woodshopfun

Members
  • Content Count

    29
  • Joined

  • Last visited

About woodshopfun

  • Rank
    Member
  1. Great news! I think we finally have my daughter's computer back on line. Not sure what locked me out, but with the recovery disks, I was able to get back in, and everything seems to be working great. No viruses detected. A big thanks to flashh4!!!
  2. yes, she is using Norton, do I need to disable it?
  3. OTL Extras logfile created on: 12/7/2013 10:59:12 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kristi\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16736) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.60 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 29.54% Memory free 4.35 Gb Paging File | 2.90 Gb Available in Paging File | 66.65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 276.00 Gb Total Space | 223.86 Gb Free Space | 81.11% Space Free | Partition Type: NTFS Drive D: | 21.32 Gb Total Space | 2.62 Gb Free Space | 12.28% Space Free | Partition Type: NTFS Computer Name: JENSEN | User Name: Kristi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B8A2F9F-7A44-4A57-BCD1-86F41B83B688}" = rport=445 | protocol=6 | dir=out | app=system | "{136E3944-AD63-49A7-9E8A-47547B1A60CD}" = lport=138 | protocol=17 | dir=in | app=system | "{2785BD42-4DC0-44D6-9014-4F54BE1EB44D}" = rport=139 | protocol=6 | dir=out | app=system | "{33469F7B-8B2D-4231-97F1-4EEB1E6572D1}" = rport=137 | protocol=17 | dir=out | app=system | "{3A417AF5-3E9F-4196-BFC4-DBC35E40BA52}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{45CB5A09-D175-4C48-ABEA-F955AA0D8FFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4B11FF6B-F037-4C82-B3AE-34BA3F5E30F1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{51D9E665-683E-4856-ADC8-D9292260C609}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{5492B38A-6AE0-4EF1-B547-A562146293F9}" = lport=137 | protocol=17 | dir=in | app=system | "{5FC22F2D-9BFB-4669-96BE-FA3350002B90}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6B288D59-35D7-4560-8063-5E2D274490CA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{6C3DDD59-9C6D-40DD-BDDB-D0BB2A77B70E}" = rport=138 | protocol=17 | dir=out | app=system | "{7A634D45-66AE-4C6D-89BD-39BC04E83BC4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{8B152D25-8977-437C-B1EC-8C6048D28937}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{94691A3E-AE5C-4F5A-A3A6-9914850F9827}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9C5EF4F1-017E-44C6-AF75-090D2D3D8A95}" = lport=445 | protocol=6 | dir=in | app=system | "{A57B9A51-B4B7-4E5A-AAF8-05AD901FD5E2}" = rport=10243 | protocol=6 | dir=out | app=system | "{A6774F06-6CED-4B5E-8111-9908440A56F6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BB81FE30-482D-4394-8E42-55FD2F372CEB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{DED6ACE2-C3C9-4F01-980A-1CAD1E64D2C0}" = lport=10243 | protocol=6 | dir=in | app=system | "{DF8A72E2-6746-4E55-9AF6-281289396C2E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E03B5E39-ABA7-4233-9F01-B0DD673CA1F7}" = lport=2869 | protocol=6 | dir=in | app=system | "{E7E76518-CCA8-4119-8AF4-9345ACC19BC1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | "{EF4A8B3D-8B95-4734-B3E6-D86BCF4A4075}" = lport=139 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1505E06A-DF76-445D-B701-9EA94AD3A479}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{15EBD649-4353-4387-AF55-86D307F81E77}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1726E98E-C523-44CA-B329-787E781677DF}" = dir=out | name=microsoft mahjong | "{17B70AB1-BF69-4A16-B284-88CDF81FB8C1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 | "{1C90D1AA-BB9B-42AD-A8F1-4AA0BBA2B16C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1D4A7118-DDC3-4B7E-B31E-A2491FD4E85F}" = protocol=58 | dir=in | app=system | "{249A8BC5-0542-4271-87E8-81E52E0DB359}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{25D5A88C-7107-47EF-98F1-11959B635B42}" = dir=out | name=hp printer control | "{2EFCB1CB-F1CE-44AD-9A64-A9CCF9267DA2}" = dir=out | name=hp registration | "{31F3B2DD-6FEA-4A6F-BF04-E137EF2FE851}" = dir=out | name=hp+ | "{3AB2F4F7-D589-4C65-ADDA-BEA9028F3DA8}" = dir=in | name=kindle | "{3D92C6A8-3208-4AB0-88AA-25623DBE42EC}" = dir=out | name=skype | "{43B0E720-4B21-4947-B035-9C839104A988}" = dir=out | name=microsoft solitaire collection | "{44A7E2BC-ADAB-479E-9C78-5D1924CFBF12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4647106E-13D8-4773-BB90-FDC0721460FA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{4A289CF6-E2C0-498F-A511-C7985D1D47A0}" = dir=out | name=netflix | "{4C12BCFE-8362-4551-9526-761FBB664294}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{58636C9A-32F6-4B9D-ACEF-C55B1E9839B5}" = protocol=6 | dir=out | app=system | "{58D0ECD7-254C-4C1D-86F3-6798DA84B35C}" = dir=out | name=hp connected photo powered by snapfish | "{657297F2-5C72-4CC3-8A2C-4667A0ADD2C8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{657E6507-4497-479A-BB6C-A76C727475D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{65F7ACA8-E4EB-4DD3-B16F-67D7FFD2B70B}" = protocol=58 | dir=out | [email protected],-503 | "{685398BE-26BE-42DD-B0ED-22821485CF20}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6C586A61-BDD1-4919-BBDA-F31978052B43}" = protocol=58 | dir=in | [email protected],-28545 | "{7928015A-5CA0-4FE5-B0CF-6DD8886F5A7F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8ABE062C-994E-4AA4-AC1C-F3D6DA730A0B}" = dir=in | name=hp printer control | "{90E966B0-0885-43D1-87BC-C757DD585FDB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9368184F-5E60-41F2-838E-74ADEBB3EA76}" = dir=out | name=getting started with windows 8 | "{9D3259E3-A9AF-4F1B-8976-D68243693003}" = protocol=1 | dir=in | [email protected],-28543 | "{A21E12BB-7FFF-42EF-89D2-4BAD0884EDBD}" = dir=out | name=iheartradio | "{A2AF466B-80DB-47AC-9ADA-BF801BD2D187}" = dir=out | name=norton studio | "{A4877C84-2057-4526-8F01-2C9511AC128F}" = dir=in | name=ebay | "{B07B8C04-3AA3-4D59-8BD0-D0761FF1EEE7}" = dir=in | app=c:\users\kristi\appdata\local\microsoft\skydrive\skydrive.exe | "{B95F7E7C-D2D7-48A8-8169-3B8E5B263AFA}" = dir=in | name=skype | "{C305FA76-083B-4BBA-AF01-37D49B6921F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C741CDC4-020C-45F6-AD36-6ED3A546C5BF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CA0186B0-910E-4ECC-9F04-FB825483AF60}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D68D85DF-22EB-4465-8EC7-5E2834B2BFC5}" = protocol=1 | dir=out | [email protected],-28544 | "{D97A54FA-934F-4B97-987F-28E8B498FC67}" = dir=out | name=ebay | "{DA145439-2E89-48A4-946B-B4951A83B314}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E9CFBDD9-A70A-45E4-8C4E-510DE0688D07}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F1A14AA1-5197-49C9-80C2-0CC87EDC4BC4}" = protocol=58 | dir=out | [email protected],-28546 | "{F2FCF9BB-C5C5-4126-AAC0-647754C5F77E}" = dir=out | name=kindle | "{F382A039-DA0B-44E7-B015-661D972B3C75}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F4AC6705-1B23-43CA-AF02-A2AEEA1BA5E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F567D314-85D4-42BF-9EEB-A84F29E00BEE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{F66BCDB4-6EA1-46D9-9E91-EAE610A8BC4F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes "{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{63ADEC24-A374-80A8-E89B-BE401C787F75}" = AMD Catalyst Install Manager "{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A79A9231-0A5A-9384-21D0-DB753C2BE59B}" = AMD Fuel "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service "{E82EC5DF-28FD-C8F4-ED08-B88728158260}" = ccc-utility64 "O365HomePremRetail - en-us" = Microsoft Office 365 Home Premium - en-us "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0123AB93-E7A4-7F40-83B6-41EC2CF84B3F}" = CCC Help Dutch "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C3B99D2-35D0-6993-3C4B-A759419A8678}" = CCC Help Korean "{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center "{0DCCD5F4-29E7-4AA0-8C1D-F8E1503B91F4}" = Catalyst Control Center - Branding "{1225C0F8-AB1A-BE3A-CD0C-DB8CA1613940}" = CCC Help Greek "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{299BA1C7-2C4E-4C3D-8BBA-0F7EC5A90DD1}" = Bloggie Software "{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8 "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3C41A693-28E1-4335-A738-528B09DB600C}" = CCC Help Thai "{3C458872-A5BB-89F3-933C-2406F6D9E6F8}" = CCC Help Finnish "{4ED7050C-9332-4FB2-AB07-E94F25A53D39}" = HP Quick Launch "{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager "{52A3FC19-6F84-F293-08C6-80A1D2F7477F}" = CCC Help Swedish "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5CD2FE1D-A3DB-F273-2798-EFAACF8492A5}" = CCC Help Portuguese "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software (x86) "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A66D912-541C-54C6-43E6-17AF24700B91}" = CCC Help German "{6C8FF546-B0C0-0935-2F5E-7DC2DA727CFD}" = CCC Help Czech "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0 "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{734846E6-3E7A-04AC-0612-638A1D8A63F8}" = CCC Help Russian "{747F3993-036E-5F4F-1B82-7DA844B73966}" = Catalyst Control Center Localization All "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{793ED091-3F14-4968-3864-5C8A7727A5DA}" = CCC Help Chinese Standard "{835B275B-F29B-464B-BD4B-097FD55FAB0A}" = HP Software Framework "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390R 802.11bgn Wi-Fi Adapter "{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component "{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component "{9285EABA-D88C-4A8A-6E9D-5F55BF03E46F}" = Catalyst Control Center InstallProxy "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93EB60BA-458D-FBE6-E466-CD170080E719}" = CCC Help Polish "{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C0F4CBD-8543-96CC-46F1-75E57B1B22A6}" = Catalyst Control Center Graphics Previews Common "{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom "{9EF69B68-6DFE-F916-2D6E-E486D21A26C2}" = CCC Help Spanish "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{B1E7FE70-3B18-5BA2-8032-2547FC636A50}" = CCC Help Japanese "{B424890D-64FC-E0D1-4A17-4B512CA45CD9}" = CCC Help Italian "{B8019B54-F9BE-490A-9619-6D06F18F129F}" = HP Support Assistant "{BE64A239-E22E-9D77-AA57-36AE0443EC2F}" = CCC Help Chinese Traditional "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C96FF998-45BD-411E-9253-B7F2660FE280}" = CenturyLink Installer "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF8C33C1-C978-527D-E0AF-530882DEB146}" = AMD VISION Engine Control Center "{D23CA718-0356-41F2-8E6A-B5C6CD383EF7}" = HP Documentation "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D5DC9541-12F0-59CF-9430-1136D5A58BD0}" = CCC Help Hungarian "{D7FBE7DC-A18F-4DFF-80BB-A478E4E09CF7}" = CCC Help Danish "{DC3C5C4A-1869-A99C-3AE4-55E0191105F0}" = CCC Help Norwegian "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1 "{EB2CDF95-92D4-AC57-63B1-4E7F0BD8F9B8}" = CCC Help French "{ECA42F46-D80E-AD40-18FB-4BF64491CEE3}" = CCC Help English "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF282A38-D10B-E302-FBAD-5903C9DD9A5B}" = CCC Help Turkish "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "BloggieSoftware" = Bloggie Software "Flash Player Pro_is1" = Flash Player Pro V5.4 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10 "InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8 "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "NAV" = Norton AntiVirus "WildTangent hp Master Uninstall" = HP Games "WildTangent wildgames Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live Essentials "WTA-34a0f46f-2586-4346-812c-3e18d190d88a" = Luxor Evolved "WTA-3e034c4a-10db-4d90-986c-4ad842d30c78" = Polar Bowler "WTA-43d91043-ebc0-4697-8d3d-d2bc3c24954c" = Farm Frenzy "WTA-4685aa80-dc5b-4935-83fa-befd7b91e9f5" = Chuzzle Deluxe "WTA-4a27aa2d-9c25-4db9-98ad-36510c794c7f" = Cradle Of Egypt Collector's Edition "WTA-4a30ae7a-f08b-4f44-a12c-09edc11ad2a6" = Governor of Poker 2 Premium Edition "WTA-52d040ec-7135-4eec-9cd4-cdf2230564a1" = Mahjongg Dimensions Deluxe: Tiles in Time "WTA-5506661c-81d3-49e4-b2f9-072576c15d91" = Roads of Rome 3 "WTA-5c01f4e4-2494-4342-bf09-6b5fba8368f5" = John Deere Drive Green "WTA-5e80cd2a-d654-401d-b385-74b579628353" = Jewel Match 3 "WTA-715442b8-3be5-4073-9b0e-f41506dd2310" = Hoyle Card Games "WTA-7c7027da-bc2b-4364-af24-485d85da4b7b" = Final Drive Fury "WTA-83705bd4-8013-45e7-b430-3806a7dc4745" = Mortimer Beckett and the Crimson Thief Premium Edition "WTA-8ba64964-a6d3-492c-9d8f-02006b962c0c" = Vacation Questâ„¢ - Australia "WTA-9431f875-5fc4-41b0-8bbb-5a2107f43f7b" = Penguins! "WTA-973dfb2b-f35d-4000-af3a-be238aa6ef88" = Bejeweled 3 "WTA-a86c3f90-cf5b-4c9f-8c9a-690d3045ff3d" = Peggle Nights "WTA-b08e9137-7fa1-480b-8f21-a404a4877e38" = Mystery P.I. - Curious Case of Counterfeit Cove "WTA-bd80f60a-4ecd-4a36-a634-a563d4b1e9de" = Polar Golfer "WTA-d76db04b-4e71-4bac-880c-969c2616d43d" = Tales of Lagoona "WTA-d8e241f0-1a03-4a4a-94d2-f0379e66bc9a" = FATE: The Cursed King "WTA-d9f2e693-20fd-4edf-99dd-54fc5c9567f9" = Build-a-lot 4 - Power Source "WTA-df35cdb0-0d63-4dfb-afa8-94429c4cf1f3" = Zuma's Revenge "WTA-e173b0c7-0897-4cc2-910e-53ef978247b4" = Cradle of Rome 2 "WTA-fa24b63a-3a29-4c8b-9aeb-e1577cb8a12f" = 4 Elements II "WTA-fb2ce78a-3b49-4539-8948-b141dca7fa98" = FlatOut 2 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-731434280-73576831-2629088662-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Define Ext" = Define Ext "SkyDriveSetup.exe" = Microsoft SkyDrive ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12/7/2013 11:10:56 AM | Computer Name = Jensen | Source = Office 2013 Licensing Service | ID = 0 Description = Error - 12/7/2013 1:17:03 PM | Computer Name = Jensen | Source = Office 2013 Licensing Service | ID = 0 Description = [ System Events ] Error - 12/7/2013 10:57:08 AM | Computer Name = Jensen | Source = DCOM | ID = 10010 Description = Error - 12/7/2013 11:00:40 AM | Computer Name = Jensen | Source = EventLog | ID = 6008 Description = The previous system shutdown at 7:58:06 AM on ?12/?7/?2013 was unexpected. Error - 12/7/2013 12:04:28 PM | Computer Name = Jensen | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpqwmiex service. < End of report >
  4. OTL logfile created on: 12/7/2013 10:59:12 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kristi\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16736) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.60 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 29.54% Memory free 4.35 Gb Paging File | 2.90 Gb Available in Paging File | 66.65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 276.00 Gb Total Space | 223.86 Gb Free Space | 81.11% Space Free | Partition Type: NTFS Drive D: | 21.32 Gb Total Space | 2.62 Gb Free Space | 12.28% Space Free | Partition Type: NTFS Computer Name: JENSEN | User Name: Kristi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days ========== Processes (SafeList) ========== PRC - [2013/12/07 10:44:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kristi\Desktop\OTL.scr PRC - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe PRC - [2013/04/16 07:38:30 | 000,048,496 | ---- | M] (CenturyLink Inc) -- C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/07/27 18:21:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2012/07/09 13:40:02 | 000,580,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2012/07/09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2012/06/07 20:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe PRC - [2012/03/28 18:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2011/02/08 11:12:24 | 000,746,856 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe PRC - [2009/04/23 05:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2009/04/23 05:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe ========== Modules (No Company Name) ========== MOD - [2013/10/17 18:35:15 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\66408ec86b705cd9f9aab66e84bb7fd5\System.Web.Services.ni.dll MOD - [2013/10/17 18:33:57 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7d7b887e33aafaadae040bb07fa959bb\System.Configuration.ni.dll MOD - [2013/10/15 19:50:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\53c49b1cfdb85cf6784c7dcc8cdbd56d\System.Windows.Forms.ni.dll MOD - [2013/09/03 07:51:40 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3866f7a0829a76e958174f2d89bae9a8\System.Management.ni.dll MOD - [2013/09/03 07:49:13 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\70c38c5db6131d4cf9b238f6a40d276e\System.Runtime.Serialization.Formatters.Soap.ni.dll MOD - [2013/09/03 07:27:23 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fc5d4ada42ed8e9a30b64912f5dc9767\System.Xml.ni.dll MOD - [2013/09/03 07:26:49 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e4447d26cd9083018bd28ddd60a0248\System.Drawing.ni.dll MOD - [2013/09/03 07:25:03 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1b46657236c1f942f9dbaf6aac73bb49\System.ni.dll MOD - [2013/07/20 10:12:51 | 011,500,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\d1ce70bf6cbab6ab838cbd8b50e902c1\mscorlib.ni.dll MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012/06/08 11:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll MOD - [2012/06/07 20:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll MOD - [2009/04/16 12:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/09/17 17:57:32 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc) SRV:64bit: - [2013/08/15 22:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2013/07/01 17:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2013/06/24 15:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2013/06/01 02:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2013/05/03 23:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013/05/03 23:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2013/04/08 21:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2013/03/01 19:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2013/03/01 19:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2013/01/09 16:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013/01/09 16:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012/09/20 01:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012/09/19 23:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012/08/06 12:08:48 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2012/08/02 02:06:02 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012/07/25 20:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012/07/25 20:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012/07/25 20:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012/07/25 20:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012/07/25 20:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012/07/25 20:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012/07/25 20:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012/07/25 20:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012/07/25 20:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012/07/25 20:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2012/07/21 09:30:36 | 000,321,536 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2013/10/12 11:59:56 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe -- (NAV) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/09/20 01:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012/08/10 17:53:44 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2012/07/25 20:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012/07/25 20:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2012/07/25 20:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2012/07/13 18:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2012/07/09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/11/23 11:40:53 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013/10/10 04:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2013/08/15 22:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2013/08/09 23:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2013/07/09 01:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2013/07/01 18:41:47 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013/07/01 18:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2013/07/01 18:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2013/07/01 17:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013/07/01 15:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013/06/28 23:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2013/05/31 20:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013/05/22 22:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1404000.028\symefa64.sys -- (SymEFA) DRV:64bit: - [2013/05/20 22:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1404000.028\symds64.sys -- (SymDS) DRV:64bit: - [2013/05/15 22:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1404000.028\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013/05/04 00:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2013/04/24 17:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1404000.028\symnets.sys -- (SymNetS) DRV:64bit: - [2013/04/15 19:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1404000.028\ccsetx64.sys -- (ccSet_NAV) DRV:64bit: - [2013/04/15 06:02:04 | 002,482,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013/03/04 18:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1404000.028\ironx64.sys -- (SymIRON) DRV:64bit: - [2013/03/04 18:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1404000.028\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2013/03/02 03:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2013/03/02 03:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013/01/09 18:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012/11/26 20:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012/11/19 21:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012/11/05 20:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012/10/12 01:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/10/11 00:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012/10/10 22:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2012/09/20 00:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012/09/20 00:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012/08/24 02:38:28 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012/08/24 02:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2012/08/24 02:38:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv) DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/08/03 14:07:30 | 000,020,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver) DRV:64bit: - [2012/08/02 03:54:18 | 010,280,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/08/02 01:09:30 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/07/25 22:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/07/25 22:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012/07/25 22:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012/07/25 22:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012/07/25 22:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012/07/25 22:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012/07/25 22:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012/07/25 22:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012/07/25 22:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012/07/25 22:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012/07/25 22:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012/07/25 22:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012/07/25 22:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012/07/25 22:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012/07/25 22:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012/07/25 22:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012/07/25 22:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012/07/25 21:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012/07/25 21:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012/07/25 20:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012/07/25 19:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2012/07/25 19:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012/07/25 19:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012/07/25 19:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012/07/25 19:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012/07/25 19:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012/07/25 19:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012/07/25 19:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012/07/25 19:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012/07/25 19:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012/07/25 19:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012/07/25 19:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012/07/25 19:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012/07/25 19:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012/07/25 19:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/07/25 19:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012/07/25 19:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012/07/25 19:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/07/25 19:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012/07/25 19:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012/07/25 19:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012/07/25 19:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012/07/23 14:35:12 | 000,079,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2012/07/23 14:35:12 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2012/07/21 09:30:36 | 000,540,160 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2012/07/04 11:41:58 | 000,339,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2012/06/25 10:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive) DRV:64bit: - [2012/06/20 19:45:12 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NAVx64\1404000.028\symelam.sys -- (SymELAM) DRV:64bit: - [2012/06/18 19:07:50 | 000,057,000 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2012/06/12 22:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012/06/02 07:32:26 | 010,627,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV - [2013/12/03 11:27:32 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20131203.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013/12/01 08:49:34 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20131206.020\ex64.sys -- (NAVEX15) DRV - [2013/12/01 08:49:34 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013/12/01 08:49:34 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20131206.020\eng64.sys -- (NAVENG) DRV - [2013/11/25 21:32:11 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013/11/08 17:15:44 | 000,521,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20131206.001\IDSviA64.sys -- (IDSVia64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT13/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT13/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT13/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT13/1 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-731434280-73576831-2629088662-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT13/1 IE - HKU\S-1-5-21-731434280-73576831-2629088662-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mycenturylink.com/ IE - HKU\S-1-5-21-731434280-73576831-2629088662-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-731434280-73576831-2629088662-1002\..\SearchScopes\{05387001-A37D-4889-9D6D-D691A94F8B0B}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20130832,19669,0,6,7635 IE - HKU\S-1-5-21-731434280-73576831-2629088662-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS IE - HKU\S-1-5-21-731434280-73576831-2629088662-1002\..\SearchScopes\{25D5CFFC-8A6A-4E0E-86C6-6A3EAE2F050A}: "URL" = http://findwide.com/serp?guid={13F1A3EB-0357-43FA-AB02-766F17946932}&serpv=6&action=default_search&k={searchTerms} IE - HKU\S-1-5-21-731434280-73576831-2629088662-1002\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKU\S-1-5-21-731434280-73576831-2629088662-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "FindWide" FF - prefs.js..browser.startup.homepage: "http://start.findwide.com/v/2/?guid={13F1A3EB-0357-43FA-AB02-766F17946932}&serpv=6" FF - prefs.js..extensions.enabledAddons: 2182c59b-52a6-4361-8582-ea68a9f74e27%4030056f63-cd7d-4a99-a8d3-607bf2f1ac42.com:0.92.9 FF - prefs.js..extensions.enabledAddons: %7BD98EBE55-5FE6-4F99-932D-768F41F94B09%7D:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0 FF - prefs.js..keyword.URL: "http://findwide.com/serp?guid={13F1A3EB-0357-43FA-AB02-766F17946932}&serpv=6&action=default_search&k=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKCU\Software\MozillaPlugins\@sony.com/Some: C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll (Sony) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFF [2013/11/09 16:32:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/05 12:28:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kristi\AppData\Roaming\mozilla\Extensions [2013/12/01 21:44:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kristi\AppData\Roaming\mozilla\Firefox\Profiles\8cd4ocyk.default\extensions [2013/10/08 20:29:23 | 000,000,000 | ---D | M] (Music Remote) -- C:\Users\Kristi\AppData\Roaming\mozilla\Firefox\Profiles\8cd4ocyk.default\extensions\{D98EBE55-5FE6-4F99-932D-768F41F94B09} [2013/12/01 21:44:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions [2013/10/12 11:59:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/10/12 11:59:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} File not found (No name found) -- C:\USERS\KRISTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CD4OCYK.DEFAULT\EXTENSIONS\[email protected]BF2F1AC42.COM O1 HOSTS File: ([2012/07/25 22:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3 - HKU\S-1-5-21-731434280-73576831-2629088662-1002\..\Toolbar\WebBrowser: (no name) - {6FA88E76-8A91-48CB-8E88-2B226CC4A22E} - No CLSID value found. O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CenturyLinkTouchPointAgent] C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe (CenturyLink Inc) O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard) O4 - Startup: C:\Users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-731434280-73576831-2629088662-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553557800} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B7748B5-31C3-4314-B72F-B1B0C736B8FC}: DhcpNameServer = 192.168.0.1 205.171.2.25 O18:64bit: - Protocol\Handler\osf - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 360 Days ========== [2013/12/07 10:44:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kristi\Desktop\OTL.scr [2013/12/07 10:08:30 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Kristi\Desktop\dds.scr [2013/12/07 08:20:04 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Malwarebytes [2013/12/07 08:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/12/07 08:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/12/07 08:19:49 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/12/07 08:19:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/12/07 08:19:08 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Programs [2013/12/07 08:16:52 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Kristi\Desktop\mbam-setup-1.75.0.1300 malwarebytes.exe [2013/12/01 21:20:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/12/01 21:19:09 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Kristi\Desktop\JRT.exe [2013/12/01 20:08:26 | 000,078,296 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/12/01 20:08:24 | 000,694,232 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/12/01 19:22:51 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013/11/29 19:10:38 | 013,661,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll [2013/11/29 19:10:30 | 010,799,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll [2013/11/29 19:10:22 | 001,173,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll [2013/11/29 19:10:22 | 000,914,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll [2013/11/29 19:10:15 | 000,773,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2013/11/29 19:10:14 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2013/11/29 19:10:14 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll [2013/11/29 19:10:14 | 000,151,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys [2013/11/29 19:10:13 | 001,622,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2013/11/29 19:10:13 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll [2013/11/29 19:10:12 | 000,061,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys [2013/11/29 19:10:10 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll [2013/11/29 19:10:09 | 000,059,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2013/11/29 19:10:07 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll [2013/11/29 19:10:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2013/11/29 19:10:07 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2013/11/29 19:10:07 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2013/11/29 19:10:07 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2013/11/29 19:10:06 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2013/11/29 19:10:06 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe [2013/11/29 19:07:55 | 001,300,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll [2013/11/29 19:07:41 | 001,890,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013/11/29 19:07:15 | 000,096,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wfplwfs.sys [2013/11/29 19:07:13 | 002,062,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013/11/29 19:07:12 | 001,711,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013/11/29 19:05:16 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/11/29 19:05:10 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/11/29 19:05:10 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/11/29 19:05:10 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/11/29 19:05:09 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/11/29 19:04:48 | 002,304,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013/11/29 19:04:48 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013/11/23 11:40:04 | 000,433,752 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symnets.sys [2013/11/23 11:40:04 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symelam.sys [2013/11/23 11:40:01 | 001,139,800 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symefa64.sys [2013/11/23 11:40:01 | 000,493,656 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symds64.sys [2013/11/23 11:40:01 | 000,036,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtspx64.sys [2013/11/23 11:40:00 | 000,796,760 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtsp64.sys [2013/11/23 11:40:00 | 000,224,416 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\ironx64.sys [2013/11/23 11:39:59 | 000,169,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\ccsetx64.sys [2013/11/19 20:30:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1404000.028 [2013/11/09 16:36:35 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\NPE [2013/11/09 13:29:02 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013/11/09 13:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2013/11/09 13:27:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64 [2013/11/09 13:27:36 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus [2013/10/13 13:38:50 | 001,374,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdc.dll [2013/10/13 13:38:50 | 001,245,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdc.dll [2013/10/13 13:38:50 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wvc.dll [2013/10/13 13:38:49 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysmon.ocx [2013/10/13 13:38:49 | 000,437,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wvc.dll [2013/10/13 13:38:49 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sysmon.ocx [2013/10/13 13:38:20 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll [2013/10/13 13:38:18 | 008,858,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll [2013/10/13 13:38:16 | 001,125,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll [2013/10/13 13:38:12 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll [2013/10/13 13:38:12 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013/10/13 13:38:11 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll [2013/10/13 13:38:11 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll [2013/10/13 13:38:10 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll [2013/10/13 13:38:10 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll [2013/10/12 11:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/10/12 11:27:17 | 000,209,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NotificationUI.exe [2013/10/12 11:27:16 | 002,371,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSService.dll [2013/10/12 11:27:16 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll [2013/10/12 11:27:14 | 000,688,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll [2013/10/12 11:27:14 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll [2013/10/12 11:27:13 | 000,562,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll [2013/10/12 11:27:13 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll [2013/10/12 11:27:13 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll [2013/10/12 11:27:13 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppc.dll [2013/10/12 11:27:13 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sppc.dll [2013/10/12 11:27:12 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSClient.dll [2013/10/12 11:27:12 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.dll [2013/10/12 11:27:12 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSSync.dll [2013/10/12 11:27:12 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSSync.dll [2013/10/12 11:27:12 | 000,058,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dam.sys [2013/10/12 11:27:12 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2013/10/12 11:27:12 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2013/10/12 11:27:11 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSClient.dll [2013/10/12 11:27:11 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll [2013/10/12 11:27:11 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll [2013/10/12 11:27:11 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupcln.dll [2013/10/12 11:27:11 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll [2013/10/12 11:27:10 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setupcln.dll [2013/10/12 11:26:08 | 000,652,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2013/10/12 11:26:05 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll [2013/10/12 11:26:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/10/12 11:26:04 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/10/12 11:26:03 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll [2013/10/12 11:26:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/10/12 11:25:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/10/12 11:25:59 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/10/12 11:25:57 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2013/10/12 11:25:51 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/10/12 11:22:25 | 000,054,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2013/10/12 11:22:21 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2013/10/12 11:22:21 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys [2013/10/12 11:22:13 | 002,273,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msftedit.dll [2013/10/12 11:22:11 | 002,839,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll [2013/10/12 11:22:10 | 001,025,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2013/10/12 11:22:10 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2013/10/12 11:22:08 | 000,439,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WerFault.exe [2013/10/12 11:22:08 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanconn.dll [2013/10/12 11:22:08 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL [2013/10/12 11:22:08 | 000,327,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys [2013/10/12 11:22:08 | 000,263,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcmsvc.dll [2013/10/12 11:22:08 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSCard.dll [2013/10/12 11:22:08 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmmbase.dll [2013/10/12 11:22:08 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll [2013/10/12 11:22:07 | 000,385,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFault.exe [2013/10/12 11:22:07 | 000,195,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys [2013/10/12 11:22:07 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmmbase.dll [2013/10/12 11:22:07 | 000,125,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys [2013/10/12 11:22:07 | 000,120,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpioclx.sys [2013/10/12 11:22:06 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll [2013/10/12 11:22:06 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wwanadvui.dll [2013/10/12 11:22:06 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll [2013/10/12 11:22:06 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcmcsp.dll [2013/10/12 11:22:05 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll [2013/10/12 11:22:05 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll [2013/10/12 11:22:05 | 000,543,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanmm.dll [2013/10/12 11:22:05 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LocationApi.dll [2013/10/12 11:22:05 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\LocationApi.dll [2013/10/12 11:22:05 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL [2013/10/12 11:22:05 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\openfiles.exe [2013/10/12 11:22:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\openfiles.exe [2013/10/12 11:21:31 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013/10/12 11:21:31 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013/10/12 11:21:31 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013/10/12 11:21:31 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013/10/12 11:21:28 | 000,337,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS [2013/10/12 11:21:27 | 000,447,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS [2013/10/12 11:21:27 | 000,213,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UCX01000.SYS [2013/10/12 11:21:26 | 000,498,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2013/10/12 11:21:26 | 000,021,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2013/10/12 11:21:15 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll [2013/10/12 11:21:15 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll [2013/10/12 11:21:14 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tssdisai.dll [2013/09/26 18:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2013/09/26 18:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus [2013/09/26 18:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings [2013/09/26 18:52:12 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Google [2013/09/26 18:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Music Remote [2013/09/26 18:51:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013/09/26 18:20:54 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\SySaver [2013/09/17 21:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013/09/17 21:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013/09/17 21:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013/09/17 21:04:46 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Adobe [2013/09/02 18:58:55 | 000,000,000 | ---D | C] -- C:\Users\Kristi\Desktop\Media [2013/08/24 15:01:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2013/08/24 14:15:35 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll [2013/08/24 14:14:27 | 000,247,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys [2013/08/24 14:14:27 | 000,036,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys [2013/08/24 14:11:30 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013/08/24 14:11:30 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apprepapi.dll [2013/08/24 14:11:30 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apprepsync.dll [2013/08/24 14:11:30 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apprepapi.dll [2013/08/24 14:11:30 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apprepsync.dll [2013/08/12 20:17:10 | 000,000,000 | ---D | C] -- C:\Users\Kristi\Documents\Symantec [2013/08/08 20:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! [2013/08/08 20:22:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo! [2013/08/08 20:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Player Pro [2013/08/08 20:22:43 | 000,000,000 | ---D | C] -- C:\Users\Kristi\Documents\Flash Player Pro [2013/08/08 20:22:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flash Player Pro [2013/08/05 16:01:06 | 000,000,000 | ---D | C] -- C:\Users\Kristi\Desktop\Pictures [2013/08/05 12:52:13 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\OpenOffice.org [2013/08/05 12:49:45 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.1 [2013/08/05 12:48:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE [2013/08/05 12:48:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2013/08/05 12:44:59 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext [2013/08/05 12:44:40 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\TNT2 [2013/08/05 12:28:21 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Mozilla [2013/08/05 12:28:21 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Mozilla [2013/08/05 12:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013/08/05 12:28:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013/08/05 12:28:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak [2013/08/05 12:26:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013/08/05 12:26:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013/08/02 19:15:57 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Sony Corporation [2013/08/02 19:15:57 | 000,000,000 | ---D | C] -- C:\Users\Kristi\Documents\Bloggie Library [2013/08/02 19:15:54 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Sony Corporation [2013/08/02 19:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloggie Software [2013/08/02 19:15:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2013/08/02 19:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2013/07/16 16:45:35 | 002,219,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll [2013/07/16 16:45:31 | 001,842,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll [2013/07/16 16:45:30 | 002,391,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2013/07/16 16:45:30 | 002,106,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2013/07/16 16:45:29 | 006,987,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/07/16 16:45:27 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll [2013/07/16 16:45:26 | 001,527,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfcore.dll [2013/07/16 16:45:26 | 001,453,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcore.dll [2013/07/16 16:45:24 | 001,403,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi [2013/07/16 16:45:24 | 001,271,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe [2013/07/16 16:45:22 | 001,217,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi [2013/07/16 16:45:22 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013/07/16 16:45:21 | 001,093,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe [2013/07/16 16:45:21 | 000,583,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll [2013/07/16 16:45:20 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll [2013/07/16 16:45:20 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013/07/16 16:45:19 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samlib.dll [2013/07/16 16:45:18 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll [2013/07/16 16:45:18 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DeviceSetupManager.dll [2013/07/16 16:45:18 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MbaeParserTask.exe [2013/07/16 16:45:16 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll [2013/07/16 16:45:14 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys [2013/07/09 16:35:13 | 001,838,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013/07/09 16:34:53 | 002,842,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2013/07/09 16:34:52 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2013/07/09 16:34:41 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll [2013/07/09 16:34:41 | 000,496,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll [2013/06/15 07:13:39 | 000,888,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autochk.exe [2013/06/15 07:13:39 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\untfs.dll [2013/06/15 07:13:39 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\untfs.dll [2013/06/15 07:13:38 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autochk.exe [2013/06/15 07:13:37 | 001,257,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013/06/15 07:13:09 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentServer.dll [2013/06/15 07:13:01 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll [2013/06/15 07:12:56 | 000,014,848 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\rars.rs [2013/06/15 07:12:56 | 000,014,848 | ---- | C] (Microsoft) -- C:\Windows\SysNative\rars.rs [2013/06/15 07:12:55 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll [2013/06/15 07:12:55 | 000,330,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll [2013/06/15 07:12:54 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentExtensions.dll [2013/06/15 07:12:53 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Magnify.exe [2013/06/15 07:12:53 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4srcsnk.dll [2013/06/15 07:12:53 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netplwiz.dll [2013/06/15 07:12:53 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netplwiz.dll [2013/06/15 07:12:53 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psmsrv.dll [2013/06/15 07:12:52 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairing.dll [2013/06/15 07:12:52 | 000,284,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys [2013/06/15 07:12:51 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Magnify.exe [2013/06/15 07:12:51 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairing.dll [2013/06/15 07:12:51 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\intl.cpl [2013/06/15 07:12:51 | 000,120,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuthHost.exe [2013/06/15 07:12:50 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\biwinrt.dll [2013/06/15 07:12:49 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\biwinrt.dll [2013/06/15 07:12:48 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4srcsnk.dll [2013/06/15 07:12:48 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\intl.cpl [2013/06/15 07:12:48 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bisrv.dll [2013/06/15 07:12:47 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll [2013/06/15 07:12:46 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\muifontsetup.dll [2013/06/15 07:12:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\muifontsetup.dll [2013/06/15 07:09:54 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013/06/15 07:09:53 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013/06/15 07:09:53 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013/06/15 07:09:40 | 000,733,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013/06/15 07:09:31 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013/06/15 07:09:31 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013/05/19 19:13:07 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Logitech [2013/05/19 19:13:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech [2013/05/19 18:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013/05/19 18:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013/05/19 18:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013/05/19 10:31:45 | 003,552,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll [2013/05/19 10:31:44 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2013/05/19 10:31:39 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2013/05/19 10:31:37 | 002,107,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll [2013/05/19 10:31:33 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll [2013/05/19 10:31:32 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll [2013/05/19 10:31:29 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013/05/19 10:31:27 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAudDecMFT.dll [2013/05/19 10:31:15 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAudDecMFT.dll [2013/05/19 10:31:14 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd_02_10ec.dll [2013/05/19 10:31:12 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll [2013/05/19 10:31:11 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rsaenh.dll [2013/05/19 10:31:06 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll [2013/05/19 10:31:06 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe [2013/05/19 10:31:04 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll [2013/05/19 10:31:03 | 000,435,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll [2013/05/19 10:31:03 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013/05/19 10:31:03 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll [2013/05/19 10:31:01 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll [2013/05/19 10:31:00 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe [2013/05/19 10:30:59 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RecoveryDrive.exe [2013/05/19 10:30:58 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpncore.dll [2013/05/19 10:30:50 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll [2013/05/19 10:30:50 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll [2013/05/19 10:30:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhengine.dll [2013/05/19 10:30:50 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dmvdsitf.dll [2013/05/19 10:30:48 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll [2013/05/19 10:30:48 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll [2013/05/19 10:30:48 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll [2013/05/19 10:30:47 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll [2013/05/19 10:30:47 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll [2013/05/19 10:30:45 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe [2013/05/19 10:30:45 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Robocopy.exe [2013/05/19 10:30:45 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdvm.dll [2013/05/19 10:30:44 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iuilp.dll [2013/05/19 10:30:44 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Robocopy.exe [2013/05/19 10:30:42 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dmvdsitf.dll [2013/05/19 10:30:42 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdnet.dll [2013/05/19 10:30:40 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll [2013/05/19 10:30:39 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll [2013/05/19 10:30:38 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GenuineCenter.dll [2013/05/19 10:30:38 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll [2013/05/19 10:30:37 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fmifs.dll [2013/05/19 10:30:36 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fmifs.dll [2013/05/19 10:30:35 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll [2013/05/19 10:30:34 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll [2013/05/19 10:30:34 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll [2013/05/19 10:30:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll [2013/05/19 10:02:56 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\PCHC [2013/05/19 09:37:39 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll [2013/05/19 09:37:39 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll [2013/05/19 07:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\CenturyLink [2013/05/19 07:50:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qwest [2013/05/19 07:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CenturyLink [2013/05/19 07:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CenturyLink [2013/05/19 07:19:23 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\ElevatedDiagnostics [2013/05/19 07:18:44 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Diagnostics [2013/05/15 18:27:54 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013/05/15 18:26:45 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll [2013/05/15 18:26:43 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll [2013/04/15 06:02:04 | 002,482,960 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\drivers\netr28x.sys [2013/04/15 06:02:04 | 000,334,000 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll [2013/04/13 16:48:59 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013/04/13 16:48:41 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013/04/13 16:48:39 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2013/04/13 16:48:37 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll [2013/04/13 16:48:36 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll [2013/04/13 16:48:34 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll [2013/04/13 16:48:33 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013/04/13 16:48:33 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll [2013/04/13 16:48:31 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll [2013/04/13 16:48:30 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2013/04/13 16:48:30 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll [2013/04/13 16:48:29 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013/04/13 16:48:28 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll [2013/04/13 16:48:28 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll [2013/04/13 16:48:28 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll [2013/04/13 16:48:25 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll [2013/04/13 16:48:25 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll [2013/04/13 16:48:24 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll [2013/04/13 16:48:23 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll [2013/04/13 16:48:22 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll [2013/04/13 16:48:20 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll [2013/04/13 16:48:19 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013/04/13 16:48:17 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl [2013/04/13 16:48:17 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll [2013/04/13 16:48:17 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys [2013/04/13 16:48:17 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys [2013/04/13 16:48:16 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl [2013/04/13 16:48:16 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe [2013/04/13 16:48:16 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL [2013/04/13 16:48:16 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll [2013/04/13 16:48:15 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll [2013/04/13 16:48:13 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll [2013/03/24 12:26:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive [2013/03/24 12:26:12 | 000,000,000 | R--D | C] -- C:\Users\Kristi\SkyDrive [2013/03/24 12:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2013/03/24 12:24:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013/03/24 11:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [2013/03/24 10:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15 [2013/03/22 13:23:53 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013/03/20 20:24:09 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll [2013/03/20 19:27:59 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe [2013/03/20 19:27:59 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidsvc.dll [2013/03/20 19:27:57 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe [2013/03/20 19:27:52 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll [2013/03/20 19:27:52 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll [2013/03/20 19:27:52 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.dll [2013/03/20 19:27:51 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys [2013/03/20 19:27:48 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll [2013/03/20 19:27:47 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL [2013/03/20 19:27:47 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013/03/20 19:27:47 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll [2013/03/20 19:27:46 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll [2013/03/20 19:27:46 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaacmgr.exe [2013/03/20 19:27:46 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaacmgr.exe [2013/03/20 19:27:45 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL [2013/03/20 19:27:45 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncbservice.dll [2013/03/20 19:27:45 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxm.dll [2013/03/20 19:27:45 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhsvc.dll [2013/03/20 19:27:44 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhapi.dll [2013/03/20 19:27:44 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxp.dll [2013/03/20 19:27:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\keepaliveprovider.dll [2013/03/20 19:22:17 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll [2013/03/20 19:22:16 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll [2013/03/20 19:22:14 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll [2013/03/20 19:22:14 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2013/03/20 19:22:14 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll [2013/03/20 19:22:13 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll [2013/03/20 19:22:13 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2013/03/20 19:22:13 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll [2013/03/20 19:22:12 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll [2013/03/20 19:22:12 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2013/03/20 19:22:12 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe [2013/03/20 19:22:12 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe [2013/03/20 19:22:11 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll [2013/03/20 19:22:11 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll [2013/03/20 19:22:11 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe [2013/03/20 19:22:11 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe [2013/03/20 19:22:09 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll [2013/03/20 19:22:09 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll [2013/03/20 19:21:42 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll [2013/03/20 19:21:41 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll [2013/03/20 19:21:23 | 001,184,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Display.dll [2013/03/20 19:21:22 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Display.dll [2013/03/20 19:21:22 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidi2c.sys [2013/03/20 19:21:22 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDKURD.DLL [2013/03/20 19:21:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDKURD.DLL [2013/03/20 19:19:53 | 011,459,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\glcndFilter.dll [2013/03/20 19:19:46 | 008,552,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\glcndFilter.dll [2013/03/20 19:19:40 | 000,976,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013/03/20 19:19:39 | 001,566,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll [2013/03/20 19:19:34 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe [2013/03/20 19:19:22 | 000,522,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll [2013/03/20 19:19:22 | 000,463,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll [2013/03/20 19:19:22 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dafWCN.dll [2013/03/20 19:19:20 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanmsm.dll [2013/03/20 19:19:20 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll [2013/03/20 19:19:20 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthprops.cpl [2013/03/20 19:19:19 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpclip.exe [2013/03/20 19:19:19 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bthprops.cpl [2013/03/20 19:19:19 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFCaptureEngine.dll [2013/03/20 19:19:16 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFCaptureEngine.dll [2013/03/20 19:19:13 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanapi.dll [2013/03/20 19:19:09 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanapi.dll [2013/03/20 19:19:08 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlansec.dll [2013/03/20 19:19:08 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlansec.dll [2013/03/20 19:19:08 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnApi.dll [2013/03/20 19:19:08 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WcnApi.dll [2013/03/20 19:19:07 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdWCN.dll [2013/03/20 19:19:07 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnEapAuthProxy.dll [2013/03/20 19:19:06 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wfdprov.dll [2013/03/20 19:19:06 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnEapPeerProxy.dll [2013/03/20 19:19:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wfdprov.dll [2013/03/20 19:19:04 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll [2013/03/20 19:19:03 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuaext.dll [2013/03/20 19:19:02 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fxppm.sys [2013/03/20 19:19:02 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanhlp.dll [2013/03/20 19:19:02 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanhlp.dll [2013/03/20 19:19:01 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wushareduxresources.dll [2013/03/20 19:19:01 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iscsilog.dll [2013/03/20 19:16:07 | 003,245,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2013/03/20 19:16:05 | 001,122,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Taskmgr.exe [2013/03/20 19:16:05 | 001,027,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Taskmgr.exe [2013/03/20 19:16:04 | 001,536,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storagewmi.dll [2013/03/20 19:16:04 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WebcamUi.dll [2013/03/20 19:16:03 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WebcamUi.dll [2013/03/20 19:16:03 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UserLanguagesCpl.dll [2013/03/20 19:16:02 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnapps.dll [2013/03/20 19:15:58 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2013/03/20 19:15:58 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UserLanguagesCpl.dll [2013/03/20 19:15:58 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpnapps.dll [2013/03/20 19:15:57 | 001,217,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\storagewmi.dll [2013/03/20 19:15:57 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2013/03/20 19:15:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsldr.exe [2013/03/20 19:15:53 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vds_ps.dll [2013/03/20 19:15:53 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vds_ps.dll [2013/03/20 19:15:53 | 000,029,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthhfHid.sys [2013/03/20 19:15:53 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BtaMPM.sys [2013/03/12 18:18:50 | 000,083,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcupdate_AuthenticAMD.dll [2013/02/22 08:59:12 | 000,829,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll [2013/02/22 08:59:12 | 000,608,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100.dll [2013/01/25 12:32:18 | 002,878,648 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpinkinsC511.exe [2013/01/25 12:32:16 | 000,333,496 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpinkstsC511LM.dll [2013/01/25 12:32:16 | 000,272,056 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpinkcoiC511.dll [2013/01/19 19:47:37 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appserverai.dll [2013/01/19 19:47:37 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RDWebAI.dll [2013/01/19 19:47:36 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VmHostAI.dll [2013/01/19 19:47:33 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe [2013/01/19 19:47:33 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe [2013/01/19 19:47:31 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptsslp.dll [2013/01/19 19:47:30 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptsslp.dll [2013/01/19 19:45:44 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2013/01/19 19:45:44 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2013/01/19 19:45:44 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll [2013/01/19 19:45:44 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnathlp.dll [2013/01/19 19:45:44 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe [2013/01/19 19:45:44 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe [2013/01/19 19:45:44 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnhupnp.dll [2013/01/19 19:45:44 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnhpast.dll [2013/01/19 19:45:44 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnhupnp.dll [2013/01/19 19:45:43 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnhpast.dll [2013/01/19 19:45:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnlobby.dll [2013/01/19 19:45:43 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnaddr.dll [2013/01/19 19:45:43 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnlobby.dll [2013/01/19 19:45:43 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnaddr.dll [2013/01/19 19:45:29 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2013/01/19 19:45:29 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2013/01/19 19:45:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll [2013/01/19 19:45:29 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll [2013/01/19 19:45:28 | 000,945,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\resetengmig.dll [2013/01/19 19:45:28 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysreset.exe [2013/01/19 19:45:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll [2013/01/19 19:45:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll [2013/01/19 19:45:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2013/01/19 19:45:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2013/01/13 15:54:55 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Apple Computer [2013/01/13 15:54:55 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Apple Computer [2013/01/13 15:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/01/13 15:54:05 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2013/01/13 15:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/01/13 15:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/01/13 15:51:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013/01/13 15:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013/01/13 15:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/01/13 15:43:27 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Apple [2013/01/13 15:43:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013/01/13 15:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013/01/13 15:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012/12/13 21:03:19 | 000,000,000 | ---D | C] -- C:\Users\Kristi\Documents\Youcam [2012/12/13 21:03:19 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\CyberLink [2012/12/13 21:03:18 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\CyberLink ========== Files - Modified Within 360 Days ========== [2013/12/07 10:44:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kristi\Desktop\OTL.scr [2013/12/07 10:08:32 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Kristi\Desktop\dds.scr [2013/12/07 09:52:25 | 000,891,200 | ---- | M] () -- C:\Users\Kristi\Desktop\SecurityCheck.exe [2013/12/07 09:09:59 | 000,941,050 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/12/07 09:09:59 | 000,783,894 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/12/07 09:09:59 | 000,158,368 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/12/07 09:07:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/12/07 09:05:24 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013/12/07 09:05:20 | 1370,914,816 | -HS- | M] () -- C:\hiberfil.sys [2013/12/07 08:19:54 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/12/07 08:17:16 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Kristi\Desktop\mbam-setup-1.75.0.1300 malwarebytes.exe [2013/12/07 08:00:38 | 000,440,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/12/01 21:19:10 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Kristi\Desktop\JRT.exe [2013/12/01 20:06:29 | 002,592,133 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\Cat.DB [2013/12/01 19:21:18 | 001,110,034 | ---- | M] () -- C:\Users\Kristi\Desktop\adwcleaner.exe [2013/12/01 04:08:38 | 000,000,258 | RHS- | M] () -- C:\Users\Kristi\ntuser.pol [2013/11/29 16:36:10 | 000,020,410 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\VT20131125.019 [2013/11/23 11:40:53 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013/11/23 11:40:53 | 000,007,631 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013/11/23 11:40:53 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013/11/05 15:58:57 | 000,694,232 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/11/05 15:58:57 | 000,078,296 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/10/12 01:45:44 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/10/12 01:43:56 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/10/12 01:43:37 | 003,959,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/10/12 01:43:37 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/10/12 00:02:33 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/10/10 04:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wfplwfs.sys [2013/10/05 10:15:32 | 000,003,048 | ---- | M] () -- C:\{FB5AB9CF-6D9A-49B1-A57A-D2E84CF0D81F} [2013/10/03 18:31:56 | 000,001,944 | ---- | M] () -- C:\{49520342-26FB-4328-AD4B-9740EF266BC5} [2013/10/02 17:43:06 | 000,003,736 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml [2013/10/02 16:25:41 | 001,300,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll [2013/10/01 16:37:53 | 002,035,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013/10/01 16:26:49 | 001,890,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013/10/01 16:26:45 | 002,304,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013/09/26 21:20:40 | 000,604,776 | ---- | M] () -- C:\{D8814319-CB44-4C1A-82E6-A81E77EB56F8} [2013/09/13 18:15:42 | 000,059,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2013/09/13 15:36:37 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe [2013/09/13 15:36:23 | 000,628,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2013/09/13 15:36:23 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2013/09/13 15:36:23 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2013/09/13 15:36:14 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll [2013/09/13 15:34:14 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2013/09/13 15:33:55 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll [2013/09/13 15:33:55 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2013/09/13 15:33:54 | 001,622,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2013/09/13 15:33:54 | 000,773,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2013/09/13 15:33:54 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2013/09/13 15:33:42 | 000,328,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll [2013/09/13 15:33:39 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll [2013/08/29 22:43:40 | 000,061,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys [2013/08/29 22:20:13 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll [2013/08/29 16:48:12 | 000,914,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll [2013/08/23 00:22:24 | 002,062,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013/08/22 18:44:40 | 001,711,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013/08/15 22:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dam.sys [2013/08/15 22:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WSService.dll [2013/08/15 22:32:48 | 000,209,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\NotificationUI.exe [2013/08/15 22:21:55 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2013/08/15 22:21:55 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2013/08/15 22:21:43 | 000,688,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll [2013/08/15 22:21:43 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WSSync.dll [2013/08/15 22:21:42 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WSClient.dll [2013/08/15 22:21:42 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.dll [2013/08/15 22:21:42 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll [2013/08/15 22:21:18 | 001,164,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll [2013/08/15 22:21:18 | 000,368,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll [2013/08/15 22:21:12 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\setupcln.dll [2013/08/15 22:21:00 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppc.dll [2013/08/15 22:20:30 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll [2013/08/15 15:43:07 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll [2013/08/15 15:43:03 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll [2013/08/15 15:43:03 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WSSync.dll [2013/08/15 15:43:02 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WSClient.dll [2013/08/15 15:43:02 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll [2013/08/15 15:43:02 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll [2013/08/15 15:43:02 | 000,083,968 | ---- | M] () -- C:\Windows\SysWow64\OEMLicense.dll [2013/08/15 15:42:52 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setupcln.dll [2013/08/15 15:42:47 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sppc.dll [2013/08/09 23:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys [2013/08/09 22:21:51 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll [2013/08/09 22:21:51 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll [2013/08/09 20:58:51 | 000,356,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll [2013/08/06 22:15:02 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tssdisai.dll [2013/08/05 12:52:49 | 000,001,231 | ---- | M] () -- C:\Users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk [2013/08/02 23:40:49 | 000,462,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sysmon.ocx [2013/08/02 23:40:17 | 000,566,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wvc.dll [2013/08/02 23:40:01 | 001,374,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wdc.dll [2013/08/02 22:14:15 | 000,399,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sysmon.ocx [2013/08/02 22:13:57 | 000,437,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wvc.dll [2013/08/02 22:13:43 | 001,245,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wdc.dll [2013/08/02 19:15:47 | 000,001,143 | R--- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk [2013/08/01 23:28:29 | 010,116,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll [2013/08/01 23:28:20 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013/08/01 22:08:18 | 008,858,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll [2013/07/30 16:30:05 | 000,386,923 | ---- | M] () -- C:\Windows\SysNative\ApnDatabase.xml [2013/07/26 20:58:39 | 002,207,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\PrintConfig.dll [2013/07/24 16:10:31 | 010,799,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll [2013/07/24 16:10:08 | 000,158,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll [2013/07/24 16:07:09 | 013,661,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll [2013/07/24 16:06:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll [2013/07/19 15:13:34 | 000,124,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll [2013/07/19 15:13:15 | 000,102,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll [2013/07/12 23:18:21 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013/07/12 23:15:53 | 000,124,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\apprepapi.dll [2013/07/12 23:15:53 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\apprepsync.dll [2013/07/12 21:23:03 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apprepapi.dll [2013/07/12 21:23:03 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apprepsync.dll [2013/07/09 01:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpioclx.sys [2013/07/08 23:18:21 | 000,439,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WerFault.exe [2013/07/08 21:25:45 | 000,385,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFault.exe [2013/07/08 20:57:19 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\LocationApi.dll [2013/07/08 15:46:00 | 000,543,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwanmm.dll [2013/07/08 15:46:00 | 000,414,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwanconn.dll [2013/07/08 15:46:00 | 000,370,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wwanadvui.dll [2013/07/08 15:45:16 | 000,312,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\LocationApi.dll [2013/07/05 17:16:17 | 001,025,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2013/07/05 17:15:29 | 000,652,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2013/07/02 17:23:43 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll [2013/07/02 17:23:12 | 000,778,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2013/07/02 17:22:47 | 002,839,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll [2013/07/02 17:11:23 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll [2013/07/02 17:10:53 | 002,273,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msftedit.dll [2013/07/01 18:41:47 | 000,447,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS [2013/07/01 18:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS [2013/07/01 18:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UCX01000.SYS [2013/07/01 17:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys [2013/07/01 15:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys [2013/06/30 18:42:09 | 000,498,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2013/06/30 18:42:09 | 000,021,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2013/06/30 15:30:14 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\openfiles.exe [2013/06/30 15:29:22 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\openfiles.exe [2013/06/28 23:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys [2013/06/28 23:15:47 | 000,125,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys [2013/06/28 22:43:16 | 000,327,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys [2013/06/28 20:08:18 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys [2013/06/28 20:07:13 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2013/06/24 15:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wcmsvc.dll [2013/06/24 15:54:45 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wcmcsp.dll [2013/06/21 22:45:57 | 000,054,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2013/06/18 22:36:21 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winmmbase.dll [2013/06/18 22:36:21 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll [2013/06/18 15:38:00 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\winmmbase.dll [2013/06/11 16:26:20 | 000,230,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WinSCard.dll [2013/06/10 12:16:07 | 000,888,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll [2013/06/10 12:15:38 | 000,381,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL [2013/06/10 12:10:58 | 000,702,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll [2013/06/10 12:10:37 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL [2013/06/03 23:44:32 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\isolate.ini [2013/06/01 04:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe [2013/06/01 04:26:31 | 006,987,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/06/01 03:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2013/06/01 02:25:52 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013/06/01 02:25:03 | 000,496,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll [2013/06/01 02:24:09 | 001,453,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcore.dll [2013/06/01 02:24:09 | 000,850,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll [2013/06/01 02:23:46 | 001,842,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll [2013/06/01 02:22:47 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MbaeParserTask.exe [2013/06/01 02:22:33 | 000,523,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013/06/01 02:22:09 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll [2013/06/01 02:21:39 | 000,729,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll [2013/06/01 02:21:39 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\samlib.dll [2013/06/01 02:21:34 | 000,595,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll [2013/06/01 02:20:45 | 000,583,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll [2013/06/01 02:20:34 | 001,527,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfcore.dll [2013/06/01 02:20:34 | 001,048,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll [2013/06/01 02:20:04 | 002,219,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll [2013/06/01 02:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DeviceSetupManager.dll [2013/05/31 20:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys [2013/05/30 16:24:29 | 001,257,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013/05/26 16:17:30 | 000,035,328 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013/05/26 15:59:03 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013/05/24 20:15:19 | 000,362,496 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013/05/24 19:32:52 | 000,300,032 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013/05/24 15:09:20 | 001,403,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi [2013/05/24 15:09:20 | 001,271,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe [2013/05/24 15:09:20 | 001,217,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi [2013/05/24 15:09:20 | 001,093,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe [2013/05/23 19:09:47 | 000,008,063 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symds64.cat [2013/05/23 16:02:30 | 001,314,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll [2013/05/22 22:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symefa64.sys [2013/05/22 22:25:28 | 000,007,587 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symefa64.cat [2013/05/22 22:25:28 | 000,003,434 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symefa.inf [2013/05/20 22:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symds64.sys [2013/05/20 22:02:00 | 000,002,852 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symds.inf [2013/05/20 21:40:20 | 000,008,067 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtsp64.cat [2013/05/15 22:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtsp64.sys [2013/05/15 22:02:14 | 000,001,437 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtsp64.inf [2013/05/15 15:37:03 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll [2013/05/15 15:35:49 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll [2013/05/14 19:25:59 | 000,888,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\autochk.exe [2013/05/14 19:25:44 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\untfs.dll [2013/05/14 19:24:10 | 000,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\autochk.exe [2013/05/14 19:24:01 | 000,482,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\untfs.dll [2013/05/04 00:58:17 | 000,120,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AuthHost.exe [2013/05/04 00:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys [2013/05/03 23:59:36 | 000,812,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Magnify.exe [2013/05/03 23:59:21 | 002,842,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2013/05/03 23:58:48 | 000,330,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll [2013/05/03 23:58:28 | 000,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\psmsrv.dll [2013/05/03 23:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll [2013/05/03 23:58:01 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netplwiz.dll [2013/05/03 23:57:59 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\muifontsetup.dll [2013/05/03 23:57:46 | 000,560,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4srcsnk.dll [2013/05/03 23:57:15 | 000,501,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairing.dll [2013/05/03 23:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\bisrv.dll [2013/05/03 23:57:05 | 000,122,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\biwinrt.dll [2013/05/03 23:57:04 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll [2013/05/03 23:57:00 | 001,131,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentServer.dll [2013/05/03 23:57:00 | 000,708,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentExtensions.dll [2013/05/03 23:56:53 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\intl.cpl [2013/05/03 21:58:14 | 000,758,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Magnify.exe [2013/05/03 21:57:58 | 002,620,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2013/05/03 21:57:04 | 000,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netplwiz.dll [2013/05/03 21:57:02 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\muifontsetup.dll [2013/05/03 21:56:48 | 000,411,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4srcsnk.dll [2013/05/03 21:56:14 | 000,449,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairing.dll [2013/05/03 21:56:06 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\biwinrt.dll [2013/05/03 21:56:05 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll [2013/05/03 21:55:58 | 000,389,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\intl.cpl [2013/05/03 21:51:38 | 000,014,848 | ---- | M] (Microsoft) -- C:\Windows\SysNative\rars.rs [2013/05/03 21:10:47 | 000,014,848 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\rars.rs [2013/04/28 15:28:29 | 000,915,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2013/04/26 22:20:12 | 000,733,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013/04/24 17:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symnets.sys [2013/04/24 17:43:50 | 000,008,067 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symnet64.cat [2013/04/24 17:43:50 | 000,001,440 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symnet.inf [2013/04/23 16:13:53 | 001,013,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013/04/23 15:56:35 | 001,255,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013/04/23 15:55:48 | 000,141,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013/04/15 19:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\ccsetx64.sys [2013/04/15 19:41:14 | 000,007,667 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\ccsetx64.cat [2013/04/15 19:41:14 | 000,000,853 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\ccsetx64.inf [2013/04/15 06:02:04 | 002,482,960 | ---- | M] (Ralink Technology, Corp.) -- C:\Windows\SysNative\drivers\netr28x.sys [2013/04/15 06:02:04 | 000,334,000 | ---- | M] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll [2013/04/15 06:02:04 | 000,013,973 | ---- | M] () -- C:\Windows\SysNative\RaCoInst.dat [2013/04/11 15:22:49 | 001,838,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013/04/09 16:17:06 | 001,125,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll [2013/04/08 22:33:02 | 000,489,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll [2013/04/08 22:33:02 | 000,446,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll [2013/04/08 22:33:02 | 000,253,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe [2013/04/08 22:20:02 | 000,306,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kd_02_10ec.dll [2013/04/08 22:20:02 | 000,086,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kdnet.dll [2013/04/08 22:18:05 | 000,077,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kdvm.dll [2013/04/08 22:17:57 | 001,829,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013/04/08 21:52:07 | 000,373,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe [2013/04/08 21:52:07 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe [2013/04/08 21:52:07 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Robocopy.exe [2013/04/08 21:52:06 | 000,804,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RecoveryDrive.exe [2013/04/08 21:51:51 | 000,367,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013/04/08 21:51:41 | 000,456,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wpncore.dll [2013/04/08 21:51:31 | 014,267,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2013/04/08 21:51:17 | 000,595,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll [2013/04/08 21:51:03 | 003,552,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll [2013/04/08 21:50:53 | 000,414,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\GenuineCenter.dll [2013/04/08 21:50:03 | 002,107,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll [2013/04/08 21:50:03 | 000,745,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll [2013/04/08 21:50:03 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll [2013/04/08 21:50:02 | 000,435,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll [2013/04/08 21:50:02 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll [2013/04/08 21:50:02 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll [2013/04/08 21:49:54 | 001,444,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MSAudDecMFT.dll [2013/04/08 21:49:45 | 000,468,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll [2013/04/08 21:49:45 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll [2013/04/08 21:49:33 | 000,210,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iuilp.dll [2013/04/08 21:49:16 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fhengine.dll [2013/04/08 21:49:16 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fmifs.dll [2013/04/08 21:49:09 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll [2013/04/08 21:49:06 | 000,196,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dmvdsitf.dll [2013/04/08 21:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll [2013/04/08 16:44:25 | 000,123,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll [2013/04/08 14:52:16 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Robocopy.exe [2013/04/08 14:52:01 | 011,878,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2013/04/08 14:51:57 | 000,411,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll [2013/04/08 14:51:51 | 002,767,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll [2013/04/08 14:51:24 | 001,593,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll [2013/04/08 14:51:24 | 000,659,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll [2013/04/08 14:51:24 | 000,403,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll [2013/04/08 14:51:24 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll [2013/04/08 14:51:21 | 001,113,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAudDecMFT.dll [2013/04/08 14:51:18 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll [2013/04/08 14:51:18 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll [2013/04/08 14:51:11 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\fmifs.dll [2013/04/08 14:51:08 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dmvdsitf.dll [2013/04/04 16:30:17 | 000,503,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/04/02 16:37:46 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013/04/02 16:12:32 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013/03/21 20:49:55 | 002,382,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll [2013/03/21 15:47:13 | 002,851,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll [2013/03/15 15:05:34 | 000,298,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rsaenh.dll [2013/03/06 00:10:10 | 000,112,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013/03/04 19:14:15 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symvtcer.dat [2013/03/04 18:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\ironx64.sys [2013/03/04 18:40:08 | 000,000,767 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\iron.inf [2013/03/04 18:39:19 | 000,007,593 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\iron.cat [2013/03/04 18:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtspx64.sys [2013/03/04 18:21:35 | 000,007,589 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtspx64.cat [2013/03/04 18:21:35 | 000,001,420 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtspx64.inf [2013/03/02 03:57:46 | 000,332,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2013/03/02 03:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys [2013/03/02 03:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys [2013/03/02 02:59:36 | 000,411,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013/03/02 01:23:30 | 000,893,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll [2013/03/02 01:23:28 | 000,601,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll [2013/03/02 01:23:28 | 000,504,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll [2013/03/02 01:23:04 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll [2013/03/02 01:23:00 | 000,375,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll [2013/03/02 01:22:36 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll [2013/03/02 01:22:32 | 005,091,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013/03/02 01:21:56 | 000,550,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll [2013/03/02 01:21:52 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll [2013/03/02 01:21:32 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl [2013/03/01 19:45:35 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013/03/01 19:45:35 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe [2013/03/01 19:45:18 | 000,071,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL [2013/03/01 19:45:16 | 001,101,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2013/03/01 19:45:14 | 001,627,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013/03/01 19:45:14 | 001,149,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll [2013/03/01 19:45:13 | 000,951,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll [2013/03/01 19:45:13 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll [2013/03/01 19:45:08 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll [2013/03/01 19:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll [2013/03/01 19:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll [2013/03/01 19:44:56 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll [2013/03/01 19:44:41 | 000,455,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll [2013/03/01 19:44:41 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll [2013/03/01 19:44:38 | 005,978,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013/03/01 19:44:08 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll [2013/03/01 19:44:07 | 000,150,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll [2013/03/01 19:44:05 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll [2013/03/01 19:43:51 | 002,146,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll [2013/03/01 19:43:50 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl [2013/02/22 08:59:12 | 000,829,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll [2013/02/22 08:59:12 | 000,608,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100.dll [2013/02/21 03:29:37 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/02/21 03:29:37 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/02/21 03:29:37 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/02/21 03:14:05 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/02/19 08:07:28 | 000,083,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mcupdate_AuthenticAMD.dll [2013/02/11 17:17:50 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013/02/02 01:40:55 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe [2013/02/02 01:40:55 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe [2013/02/02 01:40:36 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2013/02/02 01:40:35 | 000,370,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll [2013/02/02 01:40:26 | 000,410,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll [2013/02/02 01:40:22 | 000,197,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll [2013/02/02 01:39:34 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll [2013/02/02 01:39:34 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll [2013/02/02 01:24:19 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe [2013/02/02 01:24:19 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe [2013/02/02 01:23:44 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2013/02/02 01:23:43 | 000,475,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll [2013/02/02 01:23:37 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll [2013/02/02 01:23:28 | 000,543,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll [2013/02/02 01:23:19 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll [2013/02/02 01:21:44 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2013/02/02 01:20:47 | 000,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll [2013/02/02 01:20:31 | 000,729,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll [2013/02/01 22:41:57 | 001,437,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll [2013/02/01 22:31:54 | 001,690,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll [2013/01/25 12:32:18 | 002,878,648 | ---- | M] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpinkinsC511.exe [2013/01/25 12:32:16 | 000,333,496 | ---- | M] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpinkstsC511LM.dll [2013/01/25 12:32:16 | 000,272,056 | ---- | M] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpinkcoiC511.dll [2013/01/13 15:54:37 | 000,001,783 | ---- | M] () -- C:\Users\Kristi\Desktop\iTunes.lnk [2013/01/09 18:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys [2013/01/09 18:40:38 | 000,303,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013/01/09 16:26:53 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaacmgr.exe [2013/01/09 16:26:46 | 001,611,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe [2013/01/09 16:26:35 | 000,261,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll [2013/01/09 16:26:03 | 000,436,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL [2013/01/09 16:23:32 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wiaacmgr.exe [2013/01/09 16:23:25 | 002,094,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe [2013/01/09 16:23:18 | 000,256,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll [2013/01/09 16:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wlidsvc.dll [2013/01/09 16:23:14 | 000,406,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.dll [2013/01/09 16:23:07 | 001,886,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll [2013/01/09 16:22:41 | 000,666,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL [2013/01/09 16:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll [2013/01/09 16:22:29 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll [2013/01/09 16:22:26 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UMDF\HidBthLE.dll [2012/12/14 21:55:40 | 000,443,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll ========== Files Created - No Company Name ========== [2013/12/07 09:52:24 | 000,891,200 | ---- | C] () -- C:\Users\Kristi\Desktop\SecurityCheck.exe [2013/12/07 08:19:53 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/12/07 08:00:21 | 000,440,632 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/12/01 19:21:17 | 001,110,034 | ---- | C] () -- C:\Users\Kristi\Desktop\adwcleaner.exe [2013/11/30 00:03:06 | 002,592,133 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\Cat.DB [2013/11/29 16:40:36 | 000,020,410 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\VT20131125.019 [2013/11/23 11:40:04 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symelam64.cat [2013/11/23 11:40:04 | 000,008,067 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symnet64.cat [2013/11/23 11:40:04 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symnet.inf [2013/11/23 11:40:03 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symelam.inf [2013/11/23 11:40:01 | 000,007,587 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symefa64.cat [2013/11/23 11:40:01 | 000,003,434 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symefa.inf [2013/11/23 11:40:01 | 000,002,852 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symds.inf [2013/11/23 11:40:01 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtspx64.inf [2013/11/23 11:40:00 | 000,007,589 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtspx64.cat [2013/11/23 11:40:00 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtsp64.inf [2013/11/23 11:40:00 | 000,000,767 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\iron.inf [2013/11/23 11:39:59 | 000,007,667 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\ccsetx64.cat [2013/11/23 11:39:59 | 000,007,593 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\iron.cat [2013/11/23 11:39:59 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\ccsetx64.inf [2013/11/19 20:30:12 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symvtcer.dat [2013/11/19 20:30:11 | 000,008,067 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtsp64.cat [2013/11/19 20:30:11 | 000,008,063 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symds64.cat [2013/11/19 20:30:11 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\isolate.ini [2013/11/09 13:29:02 | 000,007,631 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013/11/09 13:29:02 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013/10/13 13:38:09 | 000,386,923 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013/10/12 11:27:10 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2013/10/05 10:15:31 | 000,003,048 | ---- | C] () -- C:\{FB5AB9CF-6D9A-49B1-A57A-D2E84CF0D81F} [2013/10/03 18:31:56 | 000,001,944 | ---- | C] () -- C:\{49520342-26FB-4328-AD4B-9740EF266BC5} [2013/09/26 21:20:39 | 000,604,776 | ---- | C] () -- C:\{D8814319-CB44-4C1A-82E6-A81E77EB56F8} [2013/09/26 18:51:40 | 000,003,736 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml [2013/08/05 12:52:49 | 000,001,231 | ---- | C] () -- C:\Users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk [2013/08/05 12:28:13 | 000,001,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013/08/05 12:26:34 | 000,000,258 | RHS- | C] () -- C:\Users\Kristi\ntuser.pol [2013/08/02 19:15:47 | 000,001,143 | R--- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk [2013/04/15 06:02:04 | 000,013,973 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat [2013/03/24 12:26:10 | 000,002,254 | ---- | C] () -- C:\Users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk [2013/01/13 15:54:37 | 000,001,783 | ---- | C] () -- C:\Users\Kristi\Desktop\iTunes.lnk [2013/01/13 15:43:17 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012/08/17 17:11:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012/08/03 15:40:09 | 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/08/02 01:53:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/08/02 01:53:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/07/26 01:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012/07/26 01:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012/07/26 00:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012/07/25 18:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012/07/25 13:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012/07/25 13:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012/07/25 13:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2012/07/25 13:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2012/07/25 13:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2012/06/02 07:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== ZeroAccess Check ========== [2012/08/17 17:26:03 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/08/01 23:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/08/01 22:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 20:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/08/05 12:52:13 | 000,000,000 | ---D | M] -- C:\Users\Kristi\AppData\Roaming\OpenOffice.org [2013/05/19 10:12:09 | 000,000,000 | ---D | M] -- C:\Users\Kristi\AppData\Roaming\PCHC [2012/11/22 23:37:38 | 000,000,000 | ---D | M] -- C:\Users\Kristi\AppData\Roaming\Synaptics [2012/11/24 20:39:43 | 000,000,000 | ---D | M] -- C:\Users\Kristi\AppData\Roaming\WildTangent ========== Purity Check ========== < End of report >
  5. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume2 Install Date: 11/22/2012 11:34:29 PM System Uptime: 12/7/2013 9:05:01 AM (1 hours ago) . Motherboard: Hewlett-Packard | | 169A Processor: AMD C-60 APU with Radeon HD Graphics | Socket FT1 | 1000/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 276 GiB total, 223.98 GiB free. D: is FIXED (NTFS) - 21 GiB total, 2.618 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP46: 11/1/2013 11:21:40 PM - Scheduled Checkpoint RP47: 11/29/2013 8:38:00 PM - Windows Update RP48: 12/1/2013 7:18:18 PM - restore point . ==== Installed Programs ====================== . 4 Elements II Adobe Shockwave Player 11.6 AMD APP SDK Runtime AMD Catalyst Install Manager AMD Fuel AMD VISION Engine Control Center Apple Application Support Apple Mobile Device Support Apple Software Update Bejeweled 3 Bloggie Software Bonjour Build-a-lot 4 - Power Source Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CenturyLink Installer Chuzzle Deluxe Cradle Of Egypt Collector's Edition Cradle of Rome 2 CyberLink LabelPrint CyberLink Media Suite 10 CyberLink Power2Go 8 CyberLink PowerDVD CyberLink YouCam D3DX10 Define Ext Energy Star Farm Frenzy FATE: The Cursed King Final Drive Fury Flash Player Pro V5.4 FlatOut 2 Governor of Poker 2 Premium Edition Hewlett-Packard ACLM.NET v1.2.0.0 Hoyle Card Games HP Customer Experience Enhancements HP Documentation HP Games HP MyRoom HP Postscript Converter HP Quick Launch HP Recovery Manager HP Registration Service HP Software Framework HP Support Assistant HP Utility Center HP Wireless Button Driver IDT Audio iTunes Jewel Match 3 John Deere Drive Green Logitech Harmony Remote Software (x86) Luxor Evolved Mahjongg Dimensions Deluxe: Tiles in Time Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Application Error Reporting Microsoft Office 365 Home Premium - en-us Microsoft Silverlight Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Mortimer Beckett and the Crimson Thief Premium Edition Mozilla Firefox 24.0 (x86 en-US) Mozilla Maintenance Service MSVCRT Mystery P.I. - Curious Case of Counterfeit Cove Norton AntiVirus Office 15 Click-to-Run Extensibility Component Office 15 Click-to-Run Licensing Component Office 15 Click-to-Run Localization Component OpenOffice.org 3.1 Peggle Nights Penguins! Polar Bowler Polar Golfer Ralink RT5390R 802.11bgn Wi-Fi Adapter Realtek Ethernet Controller Driver Realtek PCIE Card Reader Roads of Rome 3 swMSM Synaptics Pointing Device Driver Tales of Lagoona Update Installer for WildTangent Games App Vacation Questâ„¢ - Australia WildTangent Games WildTangent Games App Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Language Selector Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 12/7/2013 9:04:28 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpqwmiex service. . ==== End Of File ===========================
  6. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537 Run by Kristi at 10:13:04 on 2013-12-07 Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.1634.262 [GMT -7:00] . AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton AntiVirus Online *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\dwm.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Windows\system32\svchost.exe -k apphost C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Windows\system32\dashost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskhostex.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\Explorer.EXE C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe C:\Windows\System32\RuntimeBroker.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe C:\Windows\splwow64.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\20.4.0.40\ips\ipsbho.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [CenturyLinkTouchPointAgent] "C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe" /autostart StartupFolder: C:\Users\Kristi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\BLOGGI~1.LNK - C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll TCP: NameServer = 192.168.0.1 205.171.2.25 TCP: Interfaces\{5B7748B5-31C3-4314-B72F-B1B0C736B8FC} : DHCPNameServer = 192.168.0.1 205.171.2.25 TCP: Interfaces\{5B7748B5-31C3-4314-B72F-B1B0C736B8FC}\3456E647572797C496E6B693032313 : DHCPNameServer = 192.168.0.1 205.171.2.25 Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\8cd4ocyk.default\ FF - plugin: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll FF - ExtSQL: 2013-11-29 16:40; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFF . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-7-23 79528] R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-7-23 26280] R0 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\NAVx64\1404000.028\symds64.sys [2013-11-23 493656] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\NAVx64\1404000.028\symefa64.sys [2013-11-23 1139800] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [2013-12-3 1526488] R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\Drivers\NAVx64\1404000.028\ccsetx64.sys [2013-11-23 169048] R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-9-14 92536] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20131206.001\IDSviA64.sys [2013-12-7 521816] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\NAVx64\1404000.028\ironx64.sys [2013-11-23 224416] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NAVx64\1404000.028\symnets.sys [2013-11-23 433752] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-2 239616] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-9-14 2451456] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-7 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-7 701512] R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe [2013-11-19 144368] R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-3-24 1907896] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-1 137648] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-12-7 25928] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2013-4-15 2482960] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2012-9-14 339600] R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-9-14 683664] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2012-9-14 57000] R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288] R3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2012-11-25 23552] S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\NAVx64\1404000.028\symelam.sys [2013-11-23 23448] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-9-14 41272] S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-14 43832] . =============== File Associations =============== . FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice] . =============== Created Last 30 ================ . 2013-12-07 15:20:04 -------- d-----w- C:\Users\Kristi\AppData\Roaming\Malwarebytes 2013-12-07 15:19:51 -------- d-----w- C:\ProgramData\Malwarebytes 2013-12-07 15:19:49 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-12-07 15:19:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-07 15:19:08 -------- d-----w- C:\Users\Kristi\AppData\Local\Programs 2013-12-02 04:20:19 -------- d-----w- C:\Windows\ERUNT 2013-12-02 03:08:26 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-02 03:08:24 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-12-02 02:22:51 -------- d-----w- C:\AdwCleaner 2013-11-30 02:07:55 1300992 ----a-w- C:\Windows\System32\gdi32.dll 2013-11-30 02:07:54 1022976 ----a-w- C:\Windows\SysWow64\gdi32.dll 2013-11-30 02:07:41 1890816 ----a-w- C:\Windows\System32\crypt32.dll 2013-11-30 02:07:41 1569280 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-11-30 02:07:19 576512 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-11-30 02:07:16 1160192 ----a-w- C:\Windows\System32\IKEEXT.DLL 2013-11-30 02:07:15 96600 ----a-w- C:\Windows\System32\drivers\wfplwfs.sys 2013-11-30 02:07:15 723968 ----a-w- C:\Windows\System32\BFE.DLL 2013-11-30 02:07:13 2062848 ----a-w- C:\Windows\System32\d3d11.dll 2013-11-30 02:07:12 1711616 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-11-30 02:07:10 419328 ----a-w- C:\Windows\System32\schannel.dll 2013-11-30 02:07:10 323072 ----a-w- C:\Windows\SysWow64\schannel.dll 2013-11-30 02:04:48 2304512 ----a-w- C:\Windows\System32\authui.dll 2013-11-30 02:04:48 2035712 ----a-w- C:\Windows\SysWow64\authui.dll 2013-11-23 18:40:04 433752 ----a-w- C:\Windows\System32\drivers\NAVx64\1404000.028\symnets.sys 2013-11-23 18:40:04 23448 ----a-r- C:\Windows\System32\drivers\NAVx64\1404000.028\symelam.sys 2013-11-23 18:40:01 493656 ----a-w- C:\Windows\System32\drivers\NAVx64\1404000.028\symds64.sys 2013-11-23 18:40:01 36952 ----a-w- C:\Windows\System32\drivers\NAVx64\1404000.028\srtspx64.sys 2013-11-23 18:40:01 1139800 ----a-w- C:\Windows\System32\drivers\NAVx64\1404000.028\symefa64.sys 2013-11-23 18:40:00 796760 ----a-w- C:\Windows\System32\drivers\NAVx64\1404000.028\srtsp64.sys 2013-11-23 18:40:00 224416 ----a-w- C:\Windows\System32\drivers\NAVx64\1404000.028\ironx64.sys 2013-11-23 18:39:59 169048 ----a-w- C:\Windows\System32\drivers\NAVx64\1404000.028\ccsetx64.sys 2013-11-20 03:30:11 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1404000.028 2013-11-09 23:36:35 -------- d-----w- C:\Users\Kristi\AppData\Local\NPE 2013-11-09 20:29:02 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS 2013-11-09 20:29:02 -------- d-----w- C:\Program Files\Common Files\Symantec Shared 2013-11-09 20:27:40 -------- d-----w- C:\Windows\System32\drivers\NAVx64 . ==================== Find3M ==================== . 2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll 2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll 2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-09-13 22:36:37 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe 2013-09-13 22:36:23 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll 2013-09-13 22:36:23 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll 2013-09-13 22:36:14 247296 ----a-w- C:\Windows\SysWow64\ubpm.dll 2013-09-13 22:34:14 40448 ----a-w- C:\Windows\System32\wuapp.exe 2013-09-13 22:33:55 252928 ----a-w- C:\Windows\System32\WUSettingsProvider.dll 2013-09-13 22:33:55 142848 ----a-w- C:\Windows\System32\wuwebv.dll 2013-09-13 22:33:54 99328 ----a-w- C:\Windows\System32\wudriver.dll 2013-09-13 22:33:54 1622016 ----a-w- C:\Windows\System32\wucltux.dll 2013-09-13 22:33:42 328192 ----a-w- C:\Windows\System32\ubpm.dll 2013-09-13 22:33:39 175104 ----a-w- C:\Windows\System32\storewuauth.dll . ============= FINISH: 10:15:10.17 ===============
  7. Results of screen317's Security Check version 0.99.77 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender Norton AntiVirus Online WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Mozilla Firefox 24.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Norton AntiVirus Norton AntiVirus Engine 20.4.0.40\ccSvcHst.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````
  8. Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.07.04 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16736 Kristi :: JENSEN [administrator] Protection: Enabled 12/7/2013 8:50:28 AM mbam-log-2013-12-07 (08-50-28).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 209144 Time elapsed: 10 minute(s), 48 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 14 C:\Users\Kristi\AppData\Local\Temp\5EF2F933-BAB0-7891-B8E1-EA8BC25F9AAB\Setup.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. C:\Users\Kristi\AppData\Local\Temp\5EF2F933-BAB0-7891-B8E1-EA8BC25F9AAB\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. C:\Users\Kristi\AppData\Local\Temp\5EF2F933-BAB0-7891-B8E1-EA8BC25F9AAB\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. C:\Users\Kristi\AppData\Local\Temp\5EF2F933-BAB0-7891-B8E1-EA8BC25F9AAB\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully. C:\Users\Kristi\AppData\Local\Temp\5EF2F933-BAB0-7891-B8E1-EA8BC25F9AAB\Latest\ccp.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. C:\Users\Kristi\AppData\Local\Temp\5EF2F933-BAB0-7891-B8E1-EA8BC25F9AAB\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. C:\Users\Kristi\AppData\Local\Temp\5EF2F933-BAB0-7891-B8E1-EA8BC25F9AAB\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. C:\Users\Kristi\AppData\Local\Temp\5EF2F933-BAB0-7891-B8E1-EA8BC25F9AAB\Latest\MyDeltaTB.exe (PUP.Optional.Delta.A) -> Quarantined and deleted successfully. C:\Users\Kristi\AppData\Local\Temp\5EF2F933-BAB0-7891-B8E1-EA8BC25F9AAB\Latest\NTRedirect.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. C:\Users\Kristi\AppData\Local\Temp\5EF2F933-BAB0-7891-B8E1-EA8BC25F9AAB\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. C:\Users\Kristi\AppData\Local\Temp\is1275519350\DefaultTabSetup.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully. C:\Users\Kristi\AppData\Local\Temp\is1275519350\DeltaTB.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. C:\Users\Kristi\AppData\Local\Temp\is1275519350\safe-saver.exe (PUP.Optional.CrossRider) -> Quarantined and deleted successfully. C:\Users\Kristi\AppData\Local\Temp\is1275519350\wajam_validate.exe (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully. (end)
  9. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.8 (11.05.2013:1) OS: Windows 8 x64 Ran by Kristi on Sun 12/01/2013 at 21:20:33.13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-731434280-73576831-2629088662-1002\Software\sweetim Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3DFDE1BC-B865-4085-8FEC-BC7E80203BB5} ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]" Successfully deleted: [Folder] C:\Users\Kristi\AppData\Roaming\mozilla\firefox\profiles\8cd4ocyk.default\extensions\[email protected] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 12/01/2013 at 21:46:49.10 End of JRT log
  10. # AdwCleaner v3.014 - Report created 01/12/2013 at 19:28:50 # Updated 01/12/2013 by Xplode # Operating System : Windows 8 (64 bits) # Username : Kristi - JENSEN # Running from : C:\Users\Kristi\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** Service Deleted : DefaultTabUpdate ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\Iminent Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar Folder Deleted : C:\Program Files (x86)\Iminent Folder Deleted : C:\Program Files (x86)\Movdap Folder Deleted : C:\Program Files (x86)\LyricsParty-1 Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search Folder Deleted : C:\Users\Kristi\AppData\Local\AVG SafeGuard toolbar Folder Deleted : C:\Users\Kristi\AppData\Local\DefineExt Folder Deleted : C:\Users\Kristi\AppData\Local\Temp\AirInstaller Folder Deleted : C:\Users\Kristi\AppData\Local\Temp\Iminent Folder Deleted : C:\Users\Kristi\AppData\LocalLow\AVG SafeGuard toolbar Folder Deleted : C:\Users\Kristi\AppData\Roaming\BabSolution Folder Deleted : C:\Users\Kristi\AppData\Roaming\Babylon Folder Deleted : C:\Users\Kristi\AppData\Roaming\DefaultTab Folder Deleted : C:\Users\Kristi\AppData\Roaming\Iminent Folder Deleted : C:\Users\Kristi\AppData\Roaming\Movdap Folder Deleted : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\8cd4ocyk.default\Extensions\[email protected]bf2f1ac42.com File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\StartWeb.xml File Deleted : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\8cd4ocyk.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1 Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS Key Deleted : HKLM\SOFTWARE\968bd9b738e917 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKCU\Software\BabSolution Key Deleted : HKCU\Software\DataMngr [#] Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Default Tab Key Deleted : HKCU\Software\DefaultTab Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\Default Tab Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16537 -\\ Mozilla Firefox v24.0 (en-US) [ File : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\8cd4ocyk.default\prefs.js ] Line Deleted : user_pref("browser.search.order.1", "Delta Search"); Line Deleted : user_pref("browser.search.selectedEngine", "Delta Search"); ************************* AdwCleaner[R0].txt - [7588 octets] - [01/12/2013 19:23:26] AdwCleaner[s0].txt - [7087 octets] - [01/12/2013 19:28:50] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7147 octets] ##########
  11. Not sure what all is not good, my daughter tried to download the generic Office, and said her computer isn't working correctly now.
  12. All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922\ not found. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found. Registry value HKEY_USERS\S-1-5-21-1659877409-1044070501-2002214681-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Conime not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect not found. Registry value HKEY_USERS\S-1-5-21-1659877409-1044070501-2002214681-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge not found. Registry value HKEY_USERS\S-1-5-21-1659877409-1044070501-2002214681-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON WorkForce 30 Series not found. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ not found. File Protocol\Handler\ipp - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\0x00000001\ not found. File Protocol\Handler\ipp\0x00000001 - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ not found. File Protocol\Handler\msdaipp - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found. File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found. File Protocol\Handler\msdaipp\oledb - No CLSID value found not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Chris\Desktop\cmd.bat deleted successfully. C:\Users\Chris\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: Administrator User: All Users User: Chris User: Default User: Default User User: Public User: UpdatusUser Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: Administrator ->Flash cache emptied: 598 bytes User: All Users User: Chris ->Flash cache emptied: 1022 bytes User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: Administrator ->Temp folder emptied: 33851 bytes ->Temporary Internet Files folder emptied: 6945925 bytes ->Flash cache emptied: 0 bytes User: All Users User: Chris ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 106658044 bytes ->Flash cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 47859 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 174262 bytes Total Files Cleaned = 109.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 11072013_203818 Files\Folders moved on Reboot... C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\12[1].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\ads[1].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\ads[2].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\aiCA1QYP73.htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\aiCA1WDUAV.htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\aiCA9MWIGD.htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\aiCAB9RC3Q.htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\aiCADSXXF4.htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\aiCAIRU1SU.htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\aiCAKS90L2.htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\aiCATSJYUO.htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\ai[11].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OV97IEQD\page-2[1].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8NIO37AQ\ai[10].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8NIO37AQ\ai[11].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8NIO37AQ\ai[8].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8NIO37AQ\ai[9].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8NIO37AQ\postmessageRelay[1].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8NIO37AQ\zrt_lookup[1].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\89HTIHFH\aiCAATP3YM.htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\89HTIHFH\aiCAZJJV2N.htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\89HTIHFH\ai[11].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\89HTIHFH\fastbutton[1].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\89HTIHFH\xd_arbiter[1].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\89HTIHFH\xd_arbiter[2].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\59QVBEZ2\2q6dNtNfG1YHziVjQ1hUSA[1].woff moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\59QVBEZ2\sNpRL69iYnSa-pHm90cZTA[1].woff moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\466KNG8Y\aiCA4URQWD.htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\466KNG8Y\aiCARZN6FA.htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\466KNG8Y\aiCAS7SV9S.htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\466KNG8Y\aiCAWRGNAZ.htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\466KNG8Y\facebook_com[1].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\466KNG8Y\like[2].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\28YFTQCG\VBbzpp2k5li[1].mp3 moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  13. OTL Extras logfile created on: 11/6/2013 7:59:35 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.75 Gb Total Physical Memory | 5.79 Gb Available Physical Memory | 74.66% Memory free 15.50 Gb Paging File | 13.47 Gb Available in Paging File | 86.90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 913.84 Gb Total Space | 745.24 Gb Free Space | 81.55% Space Free | Partition Type: NTFS Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDBrowse] -- "C:\PROGRA~2\ACDSYS~1\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.) Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDBrowse] -- "C:\PROGRA~2\ACDSYS~1\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.) Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 1 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 1 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 1 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0263F5A4-066E-446C-BCF6-81DAEB511529}" = lport=9948 | protocol=6 | dir=in | name=bitcomet 9948 tcp | "{1338B448-9584-4865-A529-77C4EDB81AEB}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | "{22A98113-4C79-4FFB-AD4B-472542F3F348}" = lport=139 | protocol=6 | dir=in | app=system | "{256359A0-20B3-40F1-B1A3-09251D58521F}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe | "{2CCB7376-6E3B-4AE5-8F7D-1A8D5FE596A2}" = rport=445 | protocol=6 | dir=out | app=system | "{31340FBF-564D-4F50-BF9D-CE59BA33FF9E}" = rport=10243 | protocol=6 | dir=out | app=system | "{3C640939-9BBE-43B1-AAD4-9BFCDDC9C3E4}" = rport=138 | protocol=17 | dir=out | app=system | "{4598C4E8-CE46-46AD-9047-996D849D130E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{477D3B3D-813B-4EAB-BC71-34F43B3861E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{537930F8-46DF-4163-9824-38580CDF39A9}" = lport=9948 | protocol=17 | dir=in | name=bitcomet 9948 udp | "{5EC773AC-D50F-4A55-8507-F1E548A0E07D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{60B3736B-F1C1-4F7B-9151-CA937983101B}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | "{6142C676-32AA-411F-8294-91C7EE6E119A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{65A4ADB6-8746-46D6-B685-80CE9F5CF80E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{696A6073-BA18-4697-9A7A-723CD90F9E42}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6DF8F2DC-4B24-45D9-A66C-2AB7170BD3AE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6F30700D-4D8A-46F7-B47C-105A72301B5F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8966649D-BF1B-4064-BD4D-31BD0D65C880}" = rport=137 | protocol=17 | dir=out | app=system | "{91ED04E6-4A72-4AD8-8529-C10141021974}" = lport=445 | protocol=6 | dir=in | app=system | "{9511AD1F-A4DB-46A0-AB89-8CF5AA175576}" = lport=137 | protocol=17 | dir=in | app=system | "{9BD3D0E3-5C50-4598-9EE1-544FE34FE172}" = rport=139 | protocol=6 | dir=out | app=system | "{ABA57B80-EBF9-4C73-8C91-2E6411D2228B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{AD3A8C07-AE05-4299-89D8-E6F77415B93B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ADC08A0B-1164-449B-B6C5-F77E8CE6C02C}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | "{B1EB61F1-E109-4B4B-8C8C-E3F7626A1394}" = lport=10243 | protocol=6 | dir=in | app=system | "{C1077D54-12B4-4DCC-897A-492E6F5BC4F6}" = lport=2869 | protocol=6 | dir=in | app=system | "{CE84891F-37E8-42AB-9F92-C3444832D074}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D320F822-844A-4425-A926-B05D8ECDAE94}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E08659AE-CEC8-44A3-AB9C-272FBF8C63CC}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe | "{ECA3D0E8-0B24-44A0-8151-B4F67D765A20}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{027E84AD-C48E-4806-BD49-1918AAF76089}" = protocol=6 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwida.exe | "{033CF974-FC9F-4334-AD9A-3F5DC69E3582}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0616E7C3-B62B-4E66-993D-7835134CEC3C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{077DAA4D-4192-4CC4-B84D-09DCAD10BD74}" = protocol=17 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwida.exe | "{07E7A5CB-5944-44A0-9EBD-C859E4DB16FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{0B5730B8-EC59-466D-A79D-FC8635A2984E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0C87F825-DB70-42BD-B3A6-060F046388CD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{0EF9D254-C114-4AA9-B87E-D4074F21D39F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1A2B5163-9AA6-4E05-8BFB-213F4AB97D4C}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{1A44CB02-3280-4002-B455-C1FAAC09E359}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1C452AC3-FD69-4895-AF42-2C7980677BC4}" = protocol=17 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwism.exe | "{1FAE9523-7125-434F-BAD6-B990EE83C1C8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{234BFFA3-0E88-473F-901A-909E2531F090}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe | "{35853AF4-0E0C-46FE-B9BB-46F277A7637A}" = protocol=58 | dir=in | app=system | "{3CD2EADE-0D02-44AD-8CC9-F47687A39F2E}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe | "{40F62F5A-0EEC-4B47-9C3D-6ED67BFF50C5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{42F38AC4-1C8E-4935-BF43-253772B8CEB1}" = protocol=1 | dir=in | [email protected],-28543 | "{43E7D67F-AA90-4A24-B575-BC0EB7F16BAC}" = protocol=1 | dir=out | [email protected],-28544 | "{4D88ADFC-543F-42BC-B781-1FD4BC1E84E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4FD3CF08-2552-49CF-A93D-C29DED23A5D1}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{52A463DA-17BD-4197-A30A-762BD88AB8FB}" = protocol=6 | dir=in | app=c:\program files\canon\imageprografstatusmonitor\cnwism.exe | "{55B0DBCA-3360-44D2-A13B-5034A52DBA97}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomet\bitcomet.exe | "{5A2D046D-6A43-4ED6-B11B-E7BADC7ECC87}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "{5FAED20F-9CC8-4CAF-8E04-198397994342}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{61AC5CF2-0EFB-49AC-9EBD-E63470A2A97D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{674B288B-B6E1-4D55-89D5-3903953E3910}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | "{6980B2FD-2A56-4D17-9A1B-5E67B7FB76A6}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{69BDCBCE-E2CD-41EA-8E62-65FCC83F9CD1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | "{7157C1DE-12FA-4C25-9C2A-AB1FEAEA9A04}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | "{744A3719-A9A1-4B3F-B1B8-3F706AE10C82}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{7764D3B1-B939-4081-A76A-E2C4E2101225}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\clmlsvc.exe | "{7BA83E5C-D421-4039-8110-2C10FC4B8F15}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{7DDB5964-8D41-49DF-832A-E8F98D963E2D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | "{8008F2D7-D2F1-4A21-9087-08F3CB81ABB8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{8101F437-97E3-43E5-8FD4-294F87366901}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8E5B79BE-C9D1-4EB3-87CC-44A8CE35FBAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8E9DB9D0-8CDC-47A4-B01E-2F5AEF7DEA6D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{9083C5BB-24EB-4109-AC3F-AE4905BCC82E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | "{910212B0-F712-41F2-B293-71544C1E04BA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{9313BD31-2B2C-4FCC-B565-C0E0E2269FFB}" = protocol=58 | dir=out | [email protected],-503 | "{96E1379E-A4BE-4A4D-BE5E-5BBD6513B210}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | "{978B1C6F-AFB1-482B-85F3-344BA04E8DF3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{993CC130-5B23-4A1A-BDAD-7EEDE2D12A27}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | "{9A75BDD3-0008-41F1-AD5F-16C2A9E85868}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A4E6033E-FD39-4B58-92CC-526F186D2EB8}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe | "{A855E219-8F36-4548-9F5D-8FF0F5A86140}" = protocol=6 | dir=out | app=system | "{A8DD326E-6327-4A9D-8E98-02264558D269}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\arcadedeluxeagent.exe | "{AEE9C64A-990D-4F42-AC1E-294F0D9B3DD2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | "{B76303DA-A626-4FA0-9035-FB73B813F320}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{BAC06B63-486A-4BF7-956A-E482D27C6272}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BD22FF84-5FE3-4B92-968D-81A26CCC81A3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{C3A557B6-0D92-458D-9E46-EEE8BA4CD55E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C5468079-87E4-43AD-92F6-EF98C25E2F3E}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | "{C5720CF1-94A5-49CA-BE4E-6ADAC9A60105}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{CADE649F-FC8B-4F52-948A-896EF14C4CDF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | "{D678AF46-99C8-47B9-A1A2-A6540A5A6881}" = protocol=58 | dir=in | [email protected],-28545 | "{DB7FB793-2C55-4DAF-81D7-584E83C83366}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E5BA9490-1C9B-4E90-BA6F-450D36998DEF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{E5BDB54C-D056-41E3-A964-966E4DF383A3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{E8CB8650-2AAE-44C1-867B-156B4D9569BC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | "{E94E1A2D-F234-4FD4-9CE9-BB664DA3C095}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{EA2AE888-1262-4A9F-89E7-3B35B0A1C2ED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | "{EF430E01-0C9C-44B1-B78D-B873BEF7A035}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{FBBEA0E1-D2AE-429E-BCDB-2ED98FEC6624}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FF0C85A1-9292-45B4-807D-9AC892EC5377}" = protocol=58 | dir=out | [email protected],-28546 | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS) "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL) "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR) "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS) "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR) "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE) "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL) "{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN) "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND) "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT) "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN) "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN) "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN) "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CANONLPESP100" = Canon Large Format Printer Extended Survey Program "EPSON WorkForce 30 Series" = EPSON WorkForce 30 Series Printer Uninstall "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Drivers" = NVIDIA Drivers "Recuva" = Recuva "Shop for HP Supplies" = Shop for HP Supplies "VueScan" = VueScan "Zune" = Zune [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0BE576BC-49F3-4F3F-89AB-0E2ABF35122F}" = Canon iPF8300 Print Plug-In for Photoshop CS5 x64 "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan "{13273B8A-E750-4FD4-B6E0-AFC689FCF283}" = iPF8300 Media Configuration Tool "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{174126E2-5F05-41BD-A377-FAA44C15EC71}" = CarveWright System "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{22E23DF0-7FAE-4DA2-9DA2-45B984AA742C}_is1" = CenturyLink QuickAssist Desktop Tools "{256595b8-8ce7-4e31-8e8b-9923ba7c4e80}_is1" = Media converter "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{384E10CC-9455-40BC-B79C-0708C1D42302}" = Canon PosterArtist Lite "{3C873221-12B9-475D-8DCB-62D0B2179AF9}" = USB2.0 ATV "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{66392B7C-C522-450D-97B7-B3E41E170C3B}" = imagePROGRAF Status Monitor "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{729E16B3-1B80-4F3F-8D19-342A89631E0A}_is1" = Media converter "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset "{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print "{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1 "{91D27E68-979D-450F-82CC-418C5267C43E}" = Canon iPF8300 Print Plug-In for Photoshop CS5 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth "{982AC07C-985C-42D8-990E-2EEF443D53CE}" = ArcSoft MediaImpression "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software "{A4B68C10-AEF9-4068-8CB5-216963AFC86C}" = Light Source Check Tool "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B67A83A0-DBE5-482E-8437-5E0AD6D0EF1D}" = Canon iPF8300 User Manual "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie "{BCE2ED29-2E42-4481-8071-5D3E9FD270EE}" = MAX Console "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C5B66421-3963-4ACD-9074-2648A4741033}" = Nero 7 Essentials "{C96FF998-45BD-411E-9253-B7F2660FE280}" = Qwest Installer "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq "{DB3A97C0-EEC1-43FE-AB56-E2EA972CF111}" = 1600 "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365 "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper "{EA79DC46-98B0-4A26-A76F-448A032E5E4D}" = 1600Trb "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper "{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FEA5A8ED-93A1-44EE-9A7D-43103DB3F78D}" = 1600_Help "{FF484104-ECC5-499C-9B12-D0F8178A16A5}" = ScanExpress A3 USB 2400 Pro V1.2 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 4.65 "ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint "ACDSee" = ACDSee "Acer Game Console" = Acer Game Console "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Applian Director2.1" = Applian Director "ArcSoft Camera Suite" = ArcSoft Camera Suite "Audiograbber" = Audiograbber 1.83 SE "Audiograbber-Lame" = Audiograbber MP3 Plugin "BN_DesktopReader" = NOOK for PC "Cfont Pro_is1" = Cfont Pro v4 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows "ExpressRip" = Express Rip "Flash Player Pro_is1" = Flash Player Pro V5.4 "FutureMatDesigner" = FutureMatDesigner "Hotkey Utility" = Hotkey Utility "Hoyle Card Games 5" = Hoyle Card Games 5 "Identity Card" = Identity Card "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "InstallShield_{BCE2ED29-2E42-4481-8071-5D3E9FD270EE}" = MAX Console "InstallShield_{FF484104-ECC5-499C-9B12-D0F8178A16A5}" = ScanExpress A3 USB 2400 Pro V1.2 "Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.1 "MagicISO v5.5_is1" = MagicISO v5.5 (build 0274) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "M-Minder_is1" = M-Minder 3.1 "NAV" = Norton AntiVirus "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Pinochle_is1" = Pinochle 4.14 "Replay Video Capture3.1B" = Replay Video Capture "Replay Video Capture4.2" = Replay Video Capture "Silent Package Run-Time Sample" = WorkForce 30 Series Info Center "Spyder4Elite" = Spyder4Elite "TurboTax 2011" = TurboTax 2011 "TurboTax 2012" = TurboTax 2012 "WF30IQ" = PowerDriver IQ WF30 "WildTangent acer Master Uninstall" = Acer Games "WT088295" = Agatha Christie - Death on the Nile "WT088300" = Bejeweled 2 Deluxe "WT088310" = Build-a-lot 2 "WT088312" = Chuzzle Deluxe "WT088318" = Diner Dash 2 Restaurant Rescue "WT088350" = Jewel Quest Solitaire 2 "WT088364" = Plants vs. Zombies "WT088373" = Blackhawk Striker 2 "WT088393" = Dora's Carnival Adventure "WT088413" = FATE "WT088445" = John Deere Drive Green "WT088449" = Penguins! "WT088453" = Polar Bowler "WT088457" = Polar Golfer "WT088517" = Zuma's Revenge "WT088553" = Virtual Villagers 4 - The Tree of Life "WT088649" = 18 Wheels of Steel - American Long Haul "WT088653" = Jewel Quest - Heritage "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Mail" = Yahoo! Internet Mail "Yahoo! Mail Advisor" = Yahoo! Mail Advisor "Yahoo! Software Update" = Yahoo! Software Update "YInstHelper" = Yahoo! Install Manager ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1659877409-1044070501-2002214681-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GoToMeeting" = GoToMeeting 5.1.0.880 ========== Last 20 Event Log Errors ========== [ System Events ] Error - 11/5/2013 9:50:46 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7038 Description = The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 11/5/2013 9:50:46 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000 Description = The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error - 11/6/2013 9:43:50 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000 Description = The PDIHWCTL service failed to start due to the following error: %%2 Error - 11/6/2013 9:46:13 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7038 Description = The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 11/6/2013 9:46:13 AM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000 Description = The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error - 11/6/2013 2:16:19 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7034 Description = The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s). Error - 11/6/2013 2:17:59 PM | Computer Name = Chris-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 11/6/2013 4:01:27 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000 Description = The PDIHWCTL service failed to start due to the following error: %%2 Error - 11/6/2013 4:04:19 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7038 Description = The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 11/6/2013 4:04:19 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000 Description = The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 < End of report >
  14. All processes killed Error: Unable to interpret <:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context! Error: Unable to interpret <IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox> in the current context! Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope => in the current context! Error: Unable to interpret <IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC> in the current context! Error: Unable to interpret <IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope => in the current context! Error: Unable to interpret <IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope => in the current context! Error: Unable to interpret <IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope => in the current context! Error: Unable to interpret <IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope => in the current context! Error: Unable to interpret <FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found> in the current context! Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found> in the current context! Error: Unable to interpret <O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context! Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context! Error: Unable to interpret <O3 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found> in the current context! Error: Unable to interpret <O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found> in the current context! Error: Unable to interpret <O4 - HKU\.DEFAULT..\Run: [searchProtect] \SearchProtect\bin\cltmng.exe File not found> in the current context! Error: Unable to interpret <O4 - HKU\S-1-5-18..\Run: [searchProtect] \SearchProtect\bin\cltmng.exe File not found> in the current context! Error: Unable to interpret <O4 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001..\Run: [AdobeBridge] File not found> in the current context! Error: Unable to interpret <O4 - HKU\S-1-5-21-1659877409-1044070501-2002214681-1001..\Run: [EPSON WorkForce 30 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Windows\TEMP\E_S386E.tmp" /EF "HKCU" File not found> in the current context! Error: Unable to interpret <O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context! Error: Unable to interpret <O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found> in the current context! Error: Unable to interpret <O1364bit: - gopher Prefix: missing> in the current context! Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context! Error: Unable to interpret <O18:64bit: - Protocol\Handler\ipp - No CLSID value found> in the current context! Error: Unable to interpret <O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found> in the current context! Error: Unable to interpret <O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found> in the current context! Error: Unable to interpret <O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found> in the current context! Error: Unable to interpret <O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found> in the current context! Error: Unable to interpret <O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context! Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.> in the current context! ========== COMMANDS ========== [EMPTYJAVA] User: Administrator User: All Users User: Chris User: Default User: Default User User: Public User: UpdatusUser Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: Administrator ->Flash cache emptied: 56579 bytes User: All Users User: Chris ->Flash cache emptied: 57422 bytes User: Default ->Flash cache emptied: 56475 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser ->Flash cache emptied: 56475 bytes Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: Administrator ->Temp folder emptied: 57361 bytes ->Temporary Internet Files folder emptied: 35618 bytes ->Flash cache emptied: 0 bytes User: All Users User: Chris ->Temp folder emptied: 1718 bytes ->Temporary Internet Files folder emptied: 135063266 bytes ->Flash cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 788596175 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes RecycleBin emptied: 36422215910 bytes Total Files Cleaned = 35,616.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 11062013_111619 Files\Folders moved on Reboot... C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WM2ZTFGB\ads[1].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WM2ZTFGB\postmessageRelay[1].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WM2ZTFGB\xd_arbiter[1].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WM2ZTFGB\zrt_lookup[1].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UMJ94ZW2\34434-slow-start-up[1].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FJ3OTI6K\si[1].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZKIAPBT\like[1].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZKIAPBT\xd_arbiter[1].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3UQ0WNOF\fastbutton[1].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\29Y4NO7G\ads[1].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\29Y4NO7G\si[1].htm moved successfully. C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...