,000,896 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/05/23 05:44:10 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} >
 
< IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox >
 
< IE - HKLM\..\SearchScopes,DefaultScope = >
 
< IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC >
 
< IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = >
 
< IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = >
 
< IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = >
 
< IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = >
 
< FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found >
Invalid Switch: GENUINE: disabled File not found
 
< FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found >
Invalid Switch: iTunes,version=:  File not found
 
< FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found >
Invalid Switch: GENUINE: disabled File not found
 
< FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found >
Invalid Switch: WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
 
< O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. >
 
< O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. >
 
< O3 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. >
 
< O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found >
 
< O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found >
 
< O4 - HKU\.DEFAULT..\Run: [searchProtect] \SearchProtect\bin\cltmng.exe File not found >
 
< O4 - HKU\S-1-5-18..\Run: [searchProtect] \SearchProtect\bin\cltmng.exe File not found >
 
< O4 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001..\Run: [AdobeBridge]  File not found >
 
< O4 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001..\Run: [EPSON WorkForce 30 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Windows\TEMP\E_S386E.tmp" /EF "HKCU" File not found >
 
< O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found >
 
< O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found >
 
< O1364bit: - gopher Prefix: missing >
 
< O13 - gopher Prefix: missing >
 
< O18:64bit: - Protocol\Handler\ipp - No CLSID value found >
 
< O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found >
 
< O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found >
 
< O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found >
 
< O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found >
 
< O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. >
 
< O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. >
 
<   :Commands >
 
<  >
 
< [emptyjava] >
 
< [emptyflash] >
 
< [EMPTYTEMP] >
 
< [RESETHOSTS] >
 
< [Reboot] >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 256 bytes -> C:\Windows:nlsPreferences

< End of report >

Link to post
Share on other sites
woodshopfun

woodshopfun

Posted
  • Author
Posted

All processes killed
Error: Unable to interpret <:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope => in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC> in the current context!
Error: Unable to interpret <IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope => in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope => in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope => in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope => in the current context!
Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found> in the current context!
Error: Unable to interpret <O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [searchProtect] \SearchProtect\bin\cltmng.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-18..\Run: [searchProtect] \SearchProtect\bin\cltmng.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001..\Run: [AdobeBridge]  File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001..\Run: [EPSON WorkForce 30 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Windows\TEMP\E_S386E.tmp" /EF "HKCU" File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context!
Error: Unable to interpret <O1364bit: - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\ipp - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found> in the current context!
Error: Unable to interpret <O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context!
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: Administrator
 
User: All Users
 
User: Chris
 
User: Default
 
User: Default User
 
User: Public
 
User: UpdatusUser
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 56579 bytes
 
User: All Users
 
User: Chris
->Flash cache emptied: 57422 bytes
 
User: Default
->Flash cache emptied: 56475 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Flash cache emptied: 56475 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 57361 bytes
->Temporary Internet Files folder emptied: 35618 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Chris
->Temp folder emptied: 1718 bytes
->Temporary Internet Files folder emptied: 135063266 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 788596175 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
RecycleBin emptied: 36422215910 bytes
 
Total Files Cleaned = 35,616.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 11062013_111619

Files\Folders moved on Reboot...
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WM2ZTFGB\ads[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WM2ZTFGB\postmessageRelay[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WM2ZTFGB\xd_arbiter[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WM2ZTFGB\zrt_lookup[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UMJ94ZW2\34434-slow-start-up[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FJ3OTI6K\si[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZKIAPBT\like[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZKIAPBT\xd_arbiter[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3UQ0WNOF\fastbutton[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\29Y4NO7G\ads[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\29Y4NO7G\si[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites
flashh4

flashh4

Posted
Posted

Chris it will look like this:

 

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.

Link to post
Share on other sites
woodshopfun

woodshopfun

Posted
  • Author
Posted

OTL Extras logfile created on: 11/6/2013 7:59:35 PM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.79 Gb Available Physical Memory | 74.66% Memory free

15.50 Gb Paging File | 13.47 Gb Available in Paging File | 86.90% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 913.84 Gb Total Space | 745.24 Gb Free Space | 81.55% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDBrowse] -- "C:\PROGRA~2\ACDSYS~1\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDBrowse] -- "C:\PROGRA~2\ACDSYS~1\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 1

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 1

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 1

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0263F5A4-066E-446C-BCF6-81DAEB511529}" = lport=9948 | protocol=6 | dir=in | name=bitcomet 9948 tcp |

"{1338B448-9584-4865-A529-77C4EDB81AEB}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |

"{22A98113-4C79-4FFB-AD4B-472542F3F348}" = lport=139 | protocol=6 | dir=in | app=system |

"{256359A0-20B3-40F1-B1A3-09251D58521F}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |

"{2CCB7376-6E3B-4AE5-8F7D-1A8D5FE596A2}" = rport=445 | protocol=6 | dir=out | app=system |

"{31340FBF-564D-4F50-BF9D-CE59BA33FF9E}" = rport=10243 | protocol=6 | dir=out | app=system |

"{3C640939-9BBE-43B1-AAD4-9BFCDDC9C3E4}" = rport=138 | protocol=17 | dir=out | app=system |

"{4598C4E8-CE46-46AD-9047-996D849D130E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{477D3B3D-813B-4EAB-BC71-34F43B3861E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

"{537930F8-46DF-4163-9824-38580CDF39A9}" = lport=9948 | protocol=17 | dir=in | name=bitcomet 9948 udp |

"{5EC773AC-D50F-4A55-8507-F1E548A0E07D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{60B3736B-F1C1-4F7B-9151-CA937983101B}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |

"{6142C676-32AA-411F-8294-91C7EE6E119A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{65A4ADB6-8746-46D6-B685-80CE9F5CF80E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{696A6073-BA18-4697-9A7A-723CD90F9E42}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{6DF8F2DC-4B24-45D9-A66C-2AB7170BD3AE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6F30700D-4D8A-46F7-B47C-105A72301B5F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{8966649D-BF1B-4064-BD4D-31BD0D65C880}" = rport=137 | protocol=17 | dir=out | app=system |

"{91ED04E6-4A72-4AD8-8529-C10141021974}" = lport=445 | protocol=6 | dir=in | app=system |

"{9511AD1F-A4DB-46A0-AB89-8CF5AA175576}" = lport=137 | protocol=17 | dir=in | app=system |

"{9BD3D0E3-5C50-4598-9EE1-544FE34FE172}" = rport=139 | protocol=6 | dir=out | app=system |

"{ABA57B80-EBF9-4C73-8C91-2E6411D2228B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{AD3A8C07-AE05-4299-89D8-E6F77415B93B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{ADC08A0B-1164-449B-B6C5-F77E8CE6C02C}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |

"{B1EB61F1-E109-4B4B-8C8C-E3F7626A1394}" = lport=10243 | protocol=6 | dir=in | app=system |

"{C1077D54-12B4-4DCC-897A-492E6F5BC4F6}" = lport=2869 | protocol=6 | dir=in | app=system |

"{CE84891F-37E8-42AB-9F92-C3444832D074}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D320F822-844A-4425-A926-B05D8ECDAE94}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{E08659AE-CEC8-44A3-AB9C-272FBF8C63CC}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |

"{ECA3D0E8-0B24-44A0-8151-B4F67D765A20}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{027E84AD-C48E-4806-BD49-1918AAF76089}" = protocol=6 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwida.exe |

"{033CF974-FC9F-4334-AD9A-3F5DC69E3582}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{0616E7C3-B62B-4E66-993D-7835134CEC3C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{077DAA4D-4192-4CC4-B84D-09DCAD10BD74}" = protocol=17 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwida.exe |

"{07E7A5CB-5944-44A0-9EBD-C859E4DB16FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{0B5730B8-EC59-466D-A79D-FC8635A2984E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{0C87F825-DB70-42BD-B3A6-060F046388CD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |

"{0EF9D254-C114-4AA9-B87E-D4074F21D39F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{1A2B5163-9AA6-4E05-8BFB-213F4AB97D4C}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |

"{1A44CB02-3280-4002-B455-C1FAAC09E359}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{1C452AC3-FD69-4895-AF42-2C7980677BC4}" = protocol=17 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwism.exe |

"{1FAE9523-7125-434F-BAD6-B990EE83C1C8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{234BFFA3-0E88-473F-901A-909E2531F090}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe |

"{35853AF4-0E0C-46FE-B9BB-46F277A7637A}" = protocol=58 | dir=in | app=system |

"{3CD2EADE-0D02-44AD-8CC9-F47687A39F2E}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |

"{40F62F5A-0EEC-4B47-9C3D-6ED67BFF50C5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |

"{42F38AC4-1C8E-4935-BF43-253772B8CEB1}" = protocol=1 | dir=in | [email protected],-28543 |

"{43E7D67F-AA90-4A24-B575-BC0EB7F16BAC}" = protocol=1 | dir=out | [email protected],-28544 |

"{4D88ADFC-543F-42BC-B781-1FD4BC1E84E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{4FD3CF08-2552-49CF-A93D-C29DED23A5D1}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{52A463DA-17BD-4197-A30A-762BD88AB8FB}" = protocol=6 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwism.exe |

"{55B0DBCA-3360-44D2-A13B-5034A52DBA97}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe |

"{5A2D046D-6A43-4ED6-B11B-E7BADC7ECC87}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |

"{5FAED20F-9CC8-4CAF-8E04-198397994342}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{61AC5CF2-0EFB-49AC-9EBD-E63470A2A97D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |

"{674B288B-B6E1-4D55-89D5-3903953E3910}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |

"{6980B2FD-2A56-4D17-9A1B-5E67B7FB76A6}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{69BDCBCE-E2CD-41EA-8E62-65FCC83F9CD1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |

"{7157C1DE-12FA-4C25-9C2A-AB1FEAEA9A04}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |

"{744A3719-A9A1-4B3F-B1B8-3F706AE10C82}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |

"{7764D3B1-B939-4081-A76A-E2C4E2101225}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\clmlsvc.exe |

"{7BA83E5C-D421-4039-8110-2C10FC4B8F15}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{7DDB5964-8D41-49DF-832A-E8F98D963E2D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |

"{8008F2D7-D2F1-4A21-9087-08F3CB81ABB8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |

"{8101F437-97E3-43E5-8FD4-294F87366901}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{8E5B79BE-C9D1-4EB3-87CC-44A8CE35FBAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{8E9DB9D0-8CDC-47A4-B01E-2F5AEF7DEA6D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |

"{9083C5BB-24EB-4109-AC3F-AE4905BCC82E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |

"{910212B0-F712-41F2-B293-71544C1E04BA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |

"{9313BD31-2B2C-4FCC-B565-C0E0E2269FFB}" = protocol=58 | dir=out | [email protected],-503 |

"{96E1379E-A4BE-4A4D-BE5E-5BBD6513B210}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |

"{978B1C6F-AFB1-482B-85F3-344BA04E8DF3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{993CC130-5B23-4A1A-BDAD-7EEDE2D12A27}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |

"{9A75BDD3-0008-41F1-AD5F-16C2A9E85868}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A4E6033E-FD39-4B58-92CC-526F186D2EB8}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe |

"{A855E219-8F36-4548-9F5D-8FF0F5A86140}" = protocol=6 | dir=out | app=system |

"{A8DD326E-6327-4A9D-8E98-02264558D269}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\arcadedeluxeagent.exe |

"{AEE9C64A-990D-4F42-AC1E-294F0D9B3DD2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |

"{B76303DA-A626-4FA0-9035-FB73B813F320}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{BAC06B63-486A-4BF7-956A-E482D27C6272}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{BD22FF84-5FE3-4B92-968D-81A26CCC81A3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |

"{C3A557B6-0D92-458D-9E46-EEE8BA4CD55E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{C5468079-87E4-43AD-92F6-EF98C25E2F3E}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |

"{C5720CF1-94A5-49CA-BE4E-6ADAC9A60105}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |

"{CADE649F-FC8B-4F52-948A-896EF14C4CDF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |

"{D678AF46-99C8-47B9-A1A2-A6540A5A6881}" = protocol=58 | dir=in | [email protected],-28545 |

"{DB7FB793-2C55-4DAF-81D7-584E83C83366}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{E5BA9490-1C9B-4E90-BA6F-450D36998DEF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |

"{E5BDB54C-D056-41E3-A964-966E4DF383A3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{E8CB8650-2AAE-44C1-867B-156B4D9569BC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |

"{E94E1A2D-F234-4FD4-9CE9-BB664DA3C095}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |

"{EA2AE888-1262-4A9F-89E7-3B35B0A1C2ED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |

"{EF430E01-0C9C-44B1-B78D-B873BEF7A035}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{FBBEA0E1-D2AE-429E-BCDB-2ED98FEC6624}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{FF0C85A1-9292-45B4-807D-9AC892EC5377}" = protocol=58 | dir=out | [email protected],-28546 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64

"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder

"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)

"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support

"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)

"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer

"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)

"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)

"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)

"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)

"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)

"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)

"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes

"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)

"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)

"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)

"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B

"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)

"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)

"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)

"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)

"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CANONLPESP100" = Canon Large Format Printer Extended Survey Program

"EPSON WorkForce 30 Series" = EPSON WorkForce 30 Series Printer Uninstall

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Photosmart Essential" = HP Photosmart Essential 3.5

"HP Smart Web Printing" = HP Smart Web Printing 4.51

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"HPOCR" = OCR Software by I.R.I.S. 13.0

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"NVIDIA Drivers" = NVIDIA Drivers

"Recuva" = Recuva

"Shop for HP Supplies" = Shop for HP Supplies

"VueScan" = VueScan

"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0BE576BC-49F3-4F3F-89AB-0E2ABF35122F}" = Canon iPF8300 Print Plug-In for Photoshop CS5 x64

"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker

"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan

"{13273B8A-E750-4FD4-B6E0-AFC689FCF283}" = iPF8300 Media Configuration Tool

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{174126E2-5F05-41BD-A377-FAA44C15EC71}" = CarveWright System

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{22E23DF0-7FAE-4DA2-9DA2-45B984AA742C}_is1" = CenturyLink QuickAssist Desktop Tools

"{256595b8-8ce7-4e31-8e8b-9923ba7c4e80}_is1" = Media converter

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery

"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help

"{384E10CC-9455-40BC-B79C-0708C1D42302}" = Canon PosterArtist Lite

"{3C873221-12B9-475D-8DCB-62D0B2179AF9}" = USB2.0 ATV

"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax

"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport

"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{66392B7C-C522-450D-97B7-B3E41E170C3B}" = imagePROGRAF Status Monitor

"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{729E16B3-1B80-4F3F-8D19-342A89631E0A}_is1" = Media converter

"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset

"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print

"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater

"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1

"{91D27E68-979D-450F-82CC-418C5267C43E}" = Canon iPF8300 Print Plug-In for Photoshop CS5

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth

"{982AC07C-985C-42D8-990E-2EEF443D53CE}" = ArcSoft MediaImpression

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software

"{A4B68C10-AEF9-4068-8CB5-216963AFC86C}" = Light Source Check Tool

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{B67A83A0-DBE5-482E-8437-5E0AD6D0EF1D}" = Canon iPF8300 User Manual

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie

"{BCE2ED29-2E42-4481-8071-5D3E9FD270EE}" = MAX Console

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C5B66421-3963-4ACD-9074-2648A4741033}" = Nero 7 Essentials

"{C96FF998-45BD-411E-9253-B7F2660FE280}" = Qwest Installer

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq

"{DB3A97C0-EEC1-43FE-AB56-E2EA972CF111}" = 1600

"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365

"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting

"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide

"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant

"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine

"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext

"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper

"{EA79DC46-98B0-4A26-A76F-448A032E5E4D}" = 1600Trb

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper

"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint

"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset

"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR

"{FEA5A8ED-93A1-44EE-9A7D-43103DB3F78D}" = 1600_Help

"{FF484104-ECC5-499C-9B12-D0F8178A16A5}" = ScanExpress A3 USB 2400 Pro V1.2

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip" = 7-Zip 4.65

"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint

"ACDSee" = ACDSee

"Acer Game Console" = Acer Game Console

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Acer Welcome Center" = Welcome Center

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Applian Director2.1" = Applian Director

"ArcSoft Camera Suite" = ArcSoft Camera Suite

"Audiograbber" = Audiograbber 1.83 SE

"Audiograbber-Lame" = Audiograbber MP3 Plugin

"BN_DesktopReader" = NOOK for PC

"Cfont Pro_is1" = Cfont Pro v4

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows

"ExpressRip" = Express Rip

"Flash Player Pro_is1" = Flash Player Pro V5.4

"FutureMatDesigner" = FutureMatDesigner

"Hotkey Utility" = Hotkey Utility

"Hoyle Card Games 5" = Hoyle Card Games 5

"Identity Card" = Identity Card

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe

"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite

"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager

"InstallShield_{BCE2ED29-2E42-4481-8071-5D3E9FD270EE}" = MAX Console

"InstallShield_{FF484104-ECC5-499C-9B12-D0F8178A16A5}" = ScanExpress A3 USB 2400 Pro V1.2

"Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.1

"MagicISO v5.5_is1" = MagicISO v5.5 (build 0274)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"M-Minder_is1" = M-Minder 3.1

"NAV" = Norton AntiVirus

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Pinochle_is1" = Pinochle 4.14

"Replay Video Capture3.1B" = Replay Video Capture

"Replay Video Capture4.2" = Replay Video Capture

"Silent Package Run-Time Sample" = WorkForce 30 Series Info Center

"Spyder4Elite" = Spyder4Elite

"TurboTax 2011" = TurboTax 2011

"TurboTax 2012" = TurboTax 2012

"WF30IQ" = PowerDriver IQ WF30

"WildTangent acer Master Uninstall" = Acer Games

"WT088295" = Agatha Christie - Death on the Nile

"WT088300" = Bejeweled 2 Deluxe

"WT088310" = Build-a-lot 2

"WT088312" = Chuzzle Deluxe

"WT088318" = Diner Dash 2 Restaurant Rescue

"WT088350" = Jewel Quest Solitaire 2

"WT088364" = Plants vs. Zombies

"WT088373" = Blackhawk Striker 2

"WT088393" = Dora's Carnival Adventure

"WT088413" = FATE

"WT088445" = John Deere Drive Green

"WT088449" = Penguins!

"WT088453" = Polar Bowler

"WT088457" = Polar Golfer

"WT088517" = Zuma's Revenge

"WT088553" = Virtual Villagers 4 - The Tree of Life

"WT088649" = 18 Wheels of Steel - American Long Haul

"WT088653" = Jewel Quest - Heritage

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Mail" = Yahoo! Internet Mail

"Yahoo! Mail Advisor" = Yahoo! Mail Advisor

"Yahoo! Software Update" = Yahoo! Software Update

"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"GoToMeeting" = GoToMeeting 5.1.0.880

========== Last 20 Event Log Errors ==========

[ System Events ]

Error - 11/5/2013 9:50:46 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7038

Description = The nvUpdatusService service was unable to log on as .\UpdatusUser

with the currently configured password due to the following error: %%1330 To ensure

that the service is configured properly, use the Services snap-in in Microsoft

Management Console (MMC).

Error - 11/5/2013 9:50:46 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000

Description = The NVIDIA Update Service Daemon service failed to start due to the

following error: %%1069

Error - 11/6/2013 9:43:50 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000

Description = The PDIHWCTL service failed to start due to the following error: %%2

Error - 11/6/2013 9:46:13 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7038

Description = The nvUpdatusService service was unable to log on as .\UpdatusUser

with the currently configured password due to the following error: %%1330 To ensure

that the service is configured properly, use the Services snap-in in Microsoft

Management Console (MMC).

Error - 11/6/2013 9:46:13 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000

Description = The NVIDIA Update Service Daemon service failed to start due to the

following error: %%1069

Error - 11/6/2013 2:16:19 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7034

Description = The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly.

It has done this 1 time(s).

Error - 11/6/2013 2:17:59 PM | Computer Name = Chris-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012

Description = There was an error while attempting to read the local hosts file.

Error - 11/6/2013 4:01:27 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000

Description = The PDIHWCTL service failed to start due to the following error: %%2

Error - 11/6/2013 4:04:19 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7038

Description = The nvUpdatusService service was unable to log on as .\UpdatusUser

with the currently configured password due to the following error: %%1330 To ensure

that the service is configured properly, use the Services snap-in in Microsoft

Management Console (MMC).

Error - 11/6/2013 4:04:19 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000

Description = The NVIDIA Update Service Daemon service failed to start due to the

following error: %%1069

< End of report >

Link to post
Share on other sites
flashh4

flashh4

Posted
Posted

Chris, the OTL fix did not run, so we need to run it again !!

 

We need to Run an OTL fix !!

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following text into the customFix.png. text box of the OTL tool/program ! Start with and include the colon plus OTL . :OTL

:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBoxIE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRCIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not foundO3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not foundO4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not foundO4 - HKU\.DEFAULT..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not foundO4 - HKU\S-1-5-18..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe File not foundO4 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001..\Run: [AdobeBridge]  File not foundO4 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001..\Run: [EPSON WorkForce 30 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Windows\TEMP\E_S386E.tmp" /EF "HKCU" File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO18:64bit: - Protocol\Handler\ipp - No CLSID value foundO18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value foundO18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.:Filesipconfig /flushdns /c:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.




 

Link to post
Share on other sites
woodshopfun

woodshopfun

Posted
  • Author
Posted

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.

Registry value HKEY_USERS\S-1-5-21-1659877409-1044070501-2002214681-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Conime not found.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect not found.

Registry value HKEY_USERS\S-1-5-21-1659877409-1044070501-2002214681-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge not found.

Registry value HKEY_USERS\S-1-5-21-1659877409-1044070501-2002214681-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON WorkForce 30 Series not found.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ not found.

File Protocol\Handler\ipp - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\0x00000001\ not found.

File Protocol\Handler\ipp\0x00000001 - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ not found.

File Protocol\Handler\msdaipp - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.

File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.

File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Chris\Desktop\cmd.bat deleted successfully.

C:\Users\Chris\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Chris

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator

->Flash cache emptied: 598 bytes

User: All Users

User: Chris

->Flash cache emptied: 1022 bytes

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 33851 bytes

->Temporary Internet Files folder emptied: 6945925 bytes

->Flash cache emptied: 0 bytes

User: All Users

User: Chris

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 106658044 bytes

->Flash cache emptied: 0 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 47859 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 174262 bytes

Total Files Cleaned = 109.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 11072013_203818

Files\Folders moved on Reboot...

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\12[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\ads[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\ads[2].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\aiCA1QYP73.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\aiCA1WDUAV.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\aiCA9MWIGD.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\aiCAB9RC3Q.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\aiCADSXXF4.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\aiCAIRU1SU.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\aiCAKS90L2.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\aiCATSJYUO.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\ai[11].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\page-2[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8NIO37AQ\ai[10].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8NIO37AQ\ai[11].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8NIO37AQ\ai[8].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8NIO37AQ\ai[9].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8NIO37AQ\postmessageRelay[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8NIO37AQ\zrt_lookup[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\89HTIHFH\aiCAATP3YM.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\89HTIHFH\aiCAZJJV2N.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\89HTIHFH\ai[11].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\89HTIHFH\fastbutton[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\89HTIHFH\xd_arbiter[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\89HTIHFH\xd_arbiter[2].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\59QVBEZ2\2q6dNtNfG1YHziVjQ1hUSA[1].woff moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\59QVBEZ2\sNpRL69iYnSa-pHm90cZTA[1].woff moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\466KNG8Y\aiCA4URQWD.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\466KNG8Y\aiCARZN6FA.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\466KNG8Y\aiCAS7SV9S.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\466KNG8Y\aiCAWRGNAZ.htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\466KNG8Y\facebook_com[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\466KNG8Y\like[2].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\28YFTQCG\VBbzpp2k5li[1].mp3 moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites
flashh4

flashh4

Posted
Posted

That's it Chris, the one i been looking for !!

 

This is the clean-up procedure

Double click OTL.exe to launch the program.

Click on the CleanUp! button.

OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.

Select Yes. when the "Begin cleanup Process?" prompt appears.

If you are prompted to Reboot during the cleanup, select Yes.

When finished exit out of OTL

The tool will delete itself once it finishes, if not delete it by yourself.

 

 

 

====================================

 

 

 

I know you may have some of these installed, this is just my standard all clean speech !

Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:


 1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

  * From within Internet Explorer click on the Tools menu and then click on Options.
   * Click once on the  Security tab
   * Click once on the  Internet icon so it becomes highlighted.
   * Click once on the  Custom Level button.
   * Change the  Download signed ActiveX controls to Prompt
   * Change the  Download unsigned ActiveX controls to Disable
   * Change the  Initialize and script ActiveX controls not marked as safe to Disable
  *  Change the  Installation of desktop items to Prompt
   * Change the  Launching programs and files in an IFRAME to Prompt
   * Change the  Navigate sub-frames across different domains to Prompt
   * When all these settings have been made, click on the  OK button.
   * If it prompts you as to whether or not you want to save the settings, press the  Yes button.
  *  Next press the  Apply button and then the  OK to exit the Internet Properties page.


 2. Enable Protected Mode in Internet Explorer . This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:

  *  Open  Internet Explorer
  *  Click on  Tools > Internet Options
  *  Press  Security tab
   * Select Internet zone then place check next to Enable Protected Mode if not already done
  *  Do the same for  Local Intranet, Trusted Sites and  Restricted Sites and then press  Apply
  *  Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.


NOTE: Fire Fox is a great browser also >>> http://www.mozilla.org/en-US/firefox/fx/
I use & like FireFox !!

3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

 4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here. **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:

Online Armor Free Online Armor Free

Agnitum Outpost Firewall Free Agnitum Outpost Firewall

5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update Windows update
 regularly to download and install any critical updates and service packs.  Windows Vista/7 users can open the  Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

 6. Consider a custom hosts file such as MVPS HOSTS
 This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002

Note: Be sure to follow the instructions to disable the  DNS Client service  before installing a custom hosts file.

 7. WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

8.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place
 


A must is a great Antivirus, i recommend you using AVAST its free >>> http://www.avast.com/free-antivirus-download

You are behind on some updates, please visit the Secunia Software Inspector >>>http://secunia.com/vulnerability_scanning/online/   
Update any vulnerable software you have. Many malware now use zero day exploits in outdated versions of browsers and third party programs like Flash Player,Java Runtime , Winzip, Acrobat Reader etc to allow them to install silently without your knowledge or detection by your antivirus protection.

To insure better safety, these are a must have:
Rule #1 ........ Good Antivirus
Rule #2 ........ Good Firewall
Rule #3 ........ Good Router is Great ! (optional but best)


Happy surfing and Stay Clean
Chuck

 

 

Hope you are happy with BesTTechie and our service !!

It may run a little slow until a few normal reboots !!

How's it running ??

 

If you see any of my ads for Besttechie or computer cleaning please like with a comment !! Thanks
 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 0
Go to topic listing