Sign in to follow this  
Followers 0
woodshopfun

virus infected daughter's computer

28 posts in this topic

Not sure what all is not good, my daughter tried to download the generic Office, and said her computer isn't working correctly now.

Share this post


Link to post
Share on other sites

Howdy woodshopfun and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your daughters computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  


===================================


AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the Clean button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.



NEXT

thisisujrt-1.gif
    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!


NEXT


MALWAREBYTES with Pics:

Please download Malwarebytes' Anti-Malware to your desktop.


    * Double-click  mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to  Update Malwarebytes' Anti-Malware and  Launch Malwarebytes' Anti-Malware, then click  Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select  Perform quick scan, then click Scan.

mbam-1.jpg


When the scan is complete, click  OK, then  Show Results to view the results.

scan-finished.jpg

    *  Then click  Remove Selected .
    * When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    Or via the Logs tab when the application is started.



Please don't attach the scans / logs, use "copy/paste".


Post next:
1. AdwCleaner Log
2. Junkware Removal Log
3. Malwarebytes log

 

Thanks
Chuck
 

Share this post


Link to post
Share on other sites

# AdwCleaner v3.014 - Report created 01/12/2013 at 19:28:50

# Updated 01/12/2013 by Xplode

# Operating System : Windows 8 (64 bits)

# Username : Kristi - JENSEN

# Running from : C:\Users\Kristi\Desktop\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

Service Deleted : DefaultTabUpdate

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\Iminent

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar

Folder Deleted : C:\Program Files (x86)\Iminent

Folder Deleted : C:\Program Files (x86)\Movdap

Folder Deleted : C:\Program Files (x86)\LyricsParty-1

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\Users\Kristi\AppData\Local\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Kristi\AppData\Local\DefineExt

Folder Deleted : C:\Users\Kristi\AppData\Local\Temp\AirInstaller

Folder Deleted : C:\Users\Kristi\AppData\Local\Temp\Iminent

Folder Deleted : C:\Users\Kristi\AppData\LocalLow\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Kristi\AppData\Roaming\BabSolution

Folder Deleted : C:\Users\Kristi\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Kristi\AppData\Roaming\DefaultTab

Folder Deleted : C:\Users\Kristi\AppData\Roaming\Iminent

Folder Deleted : C:\Users\Kristi\AppData\Roaming\Movdap

Folder Deleted : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\8cd4ocyk.default\Extensions\[email protected]f2f1ac42.com

File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\StartWeb.xml

File Deleted : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\8cd4ocyk.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde

Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL

Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser

Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1

Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX

Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS

Key Deleted : HKLM\SOFTWARE\968bd9b738e917

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKCU\Software\BabSolution

Key Deleted : HKCU\Software\DataMngr

[#] Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\Default Tab

Key Deleted : HKCU\Software\DefaultTab

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\Default Tab

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab

Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\8cd4ocyk.default\prefs.js ]

Line Deleted : user_pref("browser.search.order.1", "Delta Search");

Line Deleted : user_pref("browser.search.selectedEngine", "Delta Search");

*************************

AdwCleaner[R0].txt - [7588 octets] - [01/12/2013 19:23:26]

AdwCleaner[s0].txt - [7087 octets] - [01/12/2013 19:28:50]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7147 octets] ##########

Share this post


Link to post
Share on other sites

Good start woods, it should clean up pretty good when we are done !!

 

Post other logs when you get them !

 

Thanks

Chuck

Share this post


Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 x64
Ran by Kristi on Sun 12/01/2013 at 21:20:33.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-731434280-73576831-2629088662-1002\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3DFDE1BC-B865-4085-8FEC-BC7E80203BB5}

 

~~~ Files

 

~~~ Folders

 

~~~ FireFox

Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]"
Successfully deleted: [Folder] C:\Users\Kristi\AppData\Roaming\mozilla\firefox\profiles\8cd4ocyk.default\extensions\[email protected]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/01/2013 at 21:46:49.10
End of JRT log

Share this post


Link to post
Share on other sites

Woods, send the Malwarebytes log when you get time !

 

Then i need you to run these AFTER the Malwarebytes log is posted !

 

Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.

Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe

    * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    * A Notepad document should open automatically called checkup.txt
    * Please post the contents of that document in your next reply.

 

 

 

 

 

NEXT

 

 

 

 

Download DDS and save it to your Desktop.  >>> DDS


    Double click dds.scr to run the tool.
    If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
    DDS will now scan your computer.
    When the scan is complete, DDS will open two (2) logs:
        DDS.txt
        Attach.txt
    If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
    Please note it is important that you post BOTH logs in your topic.


Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.


Any problems downloading or running DDS.scr, try THIS alternate (DDS.com) version of DDS http://download.bleepingcomputer.com/sUBs/dds.com
 

 

 

 

 

NEXT

 

 

 

 

 

Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   


 

Post next:

1. Malwarebytes log

2. SecurityCheck log

3. DDS log(s)

4. OTL log

 

 

Thank Ya !

Chuck

Share this post


Link to post
Share on other sites

Woods are you still in need of help ??

 

Chuck

Share this post


Link to post
Share on other sites

No reply for 5 days ! I will close this topic, if you need it re-opened please PM me or another Mod !

 

Thanks

Chuck

Share this post


Link to post
Share on other sites

I have unlocked this by request !!!

 

Chuck

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.07.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16736
Kristi :: JENSEN [administrator]

Protection: Enabled

12/7/2013 8:50:28 AM
mbam-log-2013-12-07 (08-50-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209144
Time elapsed: 10 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 14
C:\Users\Kristi\AppData\Local\Temp\5EF2F933-BAB0-7891-B8E1-EA8BC25F9AAB\Setup.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Kristi\AppData\Local\Temp\5EF2F933-BAB0-7891-B8E1-EA8BC25F9AAB\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Kristi\AppData\Local\Temp\5EF2F933-BAB0-7891-B8E1-EA8BC25F9AAB\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Kristi\AppData\Local\Temp\5EF2F933-BAB0-7891-B8E1-EA8BC25F9AAB\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Users\Kristi\AppData\Local\Temp\5EF2F933-BAB0-7891-B8E1-EA8BC25F9AAB\Latest\ccp.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Kristi\AppData\Local\Temp\5EF2F933-BAB0-7891-B8E1-EA8BC25F9AAB\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Kristi\AppData\Local\Temp\5EF2F933-BAB0-7891-B8E1-EA8BC25F9AAB\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Kristi\AppData\Local\Temp\5EF2F933-BAB0-7891-B8E1-EA8BC25F9AAB\Latest\MyDeltaTB.exe (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Users\Kristi\AppData\Local\Temp\5EF2F933-BAB0-7891-B8E1-EA8BC25F9AAB\Latest\NTRedirect.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Kristi\AppData\Local\Temp\5EF2F933-BAB0-7891-B8E1-EA8BC25F9AAB\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Kristi\AppData\Local\Temp\is1275519350\DefaultTabSetup.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\Kristi\AppData\Local\Temp\is1275519350\DeltaTB.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Kristi\AppData\Local\Temp\is1275519350\safe-saver.exe (PUP.Optional.CrossRider) -> Quarantined and deleted successfully.
C:\Users\Kristi\AppData\Local\Temp\is1275519350\wajam_validate.exe (PUP.Optional.Wajam.A) -> Quarantined and deleted successfully.

(end)

Share this post


Link to post
Share on other sites

Thanks woods now continue with the step 6 above & post the logs !!

 

Chuck

Share this post


Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.77 
   x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Windows Defender         
Norton AntiVirus Online  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Mozilla Firefox 24.0 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Norton AntiVirus Norton AntiVirus Engine 20.4.0.40\ccSvcHst.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

Share this post


Link to post
Share on other sites

Ok, don't worry about up dating those now that's out of date we will take care of them when we are done with the cleaning !!

 

Chuck

Share this post


Link to post
Share on other sites

Yes please then continue with DDS & OTL !!

 

Chuck

Share this post


Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Kristi at 10:13:04 on 2013-12-07
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.1634.262 [GMT -7:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton AntiVirus Online *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe,
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [CenturyLinkTouchPointAgent] "C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe" /autostart
StartupFolder: C:\Users\Kristi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\BLOGGI~1.LNK - C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{5B7748B5-31C3-4314-B72F-B1B0C736B8FC} : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{5B7748B5-31C3-4314-B72F-B1B0C736B8FC}\3456E647572797C496E6B693032313 : DHCPNameServer = 192.168.0.1 205.171.2.25
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\8cd4ocyk.default\


FF - plugin: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - ExtSQL: 2013-11-29 16:40; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFF
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-7-23 79528]
R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-7-23 26280]
R0 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\NAVx64\1404000.028\symds64.sys [2013-11-23 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\NAVx64\1404000.028\symefa64.sys [2013-11-23 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [2013-12-3 1526488]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\Drivers\NAVx64\1404000.028\ccsetx64.sys [2013-11-23 169048]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-9-14 92536]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20131206.001\IDSviA64.sys [2013-12-7 521816]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\NAVx64\1404000.028\ironx64.sys [2013-11-23 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NAVx64\1404000.028\symnets.sys [2013-11-23 433752]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-2 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-9-14 2451456]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-7 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-7 701512]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe [2013-11-19 144368]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-3-24 1907896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-12-1 137648]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-12-7 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2013-4-15 2482960]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2012-9-14 339600]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-9-14 683664]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2012-9-14 57000]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288]
R3 WSDScan;WSD Scan Support;C:\Windows\System32\Drivers\WSDScan.sys [2012-11-25 23552]
S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\NAVx64\1404000.028\symelam.sys [2013-11-23 23448]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-9-14 41272]
S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-14 43832]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-12-07 15:20:04 -------- d-----w- C:\Users\Kristi\AppData\Roaming\Malwarebytes
2013-12-07 15:19:51 -------- d-----w- C:\ProgramData\Malwarebytes
2013-12-07 15:19:49 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-07 15:19:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-07 15:19:08 -------- d-----w- C:\Users\Kristi\AppData\Local\Programs
2013-12-02 04:20:19 -------- d-----w- C:\Windows\ERUNT
2013-12-02 03:08:26 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-02 03:08:24 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-02 02:22:51 -------- d-----w- C:\AdwCleaner
2013-11-30 02:07:55 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2013-11-30 02:07:54 1022976 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-11-30 02:07:41 1890816 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-30 02:07:41 1569280 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-30 02:07:19 576512 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-30 02:07:16 1160192 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-11-30 02:07:15 96600 ----a-w- C:\Windows\System32\drivers\wfplwfs.sys
2013-11-30 02:07:15 723968 ----a-w- C:\Windows\System32\BFE.DLL
2013-11-30 02:07:13 2062848 ----a-w- C:\Windows\System32\d3d11.dll
2013-11-30 02:07:12 1711616 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-11-30 02:07:10 419328 ----a-w- C:\Windows\System32\schannel.dll
2013-11-30 02:07:10 323072 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-11-30 02:04:48 2304512 ----a-w- C:\Windows\System32\authui.dll
2013-11-30 02:04:48 2035712 ----a-w- C:\Windows\SysWow64\authui.dll
2013-11-23 18:40:04 433752 ----a-w- C:\Windows\System32\drivers\NAVx64\1404000.028\symnets.sys
2013-11-23 18:40:04 23448 ----a-r- C:\Windows\System32\drivers\NAVx64\1404000.028\symelam.sys
2013-11-23 18:40:01 493656 ----a-w- C:\Windows\System32\drivers\NAVx64\1404000.028\symds64.sys
2013-11-23 18:40:01 36952 ----a-w- C:\Windows\System32\drivers\NAVx64\1404000.028\srtspx64.sys
2013-11-23 18:40:01 1139800 ----a-w- C:\Windows\System32\drivers\NAVx64\1404000.028\symefa64.sys
2013-11-23 18:40:00 796760 ----a-w- C:\Windows\System32\drivers\NAVx64\1404000.028\srtsp64.sys
2013-11-23 18:40:00 224416 ----a-w- C:\Windows\System32\drivers\NAVx64\1404000.028\ironx64.sys
2013-11-23 18:39:59 169048 ----a-w- C:\Windows\System32\drivers\NAVx64\1404000.028\ccsetx64.sys
2013-11-20 03:30:11 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1404000.028
2013-11-09 23:36:35 -------- d-----w- C:\Users\Kristi\AppData\Local\NPE
2013-11-09 20:29:02 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-11-09 20:29:02 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2013-11-09 20:27:40 -------- d-----w- C:\Windows\System32\drivers\NAVx64
.
==================== Find3M  ====================
.
2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-13 22:36:37 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-09-13 22:36:23 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-09-13 22:36:23 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-09-13 22:36:14 247296 ----a-w- C:\Windows\SysWow64\ubpm.dll
2013-09-13 22:34:14 40448 ----a-w- C:\Windows\System32\wuapp.exe
2013-09-13 22:33:55 252928 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2013-09-13 22:33:55 142848 ----a-w- C:\Windows\System32\wuwebv.dll
2013-09-13 22:33:54 99328 ----a-w- C:\Windows\System32\wudriver.dll
2013-09-13 22:33:54 1622016 ----a-w- C:\Windows\System32\wucltux.dll
2013-09-13 22:33:42 328192 ----a-w- C:\Windows\System32\ubpm.dll
2013-09-13 22:33:39 175104 ----a-w- C:\Windows\System32\storewuauth.dll
.
============= FINISH: 10:15:10.17 ===============

Share this post


Link to post
Share on other sites

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 11/22/2012 11:34:29 PM
System Uptime: 12/7/2013 9:05:01 AM (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 169A
Processor: AMD C-60 APU with Radeon HD Graphics | Socket FT1 | 1000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 276 GiB total, 223.98 GiB free.
D: is FIXED (NTFS) - 21 GiB total, 2.618 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP46: 11/1/2013 11:21:40 PM - Scheduled Checkpoint
RP47: 11/29/2013 8:38:00 PM - Windows Update
RP48: 12/1/2013 7:18:18 PM - restore point
.
==== Installed Programs ======================
.
4 Elements II
Adobe Shockwave Player 11.6
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bejeweled 3
Bloggie Software
Bonjour
Build-a-lot 4 - Power Source
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CenturyLink Installer
Chuzzle Deluxe
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
CyberLink LabelPrint
CyberLink Media Suite 10
CyberLink Power2Go 8
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Define Ext
Energy Star
Farm Frenzy
FATE: The Cursed King
Final Drive Fury
Flash Player Pro V5.4
FlatOut 2
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.0.0
Hoyle Card Games
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MyRoom
HP Postscript Converter
HP Quick Launch
HP Recovery Manager
HP Registration Service
HP Software Framework
HP Support Assistant
HP Utility Center
HP Wireless Button Driver
IDT Audio
iTunes
Jewel Match 3
John Deere Drive Green
Logitech Harmony Remote Software (x86)
Luxor Evolved
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office 365 Home Premium - en-us
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Mortimer Beckett and the Crimson Thief Premium Edition
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Mystery P.I. - Curious Case of Counterfeit Cove
Norton AntiVirus
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
OpenOffice.org 3.1
Peggle Nights
Penguins!
Polar Bowler
Polar Golfer
Ralink RT5390R 802.11bgn Wi-Fi Adapter
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Roads of Rome 3
swMSM
Synaptics Pointing Device Driver
Tales of Lagoona
Update Installer for WildTangent Games App
Vacation Questâ„¢ - Australia
WildTangent Games
WildTangent Games App
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
12/7/2013 9:04:28 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpqwmiex service.
.
==== End Of File ===========================

Share this post


Link to post
Share on other sites

Now the OTL log(s) then i will read threw them & writs a OTL Fix for you !!

 

Thanks

Chuck

Share this post


Link to post
Share on other sites

OTL logfile created on: 12/7/2013 10:59:12 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kristi\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.60 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 29.54% Memory free
4.35 Gb Paging File | 2.90 Gb Available in Paging File | 66.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 276.00 Gb Total Space | 223.86 Gb Free Space | 81.11% Space Free | Partition Type: NTFS
Drive D: | 21.32 Gb Total Space | 2.62 Gb Free Space | 12.28% Space Free | Partition Type: NTFS
 
Computer Name: JENSEN | User Name: Kristi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/12/07 10:44:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kristi\Desktop\OTL.scr
PRC - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/04/16 07:38:30 | 000,048,496 | ---- | M] (CenturyLink Inc) -- C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/27 18:21:26 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012/07/09 13:40:02 | 000,580,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/07/09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/06/07 20:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012/03/28 18:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011/02/08 11:12:24 | 000,746,856 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
PRC - [2009/04/23 05:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 05:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/10/17 18:35:15 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\66408ec86b705cd9f9aab66e84bb7fd5\System.Web.Services.ni.dll
MOD - [2013/10/17 18:33:57 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7d7b887e33aafaadae040bb07fa959bb\System.Configuration.ni.dll
MOD - [2013/10/15 19:50:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\53c49b1cfdb85cf6784c7dcc8cdbd56d\System.Windows.Forms.ni.dll
MOD - [2013/09/03 07:51:40 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3866f7a0829a76e958174f2d89bae9a8\System.Management.ni.dll
MOD - [2013/09/03 07:49:13 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\70c38c5db6131d4cf9b238f6a40d276e\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2013/09/03 07:27:23 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fc5d4ada42ed8e9a30b64912f5dc9767\System.Xml.ni.dll
MOD - [2013/09/03 07:26:49 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e4447d26cd9083018bd28ddd60a0248\System.Drawing.ni.dll
MOD - [2013/09/03 07:25:03 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1b46657236c1f942f9dbaf6aac73bb49\System.ni.dll
MOD - [2013/07/20 10:12:51 | 011,500,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\d1ce70bf6cbab6ab838cbd8b50e902c1\mscorlib.ni.dll
MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/06/08 11:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/07 20:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2009/04/16 12:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/09/17 17:57:32 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/08/15 22:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/07/01 17:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/06/24 15:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 02:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/03 23:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/03 23:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/08 21:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/01 19:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 19:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 16:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 16:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/09/20 01:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/09/19 23:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/08/06 12:08:48 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/08/02 02:06:02 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/07/25 20:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 20:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 20:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 20:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 20:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 20:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 20:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 20:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 20:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 20:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/07/21 09:30:36 | 000,321,536 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2013/10/12 11:59:56 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe -- (NAV)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/20 01:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/08/10 17:53:44 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/25 20:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/25 20:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/07/25 20:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012/07/13 18:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/07/09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/11/23 11:40:53 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/10/10 04:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/08/15 22:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/09 23:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/09 01:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/01 18:41:47 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/07/01 18:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/01 18:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/07/01 17:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/07/01 15:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/06/28 23:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/05/31 20:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/22 22:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/20 22:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/15 22:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/05/04 00:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/04/24 17:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/15 19:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1404000.028\ccsetx64.sys -- (ccSet_NAV)
DRV:64bit: - [2013/04/15 06:02:04 | 002,482,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/04 18:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/03/04 18:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/03/02 03:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 03:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/09 18:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/11/26 20:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 21:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/05 20:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 01:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 00:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/10 22:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2012/09/20 00:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 00:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/08/24 02:38:28 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/08/24 02:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/08/24 02:38:26 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/03 14:07:30 | 000,020,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012/08/02 03:54:18 | 010,280,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/08/02 01:09:30 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/07/25 22:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 22:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 22:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 22:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 22:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 22:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 22:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 22:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 22:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 22:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 22:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 22:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/25 22:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/25 22:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 22:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 22:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 22:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 21:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 21:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 20:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 19:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012/07/25 19:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 19:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 19:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 19:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 19:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 19:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 19:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 19:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 19:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 19:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 19:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 19:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 19:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 19:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 19:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 19:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 19:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 19:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 19:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 19:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 19:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/23 14:35:12 | 000,079,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/07/23 14:35:12 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/07/21 09:30:36 | 000,540,160 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/07/04 11:41:58 | 000,339,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/06/25 10:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/20 19:45:12 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NAVx64\1404000.028\symelam.sys -- (SymELAM)
DRV:64bit: - [2012/06/18 19:07:50 | 000,057,000 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/06/12 22:41:22 | 000,683,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/06/02 07:32:26 | 010,627,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV - [2013/12/03 11:27:32 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20131203.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/12/01 08:49:34 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20131206.020\ex64.sys -- (NAVEX15)
DRV - [2013/12/01 08:49:34 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/12/01 08:49:34 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20131206.020\eng64.sys -- (NAVENG)
DRV - [2013/11/25 21:32:11 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/11/08 17:15:44 | 000,521,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20131206.001\IDSviA64.sys -- (IDSVia64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT13/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT13/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-731434280-73576831-2629088662-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT13/1
IE - HKU\S-1-5-21-731434280-73576831-2629088662-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mycenturylink.com/
IE - HKU\S-1-5-21-731434280-73576831-2629088662-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-731434280-73576831-2629088662-1002\..\SearchScopes\{05387001-A37D-4889-9D6D-D691A94F8B0B}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20130832,19669,0,6,7635
IE - HKU\S-1-5-21-731434280-73576831-2629088662-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS
IE - HKU\S-1-5-21-731434280-73576831-2629088662-1002\..\SearchScopes\{25D5CFFC-8A6A-4E0E-86C6-6A3EAE2F050A}: "URL" = http://findwide.com/serp?guid={13F1A3EB-0357-43FA-AB02-766F17946932}&serpv=6&action=default_search&k={searchTerms}
IE - HKU\S-1-5-21-731434280-73576831-2629088662-1002\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKU\S-1-5-21-731434280-73576831-2629088662-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "FindWide"
FF - prefs.js..browser.startup.homepage: "http://start.findwide.com/v/2/?guid={13F1A3EB-0357-43FA-AB02-766F17946932}&serpv=6"
FF - prefs.js..extensions.enabledAddons: 2182c59b-52a6-4361-8582-ea68a9f74e27%4030056f63-cd7d-4a99-a8d3-607bf2f1ac42.com:0.92.9
FF - prefs.js..extensions.enabledAddons: %7BD98EBE55-5FE6-4F99-932D-768F41F94B09%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..keyword.URL: "http://findwide.com/serp?guid={13F1A3EB-0357-43FA-AB02-766F17946932}&serpv=6&action=default_search&k="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@sony.com/Some: C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll (Sony)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFF [2013/11/09 16:32:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/08/05 12:28:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kristi\AppData\Roaming\mozilla\Extensions
[2013/12/01 21:44:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kristi\AppData\Roaming\mozilla\Firefox\Profiles\8cd4ocyk.default\extensions
[2013/10/08 20:29:23 | 000,000,000 | ---D | M] (Music Remote) -- C:\Users\Kristi\AppData\Roaming\mozilla\Firefox\Profiles\8cd4ocyk.default\extensions\{D98EBE55-5FE6-4F99-932D-768F41F94B09}
[2013/12/01 21:44:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013/10/12 11:59:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/12 11:59:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\KRISTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CD4OCYK.DEFAULT\EXTENSIONS\[email protected]F2F1AC42.COM
 
O1 HOSTS File: ([2012/07/25 22:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKU\S-1-5-21-731434280-73576831-2629088662-1002\..\Toolbar\WebBrowser: (no name) - {6FA88E76-8A91-48CB-8E88-2B226CC4A22E} - No CLSID value found.
O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CenturyLinkTouchPointAgent] C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe (CenturyLink Inc)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-731434280-73576831-2629088662-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553557800} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B7748B5-31C3-4314-B72F-B1B0C736B8FC}: DhcpNameServer = 192.168.0.1 205.171.2.25
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 360 Days ==========
 
[2013/12/07 10:44:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kristi\Desktop\OTL.scr
[2013/12/07 10:08:30 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Kristi\Desktop\dds.scr
[2013/12/07 08:20:04 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Malwarebytes
[2013/12/07 08:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/07 08:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/07 08:19:49 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/12/07 08:19:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/12/07 08:19:08 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Programs
[2013/12/07 08:16:52 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Kristi\Desktop\mbam-setup-1.75.0.1300 malwarebytes.exe
[2013/12/01 21:20:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/01 21:19:09 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Kristi\Desktop\JRT.exe
[2013/12/01 20:08:26 | 000,078,296 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/01 20:08:24 | 000,694,232 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/01 19:22:51 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/29 19:10:38 | 013,661,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll
[2013/11/29 19:10:30 | 010,799,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll
[2013/11/29 19:10:22 | 001,173,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2013/11/29 19:10:22 | 000,914,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2013/11/29 19:10:15 | 000,773,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013/11/29 19:10:14 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2013/11/29 19:10:14 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2013/11/29 19:10:14 | 000,151,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys
[2013/11/29 19:10:13 | 001,622,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013/11/29 19:10:13 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2013/11/29 19:10:12 | 000,061,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys
[2013/11/29 19:10:10 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2013/11/29 19:10:09 | 000,059,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013/11/29 19:10:07 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2013/11/29 19:10:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013/11/29 19:10:07 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2013/11/29 19:10:07 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013/11/29 19:10:07 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2013/11/29 19:10:06 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013/11/29 19:10:06 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2013/11/29 19:07:55 | 001,300,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/11/29 19:07:41 | 001,890,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/11/29 19:07:15 | 000,096,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wfplwfs.sys
[2013/11/29 19:07:13 | 002,062,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/11/29 19:07:12 | 001,711,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/11/29 19:05:16 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/29 19:05:10 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/29 19:05:10 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/29 19:05:10 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/29 19:05:09 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/29 19:04:48 | 002,304,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/11/29 19:04:48 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/11/23 11:40:04 | 000,433,752 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symnets.sys
[2013/11/23 11:40:04 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symelam.sys
[2013/11/23 11:40:01 | 001,139,800 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symefa64.sys
[2013/11/23 11:40:01 | 000,493,656 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symds64.sys
[2013/11/23 11:40:01 | 000,036,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtspx64.sys
[2013/11/23 11:40:00 | 000,796,760 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtsp64.sys
[2013/11/23 11:40:00 | 000,224,416 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\ironx64.sys
[2013/11/23 11:39:59 | 000,169,048 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\ccsetx64.sys
[2013/11/19 20:30:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64\1404000.028
[2013/11/09 16:36:35 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\NPE
[2013/11/09 13:29:02 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/11/09 13:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/11/09 13:27:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NAVx64
[2013/11/09 13:27:36 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2013/10/13 13:38:50 | 001,374,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdc.dll
[2013/10/13 13:38:50 | 001,245,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wdc.dll
[2013/10/13 13:38:50 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wvc.dll
[2013/10/13 13:38:49 | 000,462,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysmon.ocx
[2013/10/13 13:38:49 | 000,437,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wvc.dll
[2013/10/13 13:38:49 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sysmon.ocx
[2013/10/13 13:38:20 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2013/10/13 13:38:18 | 008,858,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2013/10/13 13:38:16 | 001,125,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2013/10/13 13:38:12 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll
[2013/10/13 13:38:12 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/10/13 13:38:11 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll
[2013/10/13 13:38:11 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll
[2013/10/13 13:38:10 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll
[2013/10/13 13:38:10 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll
[2013/10/12 11:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/12 11:27:17 | 000,209,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NotificationUI.exe
[2013/10/12 11:27:16 | 002,371,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSService.dll
[2013/10/12 11:27:16 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll
[2013/10/12 11:27:14 | 000,688,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll
[2013/10/12 11:27:14 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2013/10/12 11:27:13 | 000,562,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll
[2013/10/12 11:27:13 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll
[2013/10/12 11:27:13 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
[2013/10/12 11:27:13 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppc.dll
[2013/10/12 11:27:13 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sppc.dll
[2013/10/12 11:27:12 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSClient.dll
[2013/10/12 11:27:12 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.dll
[2013/10/12 11:27:12 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSSync.dll
[2013/10/12 11:27:12 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSSync.dll
[2013/10/12 11:27:12 | 000,058,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dam.sys
[2013/10/12 11:27:12 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013/10/12 11:27:12 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013/10/12 11:27:11 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSClient.dll
[2013/10/12 11:27:11 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/10/12 11:27:11 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/10/12 11:27:11 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupcln.dll
[2013/10/12 11:27:11 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2013/10/12 11:27:10 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setupcln.dll
[2013/10/12 11:26:08 | 000,652,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/12 11:26:05 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2013/10/12 11:26:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/10/12 11:26:04 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/10/12 11:26:03 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2013/10/12 11:26:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/10/12 11:25:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/10/12 11:25:59 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/10/12 11:25:57 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013/10/12 11:25:51 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/10/12 11:22:25 | 000,054,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013/10/12 11:22:21 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/12 11:22:21 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/12 11:22:13 | 002,273,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msftedit.dll
[2013/10/12 11:22:11 | 002,839,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll
[2013/10/12 11:22:10 | 001,025,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013/10/12 11:22:10 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2013/10/12 11:22:08 | 000,439,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WerFault.exe
[2013/10/12 11:22:08 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanconn.dll
[2013/10/12 11:22:08 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/10/12 11:22:08 | 000,327,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2013/10/12 11:22:08 | 000,263,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcmsvc.dll
[2013/10/12 11:22:08 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSCard.dll
[2013/10/12 11:22:08 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmmbase.dll
[2013/10/12 11:22:08 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll
[2013/10/12 11:22:07 | 000,385,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFault.exe
[2013/10/12 11:22:07 | 000,195,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013/10/12 11:22:07 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmmbase.dll
[2013/10/12 11:22:07 | 000,125,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013/10/12 11:22:07 | 000,120,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpioclx.sys
[2013/10/12 11:22:06 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013/10/12 11:22:06 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wwanadvui.dll
[2013/10/12 11:22:06 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013/10/12 11:22:06 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wcmcsp.dll
[2013/10/12 11:22:05 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/10/12 11:22:05 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/10/12 11:22:05 | 000,543,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanmm.dll
[2013/10/12 11:22:05 | 000,312,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LocationApi.dll
[2013/10/12 11:22:05 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\LocationApi.dll
[2013/10/12 11:22:05 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/10/12 11:22:05 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\openfiles.exe
[2013/10/12 11:22:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\openfiles.exe
[2013/10/12 11:21:31 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/12 11:21:31 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/12 11:21:31 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/12 11:21:31 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/12 11:21:28 | 000,337,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS
[2013/10/12 11:21:27 | 000,447,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS
[2013/10/12 11:21:27 | 000,213,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UCX01000.SYS
[2013/10/12 11:21:26 | 000,498,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/10/12 11:21:26 | 000,021,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/10/12 11:21:15 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/12 11:21:15 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/12 11:21:14 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tssdisai.dll
[2013/09/26 18:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/09/26 18:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton AntiVirus
[2013/09/26 18:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2013/09/26 18:52:12 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Google
[2013/09/26 18:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Music Remote
[2013/09/26 18:51:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/09/26 18:20:54 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\SySaver
[2013/09/17 21:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/09/17 21:06:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/09/17 21:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/09/17 21:04:46 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Adobe
[2013/09/02 18:58:55 | 000,000,000 | ---D | C] -- C:\Users\Kristi\Desktop\Media
[2013/08/24 15:01:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/08/24 14:15:35 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/08/24 14:14:27 | 000,247,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys
[2013/08/24 14:14:27 | 000,036,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys
[2013/08/24 14:11:30 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/08/24 14:11:30 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apprepapi.dll
[2013/08/24 14:11:30 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apprepsync.dll
[2013/08/24 14:11:30 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apprepapi.dll
[2013/08/24 14:11:30 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apprepsync.dll
[2013/08/12 20:17:10 | 000,000,000 | ---D | C] -- C:\Users\Kristi\Documents\Symantec
[2013/08/08 20:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2013/08/08 20:22:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2013/08/08 20:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Player Pro
[2013/08/08 20:22:43 | 000,000,000 | ---D | C] -- C:\Users\Kristi\Documents\Flash Player Pro
[2013/08/08 20:22:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flash Player Pro
[2013/08/05 16:01:06 | 000,000,000 | ---D | C] -- C:\Users\Kristi\Desktop\Pictures
[2013/08/05 12:52:13 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\OpenOffice.org
[2013/08/05 12:49:45 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.1
[2013/08/05 12:48:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
[2013/08/05 12:48:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013/08/05 12:44:59 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext
[2013/08/05 12:44:40 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\TNT2
[2013/08/05 12:28:21 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Mozilla
[2013/08/05 12:28:21 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Mozilla
[2013/08/05 12:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/08/05 12:28:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/08/05 12:28:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[2013/08/05 12:26:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013/08/05 12:26:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013/08/02 19:15:57 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Sony Corporation
[2013/08/02 19:15:57 | 000,000,000 | ---D | C] -- C:\Users\Kristi\Documents\Bloggie Library
[2013/08/02 19:15:54 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Sony Corporation
[2013/08/02 19:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloggie Software
[2013/08/02 19:15:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2013/08/02 19:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2013/07/16 16:45:35 | 002,219,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2013/07/16 16:45:31 | 001,842,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2013/07/16 16:45:30 | 002,391,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013/07/16 16:45:30 | 002,106,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2013/07/16 16:45:29 | 006,987,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/07/16 16:45:27 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2013/07/16 16:45:26 | 001,527,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfcore.dll
[2013/07/16 16:45:26 | 001,453,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcore.dll
[2013/07/16 16:45:24 | 001,403,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2013/07/16 16:45:24 | 001,271,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2013/07/16 16:45:22 | 001,217,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2013/07/16 16:45:22 | 000,523,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/07/16 16:45:21 | 001,093,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2013/07/16 16:45:21 | 000,583,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll
[2013/07/16 16:45:20 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll
[2013/07/16 16:45:20 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/07/16 16:45:19 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samlib.dll
[2013/07/16 16:45:18 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll
[2013/07/16 16:45:18 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DeviceSetupManager.dll
[2013/07/16 16:45:18 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MbaeParserTask.exe
[2013/07/16 16:45:16 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll
[2013/07/16 16:45:14 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys
[2013/07/09 16:35:13 | 001,838,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/09 16:34:53 | 002,842,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/09 16:34:52 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/09 16:34:41 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/09 16:34:41 | 000,496,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/06/15 07:13:39 | 000,888,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\autochk.exe
[2013/06/15 07:13:39 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\untfs.dll
[2013/06/15 07:13:39 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\untfs.dll
[2013/06/15 07:13:38 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\autochk.exe
[2013/06/15 07:13:37 | 001,257,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/06/15 07:13:09 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentServer.dll
[2013/06/15 07:13:01 | 000,470,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
[2013/06/15 07:12:56 | 000,014,848 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\rars.rs
[2013/06/15 07:12:56 | 000,014,848 | ---- | C] (Microsoft) -- C:\Windows\SysNative\rars.rs
[2013/06/15 07:12:55 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll
[2013/06/15 07:12:55 | 000,330,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2013/06/15 07:12:54 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentExtensions.dll
[2013/06/15 07:12:53 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Magnify.exe
[2013/06/15 07:12:53 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4srcsnk.dll
[2013/06/15 07:12:53 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netplwiz.dll
[2013/06/15 07:12:53 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netplwiz.dll
[2013/06/15 07:12:53 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psmsrv.dll
[2013/06/15 07:12:52 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairing.dll
[2013/06/15 07:12:52 | 000,284,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys
[2013/06/15 07:12:51 | 000,758,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Magnify.exe
[2013/06/15 07:12:51 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairing.dll
[2013/06/15 07:12:51 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\intl.cpl
[2013/06/15 07:12:51 | 000,120,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AuthHost.exe
[2013/06/15 07:12:50 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\biwinrt.dll
[2013/06/15 07:12:49 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\biwinrt.dll
[2013/06/15 07:12:48 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4srcsnk.dll
[2013/06/15 07:12:48 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\intl.cpl
[2013/06/15 07:12:48 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bisrv.dll
[2013/06/15 07:12:47 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll
[2013/06/15 07:12:46 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\muifontsetup.dll
[2013/06/15 07:12:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\muifontsetup.dll
[2013/06/15 07:09:54 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/15 07:09:53 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/15 07:09:53 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/15 07:09:40 | 000,733,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/15 07:09:31 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/15 07:09:31 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/05/19 19:13:07 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Logitech
[2013/05/19 19:13:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2013/05/19 18:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/05/19 18:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/05/19 18:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/05/19 10:31:45 | 003,552,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2013/05/19 10:31:44 | 014,267,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/05/19 10:31:39 | 011,878,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/05/19 10:31:37 | 002,107,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2013/05/19 10:31:33 | 002,767,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2013/05/19 10:31:32 | 001,593,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2013/05/19 10:31:29 | 001,829,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/05/19 10:31:27 | 001,444,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSAudDecMFT.dll
[2013/05/19 10:31:15 | 001,113,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAudDecMFT.dll
[2013/05/19 10:31:14 | 000,306,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd_02_10ec.dll
[2013/05/19 10:31:12 | 000,403,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2013/05/19 10:31:11 | 000,298,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rsaenh.dll
[2013/05/19 10:31:06 | 000,446,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2013/05/19 10:31:06 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2013/05/19 10:31:04 | 000,489,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2013/05/19 10:31:03 | 000,435,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2013/05/19 10:31:03 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/05/19 10:31:03 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll
[2013/05/19 10:31:01 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2013/05/19 10:31:00 | 000,253,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2013/05/19 10:30:59 | 000,804,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RecoveryDrive.exe
[2013/05/19 10:30:58 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpncore.dll
[2013/05/19 10:30:50 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2013/05/19 10:30:50 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll
[2013/05/19 10:30:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhengine.dll
[2013/05/19 10:30:50 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dmvdsitf.dll
[2013/05/19 10:30:48 | 000,659,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2013/05/19 10:30:48 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2013/05/19 10:30:48 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2013/05/19 10:30:47 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll
[2013/05/19 10:30:47 | 000,123,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2013/05/19 10:30:45 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2013/05/19 10:30:45 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Robocopy.exe
[2013/05/19 10:30:45 | 000,077,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdvm.dll
[2013/05/19 10:30:44 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iuilp.dll
[2013/05/19 10:30:44 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Robocopy.exe
[2013/05/19 10:30:42 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dmvdsitf.dll
[2013/05/19 10:30:42 | 000,086,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdnet.dll
[2013/05/19 10:30:40 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2013/05/19 10:30:39 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2013/05/19 10:30:38 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GenuineCenter.dll
[2013/05/19 10:30:38 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll
[2013/05/19 10:30:37 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fmifs.dll
[2013/05/19 10:30:36 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fmifs.dll
[2013/05/19 10:30:35 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll
[2013/05/19 10:30:34 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll
[2013/05/19 10:30:34 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll
[2013/05/19 10:30:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2013/05/19 10:02:56 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\PCHC
[2013/05/19 09:37:39 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll
[2013/05/19 09:37:39 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
[2013/05/19 07:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\CenturyLink
[2013/05/19 07:50:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qwest
[2013/05/19 07:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CenturyLink
[2013/05/19 07:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CenturyLink
[2013/05/19 07:19:23 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\ElevatedDiagnostics
[2013/05/19 07:18:44 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Diagnostics
[2013/05/15 18:27:54 | 000,112,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/05/15 18:26:45 | 002,382,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2013/05/15 18:26:43 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2013/04/15 06:02:04 | 002,482,960 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\drivers\netr28x.sys
[2013/04/15 06:02:04 | 000,334,000 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2013/04/13 16:48:59 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/04/13 16:48:41 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/04/13 16:48:39 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2013/04/13 16:48:37 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll
[2013/04/13 16:48:36 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll
[2013/04/13 16:48:34 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll
[2013/04/13 16:48:33 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/04/13 16:48:33 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll
[2013/04/13 16:48:31 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll
[2013/04/13 16:48:30 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013/04/13 16:48:30 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll
[2013/04/13 16:48:29 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/04/13 16:48:28 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll
[2013/04/13 16:48:28 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll
[2013/04/13 16:48:28 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll
[2013/04/13 16:48:25 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll
[2013/04/13 16:48:25 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll
[2013/04/13 16:48:24 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2013/04/13 16:48:23 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2013/04/13 16:48:22 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll
[2013/04/13 16:48:20 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll
[2013/04/13 16:48:19 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/04/13 16:48:17 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl
[2013/04/13 16:48:17 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll
[2013/04/13 16:48:17 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys
[2013/04/13 16:48:17 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys
[2013/04/13 16:48:16 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl
[2013/04/13 16:48:16 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe
[2013/04/13 16:48:16 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL
[2013/04/13 16:48:16 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll
[2013/04/13 16:48:15 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll
[2013/04/13 16:48:13 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll
[2013/03/24 12:26:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013/03/24 12:26:12 | 000,000,000 | R--D | C] -- C:\Users\Kristi\SkyDrive
[2013/03/24 12:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013/03/24 12:24:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/03/24 11:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013/03/24 10:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2013/03/22 13:23:53 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/03/20 20:24:09 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll
[2013/03/20 19:27:59 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe
[2013/03/20 19:27:59 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidsvc.dll
[2013/03/20 19:27:57 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
[2013/03/20 19:27:52 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2013/03/20 19:27:52 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll
[2013/03/20 19:27:52 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.dll
[2013/03/20 19:27:51 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys
[2013/03/20 19:27:48 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
[2013/03/20 19:27:47 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2013/03/20 19:27:47 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/03/20 19:27:47 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2013/03/20 19:27:46 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll
[2013/03/20 19:27:46 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaacmgr.exe
[2013/03/20 19:27:46 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaacmgr.exe
[2013/03/20 19:27:45 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2013/03/20 19:27:45 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncbservice.dll
[2013/03/20 19:27:45 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxm.dll
[2013/03/20 19:27:45 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhsvc.dll
[2013/03/20 19:27:44 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhapi.dll
[2013/03/20 19:27:44 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxp.dll
[2013/03/20 19:27:44 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\keepaliveprovider.dll
[2013/03/20 19:22:17 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll
[2013/03/20 19:22:16 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll
[2013/03/20 19:22:14 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll
[2013/03/20 19:22:14 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013/03/20 19:22:14 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll
[2013/03/20 19:22:13 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll
[2013/03/20 19:22:13 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2013/03/20 19:22:13 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
[2013/03/20 19:22:12 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll
[2013/03/20 19:22:12 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2013/03/20 19:22:12 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe
[2013/03/20 19:22:12 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe
[2013/03/20 19:22:11 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2013/03/20 19:22:11 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll
[2013/03/20 19:22:11 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe
[2013/03/20 19:22:11 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe
[2013/03/20 19:22:09 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll
[2013/03/20 19:22:09 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll
[2013/03/20 19:21:42 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2013/03/20 19:21:41 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013/03/20 19:21:23 | 001,184,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Display.dll
[2013/03/20 19:21:22 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Display.dll
[2013/03/20 19:21:22 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidi2c.sys
[2013/03/20 19:21:22 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDKURD.DLL
[2013/03/20 19:21:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDKURD.DLL
[2013/03/20 19:19:53 | 011,459,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\glcndFilter.dll
[2013/03/20 19:19:46 | 008,552,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\glcndFilter.dll
[2013/03/20 19:19:40 | 000,976,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/03/20 19:19:39 | 001,566,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2013/03/20 19:19:34 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2013/03/20 19:19:22 | 000,522,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2013/03/20 19:19:22 | 000,463,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2013/03/20 19:19:22 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dafWCN.dll
[2013/03/20 19:19:20 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanmsm.dll
[2013/03/20 19:19:20 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
[2013/03/20 19:19:20 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthprops.cpl
[2013/03/20 19:19:19 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpclip.exe
[2013/03/20 19:19:19 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bthprops.cpl
[2013/03/20 19:19:19 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFCaptureEngine.dll
[2013/03/20 19:19:16 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFCaptureEngine.dll
[2013/03/20 19:19:13 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanapi.dll
[2013/03/20 19:19:09 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanapi.dll
[2013/03/20 19:19:08 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlansec.dll
[2013/03/20 19:19:08 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlansec.dll
[2013/03/20 19:19:08 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnApi.dll
[2013/03/20 19:19:08 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WcnApi.dll
[2013/03/20 19:19:07 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdWCN.dll
[2013/03/20 19:19:07 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnEapAuthProxy.dll
[2013/03/20 19:19:06 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wfdprov.dll
[2013/03/20 19:19:06 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnEapPeerProxy.dll
[2013/03/20 19:19:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wfdprov.dll
[2013/03/20 19:19:04 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2013/03/20 19:19:03 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuaext.dll
[2013/03/20 19:19:02 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fxppm.sys
[2013/03/20 19:19:02 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanhlp.dll
[2013/03/20 19:19:02 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanhlp.dll
[2013/03/20 19:19:01 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wushareduxresources.dll
[2013/03/20 19:19:01 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iscsilog.dll
[2013/03/20 19:16:07 | 003,245,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/03/20 19:16:05 | 001,122,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Taskmgr.exe
[2013/03/20 19:16:05 | 001,027,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Taskmgr.exe
[2013/03/20 19:16:04 | 001,536,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storagewmi.dll
[2013/03/20 19:16:04 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WebcamUi.dll
[2013/03/20 19:16:03 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WebcamUi.dll
[2013/03/20 19:16:03 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UserLanguagesCpl.dll
[2013/03/20 19:16:02 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnapps.dll
[2013/03/20 19:15:58 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/03/20 19:15:58 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UserLanguagesCpl.dll
[2013/03/20 19:15:58 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpnapps.dll
[2013/03/20 19:15:57 | 001,217,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\storagewmi.dll
[2013/03/20 19:15:57 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/03/20 19:15:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsldr.exe
[2013/03/20 19:15:53 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vds_ps.dll
[2013/03/20 19:15:53 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vds_ps.dll
[2013/03/20 19:15:53 | 000,029,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthhfHid.sys
[2013/03/20 19:15:53 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BtaMPM.sys
[2013/03/12 18:18:50 | 000,083,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcupdate_AuthenticAMD.dll
[2013/02/22 08:59:12 | 000,829,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll
[2013/02/22 08:59:12 | 000,608,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100.dll
[2013/01/25 12:32:18 | 002,878,648 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpinkinsC511.exe
[2013/01/25 12:32:16 | 000,333,496 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpinkstsC511LM.dll
[2013/01/25 12:32:16 | 000,272,056 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpinkcoiC511.dll
[2013/01/19 19:47:37 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appserverai.dll
[2013/01/19 19:47:37 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RDWebAI.dll
[2013/01/19 19:47:36 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VmHostAI.dll
[2013/01/19 19:47:33 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2013/01/19 19:47:33 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2013/01/19 19:47:31 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptsslp.dll
[2013/01/19 19:47:30 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptsslp.dll
[2013/01/19 19:45:44 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013/01/19 19:45:44 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013/01/19 19:45:44 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll
[2013/01/19 19:45:44 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnathlp.dll
[2013/01/19 19:45:44 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe
[2013/01/19 19:45:44 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe
[2013/01/19 19:45:44 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnhupnp.dll
[2013/01/19 19:45:44 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnhpast.dll
[2013/01/19 19:45:44 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnhupnp.dll
[2013/01/19 19:45:43 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnhpast.dll
[2013/01/19 19:45:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnlobby.dll
[2013/01/19 19:45:43 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnaddr.dll
[2013/01/19 19:45:43 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnlobby.dll
[2013/01/19 19:45:43 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnaddr.dll
[2013/01/19 19:45:29 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/01/19 19:45:29 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/01/19 19:45:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/01/19 19:45:29 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/01/19 19:45:28 | 000,945,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\resetengmig.dll
[2013/01/19 19:45:28 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysreset.exe
[2013/01/19 19:45:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2013/01/19 19:45:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2013/01/19 19:45:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2013/01/19 19:45:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2013/01/13 15:54:55 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\Apple Computer
[2013/01/13 15:54:55 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Apple Computer
[2013/01/13 15:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/01/13 15:54:05 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2013/01/13 15:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/01/13 15:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/01/13 15:51:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/01/13 15:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/01/13 15:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/01/13 15:43:27 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\Apple
[2013/01/13 15:43:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/01/13 15:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/01/13 15:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/12/13 21:03:19 | 000,000,000 | ---D | C] -- C:\Users\Kristi\Documents\Youcam
[2012/12/13 21:03:19 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Roaming\CyberLink
[2012/12/13 21:03:18 | 000,000,000 | ---D | C] -- C:\Users\Kristi\AppData\Local\CyberLink
 
========== Files - Modified Within 360 Days ==========
 
[2013/12/07 10:44:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kristi\Desktop\OTL.scr
[2013/12/07 10:08:32 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Kristi\Desktop\dds.scr
[2013/12/07 09:52:25 | 000,891,200 | ---- | M] () -- C:\Users\Kristi\Desktop\SecurityCheck.exe
[2013/12/07 09:09:59 | 000,941,050 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/07 09:09:59 | 000,783,894 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/07 09:09:59 | 000,158,368 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/07 09:07:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/07 09:05:24 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/12/07 09:05:20 | 1370,914,816 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/07 08:19:54 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/07 08:17:16 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Kristi\Desktop\mbam-setup-1.75.0.1300 malwarebytes.exe
[2013/12/07 08:00:38 | 000,440,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/01 21:19:10 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Kristi\Desktop\JRT.exe
[2013/12/01 20:06:29 | 002,592,133 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\Cat.DB
[2013/12/01 19:21:18 | 001,110,034 | ---- | M] () -- C:\Users\Kristi\Desktop\adwcleaner.exe
[2013/12/01 04:08:38 | 000,000,258 | RHS- | M] () -- C:\Users\Kristi\ntuser.pol
[2013/11/29 16:36:10 | 000,020,410 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\VT20131125.019
[2013/11/23 11:40:53 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/11/23 11:40:53 | 000,007,631 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/11/23 11:40:53 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/11/05 15:58:57 | 000,694,232 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/11/05 15:58:57 | 000,078,296 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/12 01:45:44 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/10/12 01:43:56 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/12 01:43:37 | 003,959,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/10/12 01:43:37 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/12 00:02:33 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/10 04:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wfplwfs.sys
[2013/10/05 10:15:32 | 000,003,048 | ---- | M] () -- C:\{FB5AB9CF-6D9A-49B1-A57A-D2E84CF0D81F}
[2013/10/03 18:31:56 | 000,001,944 | ---- | M] () -- C:\{49520342-26FB-4328-AD4B-9740EF266BC5}
[2013/10/02 17:43:06 | 000,003,736 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/10/02 16:25:41 | 001,300,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/10/01 16:37:53 | 002,035,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/10/01 16:26:49 | 001,890,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/10/01 16:26:45 | 002,304,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/09/26 21:20:40 | 000,604,776 | ---- | M] () -- C:\{D8814319-CB44-4C1A-82E6-A81E77EB56F8}
[2013/09/13 18:15:42 | 000,059,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013/09/13 15:36:37 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2013/09/13 15:36:23 | 000,628,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2013/09/13 15:36:23 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2013/09/13 15:36:23 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2013/09/13 15:36:14 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2013/09/13 15:34:14 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013/09/13 15:33:55 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2013/09/13 15:33:55 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013/09/13 15:33:54 | 001,622,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013/09/13 15:33:54 | 000,773,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013/09/13 15:33:54 | 000,099,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013/09/13 15:33:42 | 000,328,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2013/09/13 15:33:39 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2013/08/29 22:43:40 | 000,061,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys
[2013/08/29 22:20:13 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2013/08/29 16:48:12 | 000,914,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2013/08/23 00:22:24 | 002,062,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/08/22 18:44:40 | 001,711,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/08/15 22:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dam.sys
[2013/08/15 22:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WSService.dll
[2013/08/15 22:32:48 | 000,209,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\NotificationUI.exe
[2013/08/15 22:21:55 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013/08/15 22:21:55 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013/08/15 22:21:43 | 000,688,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll
[2013/08/15 22:21:43 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WSSync.dll
[2013/08/15 22:21:42 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WSClient.dll
[2013/08/15 22:21:42 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.dll
[2013/08/15 22:21:42 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/08/15 22:21:18 | 001,164,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll
[2013/08/15 22:21:18 | 000,368,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll
[2013/08/15 22:21:12 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\setupcln.dll
[2013/08/15 22:21:00 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppc.dll
[2013/08/15 22:20:30 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2013/08/15 15:43:07 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2013/08/15 15:43:03 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll
[2013/08/15 15:43:03 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WSSync.dll
[2013/08/15 15:43:02 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WSClient.dll
[2013/08/15 15:43:02 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
[2013/08/15 15:43:02 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2013/08/15 15:43:02 | 000,083,968 | ---- | M] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/08/15 15:42:52 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setupcln.dll
[2013/08/15 15:42:47 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sppc.dll
[2013/08/09 23:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys
[2013/08/09 22:21:51 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll
[2013/08/09 22:21:51 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll
[2013/08/09 20:58:51 | 000,356,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll
[2013/08/06 22:15:02 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tssdisai.dll
[2013/08/05 12:52:49 | 000,001,231 | ---- | M] () -- C:\Users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2013/08/02 23:40:49 | 000,462,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sysmon.ocx
[2013/08/02 23:40:17 | 000,566,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wvc.dll
[2013/08/02 23:40:01 | 001,374,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wdc.dll
[2013/08/02 22:14:15 | 000,399,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sysmon.ocx
[2013/08/02 22:13:57 | 000,437,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wvc.dll
[2013/08/02 22:13:43 | 001,245,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wdc.dll
[2013/08/02 19:15:47 | 000,001,143 | R--- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
[2013/08/01 23:28:29 | 010,116,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2013/08/01 23:28:20 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/08/01 22:08:18 | 008,858,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2013/07/30 16:30:05 | 000,386,923 | ---- | M] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/07/26 20:58:39 | 002,207,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\PrintConfig.dll
[2013/07/24 16:10:31 | 010,799,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll
[2013/07/24 16:10:08 | 000,158,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll
[2013/07/24 16:07:09 | 013,661,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll
[2013/07/24 16:06:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll
[2013/07/19 15:13:34 | 000,124,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/07/19 15:13:15 | 000,102,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/07/12 23:18:21 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/07/12 23:15:53 | 000,124,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\apprepapi.dll
[2013/07/12 23:15:53 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\apprepsync.dll
[2013/07/12 21:23:03 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apprepapi.dll
[2013/07/12 21:23:03 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apprepsync.dll
[2013/07/09 01:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpioclx.sys
[2013/07/08 23:18:21 | 000,439,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WerFault.exe
[2013/07/08 21:25:45 | 000,385,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WerFault.exe
[2013/07/08 20:57:19 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\LocationApi.dll
[2013/07/08 15:46:00 | 000,543,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwanmm.dll
[2013/07/08 15:46:00 | 000,414,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwanconn.dll
[2013/07/08 15:46:00 | 000,370,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wwanadvui.dll
[2013/07/08 15:45:16 | 000,312,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\LocationApi.dll
[2013/07/05 17:16:17 | 001,025,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013/07/05 17:15:29 | 000,652,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/07/02 17:23:43 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013/07/02 17:23:12 | 000,778,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2013/07/02 17:22:47 | 002,839,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll
[2013/07/02 17:11:23 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013/07/02 17:10:53 | 002,273,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msftedit.dll
[2013/07/01 18:41:47 | 000,447,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS
[2013/07/01 18:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS
[2013/07/01 18:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UCX01000.SYS
[2013/07/01 17:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys
[2013/07/01 15:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys
[2013/06/30 18:42:09 | 000,498,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/06/30 18:42:09 | 000,021,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/06/30 15:30:14 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\openfiles.exe
[2013/06/30 15:29:22 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\openfiles.exe
[2013/06/28 23:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013/06/28 23:15:47 | 000,125,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013/06/28 22:43:16 | 000,327,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2013/06/28 20:08:18 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/06/28 20:07:13 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/06/24 15:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wcmsvc.dll
[2013/06/24 15:54:45 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wcmcsp.dll
[2013/06/21 22:45:57 | 000,054,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013/06/18 22:36:21 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winmmbase.dll
[2013/06/18 22:36:21 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll
[2013/06/18 15:38:00 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\winmmbase.dll
[2013/06/11 16:26:20 | 000,230,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WinSCard.dll
[2013/06/10 12:16:07 | 000,888,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/06/10 12:15:38 | 000,381,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/06/10 12:10:58 | 000,702,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/06/10 12:10:37 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/06/03 23:44:32 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\isolate.ini
[2013/06/01 04:34:21 | 002,391,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013/06/01 04:26:31 | 006,987,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/06/01 03:24:46 | 002,106,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2013/06/01 02:25:52 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/06/01 02:25:03 | 000,496,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/06/01 02:24:09 | 001,453,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcore.dll
[2013/06/01 02:24:09 | 000,850,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll
[2013/06/01 02:23:46 | 001,842,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2013/06/01 02:22:47 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MbaeParserTask.exe
[2013/06/01 02:22:33 | 000,523,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/06/01 02:22:09 | 000,190,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll
[2013/06/01 02:21:39 | 000,729,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2013/06/01 02:21:39 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\samlib.dll
[2013/06/01 02:21:34 | 000,595,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/06/01 02:20:45 | 000,583,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mscms.dll
[2013/06/01 02:20:34 | 001,527,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfcore.dll
[2013/06/01 02:20:34 | 001,048,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll
[2013/06/01 02:20:04 | 002,219,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2013/06/01 02:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DeviceSetupManager.dll
[2013/05/31 20:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys
[2013/05/30 16:24:29 | 001,257,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/05/26 16:17:30 | 000,035,328 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/05/26 15:59:03 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/05/24 20:15:19 | 000,362,496 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/05/24 19:32:52 | 000,300,032 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/05/24 15:09:20 | 001,403,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2013/05/24 15:09:20 | 001,271,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2013/05/24 15:09:20 | 001,217,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2013/05/24 15:09:20 | 001,093,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2013/05/23 19:09:47 | 000,008,063 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symds64.cat
[2013/05/23 16:02:30 | 001,314,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/05/22 22:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symefa64.sys
[2013/05/22 22:25:28 | 000,007,587 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symefa64.cat
[2013/05/22 22:25:28 | 000,003,434 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symefa.inf
[2013/05/20 22:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symds64.sys
[2013/05/20 22:02:00 | 000,002,852 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symds.inf
[2013/05/20 21:40:20 | 000,008,067 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtsp64.cat
[2013/05/15 22:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtsp64.sys
[2013/05/15 22:02:14 | 000,001,437 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtsp64.inf
[2013/05/15 15:37:03 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
[2013/05/15 15:35:49 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
[2013/05/14 19:25:59 | 000,888,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\autochk.exe
[2013/05/14 19:25:44 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\untfs.dll
[2013/05/14 19:24:10 | 000,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\autochk.exe
[2013/05/14 19:24:01 | 000,482,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\untfs.dll
[2013/05/04 00:58:17 | 000,120,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AuthHost.exe
[2013/05/04 00:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys
[2013/05/03 23:59:36 | 000,812,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Magnify.exe
[2013/05/03 23:59:21 | 002,842,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/05/03 23:58:48 | 000,330,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll
[2013/05/03 23:58:28 | 000,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\psmsrv.dll
[2013/05/03 23:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
[2013/05/03 23:58:01 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netplwiz.dll
[2013/05/03 23:57:59 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\muifontsetup.dll
[2013/05/03 23:57:46 | 000,560,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4srcsnk.dll
[2013/05/03 23:57:15 | 000,501,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairing.dll
[2013/05/03 23:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\bisrv.dll
[2013/05/03 23:57:05 | 000,122,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\biwinrt.dll
[2013/05/03 23:57:04 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll
[2013/05/03 23:57:00 | 001,131,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentServer.dll
[2013/05/03 23:57:00 | 000,708,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentExtensions.dll
[2013/05/03 23:56:53 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\intl.cpl
[2013/05/03 21:58:14 | 000,758,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Magnify.exe
[2013/05/03 21:57:58 | 002,620,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/05/03 21:57:04 | 000,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netplwiz.dll
[2013/05/03 21:57:02 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\muifontsetup.dll
[2013/05/03 21:56:48 | 000,411,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4srcsnk.dll
[2013/05/03 21:56:14 | 000,449,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairing.dll
[2013/05/03 21:56:06 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\biwinrt.dll
[2013/05/03 21:56:05 | 000,309,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll
[2013/05/03 21:55:58 | 000,389,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\intl.cpl
[2013/05/03 21:51:38 | 000,014,848 | ---- | M] (Microsoft) -- C:\Windows\SysNative\rars.rs
[2013/05/03 21:10:47 | 000,014,848 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\rars.rs
[2013/04/28 15:28:29 | 000,915,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2013/04/26 22:20:12 | 000,733,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/04/24 17:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symnets.sys
[2013/04/24 17:43:50 | 000,008,067 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symnet64.cat
[2013/04/24 17:43:50 | 000,001,440 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symnet.inf
[2013/04/23 16:13:53 | 001,013,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/04/23 15:56:35 | 001,255,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/04/23 15:55:48 | 000,141,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/04/15 19:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\ccsetx64.sys
[2013/04/15 19:41:14 | 000,007,667 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\ccsetx64.cat
[2013/04/15 19:41:14 | 000,000,853 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\ccsetx64.inf
[2013/04/15 06:02:04 | 002,482,960 | ---- | M] (Ralink Technology, Corp.) -- C:\Windows\SysNative\drivers\netr28x.sys
[2013/04/15 06:02:04 | 000,334,000 | ---- | M] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2013/04/15 06:02:04 | 000,013,973 | ---- | M] () -- C:\Windows\SysNative\RaCoInst.dat
[2013/04/11 15:22:49 | 001,838,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/04/09 16:17:06 | 001,125,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2013/04/08 22:33:02 | 000,489,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2013/04/08 22:33:02 | 000,446,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2013/04/08 22:33:02 | 000,253,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2013/04/08 22:20:02 | 000,306,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kd_02_10ec.dll
[2013/04/08 22:20:02 | 000,086,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kdnet.dll
[2013/04/08 22:18:05 | 000,077,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kdvm.dll
[2013/04/08 22:17:57 | 001,829,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/04/08 21:52:07 | 000,373,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2013/04/08 21:52:07 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2013/04/08 21:52:07 | 000,126,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Robocopy.exe
[2013/04/08 21:52:06 | 000,804,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RecoveryDrive.exe
[2013/04/08 21:51:51 | 000,367,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/04/08 21:51:41 | 000,456,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wpncore.dll
[2013/04/08 21:51:31 | 014,267,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/04/08 21:51:17 | 000,595,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2013/04/08 21:51:03 | 003,552,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2013/04/08 21:50:53 | 000,414,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\GenuineCenter.dll
[2013/04/08 21:50:03 | 002,107,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2013/04/08 21:50:03 | 000,745,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2013/04/08 21:50:03 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll
[2013/04/08 21:50:02 | 000,435,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2013/04/08 21:50:02 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2013/04/08 21:50:02 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll
[2013/04/08 21:49:54 | 001,444,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MSAudDecMFT.dll
[2013/04/08 21:49:45 | 000,468,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll
[2013/04/08 21:49:45 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2013/04/08 21:49:33 | 000,210,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iuilp.dll
[2013/04/08 21:49:16 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fhengine.dll
[2013/04/08 21:49:16 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fmifs.dll
[2013/04/08 21:49:09 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll
[2013/04/08 21:49:06 | 000,196,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dmvdsitf.dll
[2013/04/08 21:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll
[2013/04/08 16:44:25 | 000,123,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2013/04/08 14:52:16 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Robocopy.exe
[2013/04/08 14:52:01 | 011,878,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/04/08 14:51:57 | 000,411,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2013/04/08 14:51:51 | 002,767,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2013/04/08 14:51:24 | 001,593,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2013/04/08 14:51:24 | 000,659,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2013/04/08 14:51:24 | 000,403,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2013/04/08 14:51:24 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll
[2013/04/08 14:51:21 | 001,113,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSAudDecMFT.dll
[2013/04/08 14:51:18 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll
[2013/04/08 14:51:18 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2013/04/08 14:51:11 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\fmifs.dll
[2013/04/08 14:51:08 | 000,155,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dmvdsitf.dll
[2013/04/04 16:30:17 | 000,503,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/02 16:37:46 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/04/02 16:12:32 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/03/21 20:49:55 | 002,382,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2013/03/21 15:47:13 | 002,851,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2013/03/15 15:05:34 | 000,298,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rsaenh.dll
[2013/03/06 00:10:10 | 000,112,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/03/04 19:14:15 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symvtcer.dat
[2013/03/04 18:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\ironx64.sys
[2013/03/04 18:40:08 | 000,000,767 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\iron.inf
[2013/03/04 18:39:19 | 000,007,593 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\iron.cat
[2013/03/04 18:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtspx64.sys
[2013/03/04 18:21:35 | 000,007,589 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtspx64.cat
[2013/03/04 18:21:35 | 000,001,420 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtspx64.inf
[2013/03/02 03:57:46 | 000,332,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013/03/02 03:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys
[2013/03/02 03:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys
[2013/03/02 02:59:36 | 000,411,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/03/02 01:23:30 | 000,893,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll
[2013/03/02 01:23:28 | 000,601,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll
[2013/03/02 01:23:28 | 000,504,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2013/03/02 01:23:04 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll
[2013/03/02 01:23:00 | 000,375,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
[2013/03/02 01:22:36 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll
[2013/03/02 01:22:32 | 005,091,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/03/02 01:21:56 | 000,550,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll
[2013/03/02 01:21:52 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll
[2013/03/02 01:21:32 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl
[2013/03/01 19:45:35 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/03/01 19:45:35 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe
[2013/03/01 19:45:18 | 000,071,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL
[2013/03/01 19:45:16 | 001,101,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2013/03/01 19:45:14 | 001,627,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/03/01 19:45:14 | 001,149,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll
[2013/03/01 19:45:13 | 000,951,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll
[2013/03/01 19:45:13 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll
[2013/03/01 19:45:08 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll
[2013/03/01 19:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll
[2013/03/01 19:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll
[2013/03/01 19:44:56 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll
[2013/03/01 19:44:41 | 000,455,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll
[2013/03/01 19:44:41 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll
[2013/03/01 19:44:38 | 005,978,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/03/01 19:44:08 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll
[2013/03/01 19:44:07 | 000,150,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll
[2013/03/01 19:44:05 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll
[2013/03/01 19:43:51 | 002,146,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2013/03/01 19:43:50 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl
[2013/02/22 08:59:12 | 000,829,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll
[2013/02/22 08:59:12 | 000,608,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100.dll
[2013/02/21 03:29:37 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/02/21 03:29:37 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/02/21 03:29:37 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/02/21 03:14:05 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/02/19 08:07:28 | 000,083,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mcupdate_AuthenticAMD.dll
[2013/02/11 17:17:50 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/02/02 01:40:55 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe
[2013/02/02 01:40:55 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe
[2013/02/02 01:40:36 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2013/02/02 01:40:35 | 000,370,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll
[2013/02/02 01:40:26 | 000,410,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll
[2013/02/02 01:40:22 | 000,197,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
[2013/02/02 01:39:34 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll
[2013/02/02 01:39:34 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll
[2013/02/02 01:24:19 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe
[2013/02/02 01:24:19 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe
[2013/02/02 01:23:44 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2013/02/02 01:23:43 | 000,475,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll
[2013/02/02 01:23:37 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll
[2013/02/02 01:23:28 | 000,543,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll
[2013/02/02 01:23:19 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll
[2013/02/02 01:21:44 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013/02/02 01:20:47 | 000,260,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll
[2013/02/02 01:20:31 | 000,729,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll
[2013/02/01 22:41:57 | 001,437,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013/02/01 22:31:54 | 001,690,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2013/01/25 12:32:18 | 002,878,648 | ---- | M] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpinkinsC511.exe
[2013/01/25 12:32:16 | 000,333,496 | ---- | M] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpinkstsC511LM.dll
[2013/01/25 12:32:16 | 000,272,056 | ---- | M] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpinkcoiC511.dll
[2013/01/13 15:54:37 | 000,001,783 | ---- | M] () -- C:\Users\Kristi\Desktop\iTunes.lnk
[2013/01/09 18:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys
[2013/01/09 18:40:38 | 000,303,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/01/09 16:26:53 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaacmgr.exe
[2013/01/09 16:26:46 | 001,611,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
[2013/01/09 16:26:35 | 000,261,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll
[2013/01/09 16:26:03 | 000,436,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2013/01/09 16:23:32 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wiaacmgr.exe
[2013/01/09 16:23:25 | 002,094,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe
[2013/01/09 16:23:18 | 000,256,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
[2013/01/09 16:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wlidsvc.dll
[2013/01/09 16:23:14 | 000,406,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.dll
[2013/01/09 16:23:07 | 001,886,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
[2013/01/09 16:22:41 | 000,666,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2013/01/09 16:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll
[2013/01/09 16:22:29 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2013/01/09 16:22:26 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UMDF\HidBthLE.dll
[2012/12/14 21:55:40 | 000,443,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll
 
========== Files Created - No Company Name ==========
 
[2013/12/07 09:52:24 | 000,891,200 | ---- | C] () -- C:\Users\Kristi\Desktop\SecurityCheck.exe
[2013/12/07 08:19:53 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/07 08:00:21 | 000,440,632 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/01 19:21:17 | 001,110,034 | ---- | C] () -- C:\Users\Kristi\Desktop\adwcleaner.exe
[2013/11/30 00:03:06 | 002,592,133 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\Cat.DB
[2013/11/29 16:40:36 | 000,020,410 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\VT20131125.019
[2013/11/23 11:40:04 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symelam64.cat
[2013/11/23 11:40:04 | 000,008,067 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symnet64.cat
[2013/11/23 11:40:04 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symnet.inf
[2013/11/23 11:40:03 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symelam.inf
[2013/11/23 11:40:01 | 000,007,587 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symefa64.cat
[2013/11/23 11:40:01 | 000,003,434 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symefa.inf
[2013/11/23 11:40:01 | 000,002,852 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symds.inf
[2013/11/23 11:40:01 | 000,001,420 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtspx64.inf
[2013/11/23 11:40:00 | 000,007,589 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtspx64.cat
[2013/11/23 11:40:00 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtsp64.inf
[2013/11/23 11:40:00 | 000,000,767 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\iron.inf
[2013/11/23 11:39:59 | 000,007,667 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\ccsetx64.cat
[2013/11/23 11:39:59 | 000,007,593 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\iron.cat
[2013/11/23 11:39:59 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\ccsetx64.inf
[2013/11/19 20:30:12 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symvtcer.dat
[2013/11/19 20:30:11 | 000,008,067 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\srtsp64.cat
[2013/11/19 20:30:11 | 000,008,063 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\symds64.cat
[2013/11/19 20:30:11 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NAVx64\1404000.028\isolate.ini
[2013/11/09 13:29:02 | 000,007,631 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/11/09 13:29:02 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/10/13 13:38:09 | 000,386,923 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/10/12 11:27:10 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/10/05 10:15:31 | 000,003,048 | ---- | C] () -- C:\{FB5AB9CF-6D9A-49B1-A57A-D2E84CF0D81F}
[2013/10/03 18:31:56 | 000,001,944 | ---- | C] () -- C:\{49520342-26FB-4328-AD4B-9740EF266BC5}
[2013/09/26 21:20:39 | 000,604,776 | ---- | C] () -- C:\{D8814319-CB44-4C1A-82E6-A81E77EB56F8}
[2013/09/26 18:51:40 | 000,003,736 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/08/05 12:52:49 | 000,001,231 | ---- | C] () -- C:\Users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2013/08/05 12:28:13 | 000,001,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/08/05 12:26:34 | 000,000,258 | RHS- | C] () -- C:\Users\Kristi\ntuser.pol
[2013/08/02 19:15:47 | 000,001,143 | R--- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk
[2013/04/15 06:02:04 | 000,013,973 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2013/03/24 12:26:10 | 000,002,254 | ---- | C] () -- C:\Users\Kristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
[2013/01/13 15:54:37 | 000,001,783 | ---- | C] () -- C:\Users\Kristi\Desktop\iTunes.lnk
[2013/01/13 15:43:17 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/08/17 17:11:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/08/03 15:40:09 | 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/02 01:53:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/08/02 01:53:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/07/26 01:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 01:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 00:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 18:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 13:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 13:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 13:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/07/25 13:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/07/25 13:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/06/02 07:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
[2012/08/17 17:26:03 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/01 23:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/01 22:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 20:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/08/05 12:52:13 | 000,000,000 | ---D | M] -- C:\Users\Kristi\AppData\Roaming\OpenOffice.org
[2013/05/19 10:12:09 | 000,000,000 | ---D | M] -- C:\Users\Kristi\AppData\Roaming\PCHC
[2012/11/22 23:37:38 | 000,000,000 | ---D | M] -- C:\Users\Kristi\AppData\Roaming\Synaptics
[2012/11/24 20:39:43 | 000,000,000 | ---D | M] -- C:\Users\Kristi\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 

< End of report >

Share this post


Link to post
Share on other sites

OTL Extras logfile created on: 12/7/2013 10:59:12 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kristi\Desktop

64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16736)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.60 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 29.54% Memory free

4.35 Gb Paging File | 2.90 Gb Available in Paging File | 66.65% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 276.00 Gb Total Space | 223.86 Gb Free Space | 81.11% Space Free | Partition Type: NTFS

Drive D: | 21.32 Gb Total Space | 2.62 Gb Free Space | 12.28% Space Free | Partition Type: NTFS

Computer Name: JENSEN | User Name: Kristi | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0B8A2F9F-7A44-4A57-BCD1-86F41B83B688}" = rport=445 | protocol=6 | dir=out | app=system |

"{136E3944-AD63-49A7-9E8A-47547B1A60CD}" = lport=138 | protocol=17 | dir=in | app=system |

"{2785BD42-4DC0-44D6-9014-4F54BE1EB44D}" = rport=139 | protocol=6 | dir=out | app=system |

"{33469F7B-8B2D-4231-97F1-4EEB1E6572D1}" = rport=137 | protocol=17 | dir=out | app=system |

"{3A417AF5-3E9F-4196-BFC4-DBC35E40BA52}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{45CB5A09-D175-4C48-ABEA-F955AA0D8FFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{4B11FF6B-F037-4C82-B3AE-34BA3F5E30F1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{51D9E665-683E-4856-ADC8-D9292260C609}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{5492B38A-6AE0-4EF1-B547-A562146293F9}" = lport=137 | protocol=17 | dir=in | app=system |

"{5FC22F2D-9BFB-4669-96BE-FA3350002B90}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{6B288D59-35D7-4560-8063-5E2D274490CA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{6C3DDD59-9C6D-40DD-BDDB-D0BB2A77B70E}" = rport=138 | protocol=17 | dir=out | app=system |

"{7A634D45-66AE-4C6D-89BD-39BC04E83BC4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{8B152D25-8977-437C-B1EC-8C6048D28937}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{94691A3E-AE5C-4F5A-A3A6-9914850F9827}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{9C5EF4F1-017E-44C6-AF75-090D2D3D8A95}" = lport=445 | protocol=6 | dir=in | app=system |

"{A57B9A51-B4B7-4E5A-AAF8-05AD901FD5E2}" = rport=10243 | protocol=6 | dir=out | app=system |

"{A6774F06-6CED-4B5E-8111-9908440A56F6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{BB81FE30-482D-4394-8E42-55FD2F372CEB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{DED6ACE2-C3C9-4F01-980A-1CAD1E64D2C0}" = lport=10243 | protocol=6 | dir=in | app=system |

"{DF8A72E2-6746-4E55-9AF6-281289396C2E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E03B5E39-ABA7-4233-9F01-B0DD673CA1F7}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E7E76518-CCA8-4119-8AF4-9345ACC19BC1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |

"{EF4A8B3D-8B95-4734-B3E6-D86BCF4A4075}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1505E06A-DF76-445D-B701-9EA94AD3A479}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{15EBD649-4353-4387-AF55-86D307F81E77}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{1726E98E-C523-44CA-B329-787E781677DF}" = dir=out | name=microsoft mahjong |

"{17B70AB1-BF69-4A16-B284-88CDF81FB8C1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 |

"{1C90D1AA-BB9B-42AD-A8F1-4AA0BBA2B16C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{1D4A7118-DDC3-4B7E-B31E-A2491FD4E85F}" = protocol=58 | dir=in | app=system |

"{249A8BC5-0542-4271-87E8-81E52E0DB359}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{25D5A88C-7107-47EF-98F1-11959B635B42}" = dir=out | name=hp printer control |

"{2EFCB1CB-F1CE-44AD-9A64-A9CCF9267DA2}" = dir=out | name=hp registration |

"{31F3B2DD-6FEA-4A6F-BF04-E137EF2FE851}" = dir=out | name=hp+ |

"{3AB2F4F7-D589-4C65-ADDA-BEA9028F3DA8}" = dir=in | name=kindle |

"{3D92C6A8-3208-4AB0-88AA-25623DBE42EC}" = dir=out | name=skype |

"{43B0E720-4B21-4947-B035-9C839104A988}" = dir=out | name=microsoft solitaire collection |

"{44A7E2BC-ADAB-479E-9C78-5D1924CFBF12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{4647106E-13D8-4773-BB90-FDC0721460FA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{4A289CF6-E2C0-498F-A511-C7985D1D47A0}" = dir=out | name=netflix |

"{4C12BCFE-8362-4551-9526-761FBB664294}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{58636C9A-32F6-4B9D-ACEF-C55B1E9839B5}" = protocol=6 | dir=out | app=system |

"{58D0ECD7-254C-4C1D-86F3-6798DA84B35C}" = dir=out | name=hp connected photo powered by snapfish |

"{657297F2-5C72-4CC3-8A2C-4667A0ADD2C8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{657E6507-4497-479A-BB6C-A76C727475D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{65F7ACA8-E4EB-4DD3-B16F-67D7FFD2B70B}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |

"{685398BE-26BE-42DD-B0ED-22821485CF20}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{6C586A61-BDD1-4919-BBDA-F31978052B43}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{7928015A-5CA0-4FE5-B0CF-6DD8886F5A7F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{8ABE062C-994E-4AA4-AC1C-F3D6DA730A0B}" = dir=in | name=hp printer control |

"{90E966B0-0885-43D1-87BC-C757DD585FDB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{9368184F-5E60-41F2-838E-74ADEBB3EA76}" = dir=out | name=getting started with windows 8 |

"{9D3259E3-A9AF-4F1B-8976-D68243693003}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{A21E12BB-7FFF-42EF-89D2-4BAD0884EDBD}" = dir=out | name=iheartradio |

"{A2AF466B-80DB-47AC-9ADA-BF801BD2D187}" = dir=out | name=norton studio |

"{A4877C84-2057-4526-8F01-2C9511AC128F}" = dir=in | name=ebay |

"{B07B8C04-3AA3-4D59-8BD0-D0761FF1EEE7}" = dir=in | app=c:\users\kristi\appdata\local\microsoft\skydrive\skydrive.exe |

"{B95F7E7C-D2D7-48A8-8169-3B8E5B263AFA}" = dir=in | name=skype |

"{C305FA76-083B-4BBA-AF01-37D49B6921F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C741CDC4-020C-45F6-AD36-6ED3A546C5BF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{CA0186B0-910E-4ECC-9F04-FB825483AF60}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D68D85DF-22EB-4465-8EC7-5E2834B2BFC5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{D97A54FA-934F-4B97-987F-28E8B498FC67}" = dir=out | name=ebay |

"{DA145439-2E89-48A4-946B-B4951A83B314}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E9CFBDD9-A70A-45E4-8C4E-510DE0688D07}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F1A14AA1-5197-49C9-80C2-0CC87EDC4BC4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{F2FCF9BB-C5C5-4126-AAC0-647754C5F77E}" = dir=out | name=kindle |

"{F382A039-DA0B-44E7-B015-661D972B3C75}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{F4AC6705-1B23-43CA-AF02-A2AEEA1BA5E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F567D314-85D4-42BF-9EEB-A84F29E00BEE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{F66BCDB4-6EA1-46D9-9E91-EAE610A8BC4F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes

"{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{63ADEC24-A374-80A8-E89B-BE401C787F75}" = AMD Catalyst Install Manager

"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A79A9231-0A5A-9384-21D0-DB753C2BE59B}" = AMD Fuel

"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service

"{E82EC5DF-28FD-C8F4-ED08-B88728158260}" = ccc-utility64

"O365HomePremRetail - en-us" = Microsoft Office 365 Home Premium - en-us

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0123AB93-E7A4-7F40-83B6-41EC2CF84B3F}" = CCC Help Dutch

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0C3B99D2-35D0-6993-3C4B-A759419A8678}" = CCC Help Korean

"{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center

"{0DCCD5F4-29E7-4AA0-8C1D-F8E1503B91F4}" = Catalyst Control Center - Branding

"{1225C0F8-AB1A-BE3A-CD0C-DB8CA1613940}" = CCC Help Greek

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{299BA1C7-2C4E-4C3D-8BBA-0F7EC5A90DD1}" = Bloggie Software

"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3C41A693-28E1-4335-A738-528B09DB600C}" = CCC Help Thai

"{3C458872-A5BB-89F3-933C-2406F6D9E6F8}" = CCC Help Finnish

"{4ED7050C-9332-4FB2-AB07-E94F25A53D39}" = HP Quick Launch

"{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager

"{52A3FC19-6F84-F293-08C6-80A1D2F7477F}" = CCC Help Swedish

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5CD2FE1D-A3DB-F273-2798-EFAACF8492A5}" = CCC Help Portuguese

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software (x86)

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A66D912-541C-54C6-43E6-17AF24700B91}" = CCC Help German

"{6C8FF546-B0C0-0935-2F5E-7DC2DA727CFD}" = CCC Help Czech

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{734846E6-3E7A-04AC-0612-638A1D8A63F8}" = CCC Help Russian

"{747F3993-036E-5F4F-1B82-7DA844B73966}" = Catalyst Control Center Localization All

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{793ED091-3F14-4968-3864-5C8A7727A5DA}" = CCC Help Chinese Standard

"{835B275B-F29B-464B-BD4B-097FD55FAB0A}" = HP Software Framework

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390R 802.11bgn Wi-Fi Adapter

"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component

"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component

"{9285EABA-D88C-4A8A-6E9D-5F55BF03E46F}" = Catalyst Control Center InstallProxy

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{93EB60BA-458D-FBE6-E466-CD170080E719}" = CCC Help Polish

"{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C0F4CBD-8543-96CC-46F1-75E57B1B22A6}" = Catalyst Control Center Graphics Previews Common

"{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom

"{9EF69B68-6DFE-F916-2D6E-E486D21A26C2}" = CCC Help Spanish

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{B1E7FE70-3B18-5BA2-8032-2547FC636A50}" = CCC Help Japanese

"{B424890D-64FC-E0D1-4A17-4B512CA45CD9}" = CCC Help Italian

"{B8019B54-F9BE-490A-9619-6D06F18F129F}" = HP Support Assistant

"{BE64A239-E22E-9D77-AA57-36AE0443EC2F}" = CCC Help Chinese Traditional

"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{C96FF998-45BD-411E-9253-B7F2660FE280}" = CenturyLink Installer

"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CF8C33C1-C978-527D-E0AF-530882DEB146}" = AMD VISION Engine Control Center

"{D23CA718-0356-41F2-8E6A-B5C6CD383EF7}" = HP Documentation

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D5DC9541-12F0-59CF-9430-1136D5A58BD0}" = CCC Help Hungarian

"{D7FBE7DC-A18F-4DFF-80BB-A478E4E09CF7}" = CCC Help Danish

"{DC3C5C4A-1869-A99C-3AE4-55E0191105F0}" = CCC Help Norwegian

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1

"{EB2CDF95-92D4-AC57-63B1-4E7F0BD8F9B8}" = CCC Help French

"{ECA42F46-D80E-AD40-18FB-4BF64491CEE3}" = CCC Help English

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF282A38-D10B-E302-FBAD-5903C9DD9A5B}" = CCC Help Turkish

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"BloggieSoftware" = Bloggie Software

"Flash Player Pro_is1" = Flash Player Pro V5.4

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10

"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NAV" = Norton AntiVirus

"WildTangent hp Master Uninstall" = HP Games

"WildTangent wildgames Master Uninstall" = WildTangent Games

"WinLiveSuite" = Windows Live Essentials

"WTA-34a0f46f-2586-4346-812c-3e18d190d88a" = Luxor Evolved

"WTA-3e034c4a-10db-4d90-986c-4ad842d30c78" = Polar Bowler

"WTA-43d91043-ebc0-4697-8d3d-d2bc3c24954c" = Farm Frenzy

"WTA-4685aa80-dc5b-4935-83fa-befd7b91e9f5" = Chuzzle Deluxe

"WTA-4a27aa2d-9c25-4db9-98ad-36510c794c7f" = Cradle Of Egypt Collector's Edition

"WTA-4a30ae7a-f08b-4f44-a12c-09edc11ad2a6" = Governor of Poker 2 Premium Edition

"WTA-52d040ec-7135-4eec-9cd4-cdf2230564a1" = Mahjongg Dimensions Deluxe: Tiles in Time

"WTA-5506661c-81d3-49e4-b2f9-072576c15d91" = Roads of Rome 3

"WTA-5c01f4e4-2494-4342-bf09-6b5fba8368f5" = John Deere Drive Green

"WTA-5e80cd2a-d654-401d-b385-74b579628353" = Jewel Match 3

"WTA-715442b8-3be5-4073-9b0e-f41506dd2310" = Hoyle Card Games

"WTA-7c7027da-bc2b-4364-af24-485d85da4b7b" = Final Drive Fury

"WTA-83705bd4-8013-45e7-b430-3806a7dc4745" = Mortimer Beckett and the Crimson Thief Premium Edition

"WTA-8ba64964-a6d3-492c-9d8f-02006b962c0c" = Vacation Questâ„¢ - Australia

"WTA-9431f875-5fc4-41b0-8bbb-5a2107f43f7b" = Penguins!

"WTA-973dfb2b-f35d-4000-af3a-be238aa6ef88" = Bejeweled 3

"WTA-a86c3f90-cf5b-4c9f-8c9a-690d3045ff3d" = Peggle Nights

"WTA-b08e9137-7fa1-480b-8f21-a404a4877e38" = Mystery P.I. - Curious Case of Counterfeit Cove

"WTA-bd80f60a-4ecd-4a36-a634-a563d4b1e9de" = Polar Golfer

"WTA-d76db04b-4e71-4bac-880c-969c2616d43d" = Tales of Lagoona

"WTA-d8e241f0-1a03-4a4a-94d2-f0379e66bc9a" = FATE: The Cursed King

"WTA-d9f2e693-20fd-4edf-99dd-54fc5c9567f9" = Build-a-lot 4 - Power Source

"WTA-df35cdb0-0d63-4dfb-afa8-94429c4cf1f3" = Zuma's Revenge

"WTA-e173b0c7-0897-4cc2-910e-53ef978247b4" = Cradle of Rome 2

"WTA-fa24b63a-3a29-4c8b-9aeb-e1577cb8a12f" = 4 Elements II

"WTA-fb2ce78a-3b49-4539-8948-b141dca7fa98" = FlatOut 2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-731434280-73576831-2629088662-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Define Ext" = Define Ext

"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 12/7/2013 11:10:56 AM | Computer Name = Jensen | Source = Office 2013 Licensing Service | ID = 0

Description =

Error - 12/7/2013 1:17:03 PM | Computer Name = Jensen | Source = Office 2013 Licensing Service | ID = 0

Description =

[ System Events ]

Error - 12/7/2013 10:57:08 AM | Computer Name = Jensen | Source = DCOM | ID = 10010

Description =

Error - 12/7/2013 11:00:40 AM | Computer Name = Jensen | Source = EventLog | ID = 6008

Description = The previous system shutdown at 7:58:06 AM on ?12/?7/?2013 was unexpected.

Error - 12/7/2013 12:04:28 PM | Computer Name = Jensen | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the hpqwmiex service.

< End of report >

Share this post


Link to post
Share on other sites

Hey woods, ok let's run this Fix !

 

Is Kristi using Norton AntiVirus as her antivirus ??

 

==================

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the customFix.png.  text box of the OTL tool/program ! Start with and include the colon plus  :OTL

:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=CPNTDFJSIE:64bit:'>http://www.bing.com/...0TR&pc=CPNTDFJSIE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}IE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-731434280-73576831-2629088662-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-731434280-73576831-2629088662-1002\..\SearchScopes\{05387001-A37D-4889-9D6D-D691A94F8B0B}: "URL" = http://us.yhs4.searc...,19669,0,6,7635IE - HKU\S-1-5-21-731434280-73576831-2629088662-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=CPNTDFJSIE - HKU\S-1-5-21-731434280-73576831-2629088662-1002\..\SearchScopes\{25D5CFFC-8A6A-4E0E-86C6-6A3EAE2F050A}: "URL" = http://findwide.com/...&k={searchTerms}IE - HKU\S-1-5-21-731434280-73576831-2629088662-1002\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}FF - user.js - File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found[2013/08/05 12:28:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kristi\AppData\Roaming\mozilla\Extensions[2013/12/01 21:44:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kristi\AppData\Roaming\mozilla\Firefox\Profiles\8cd4ocyk.default\extensions[2013/12/01 21:44:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions[2013/10/12 11:59:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions[2013/10/12 11:59:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}File not found (No name found) -- C:\USERS\KRISTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CD4OCYK.DEFAULT\EXTENSIONS\[email protected]F2F1AC42.COO3 - HKU\S-1-5-21-731434280-73576831-2629088662-1002\..\Toolbar\WebBrowser: (no name) - {6FA88E76-8A91-48CB-8E88-2B226CC4A22E} - No CLSID value found.O18:64bit: - Protocol\Handler\osf - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O30 - LSA: Security Packages - (livessp) -  File not found:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.



Post the OTL Fix next !

 

Thanks

Chuck

Share this post


Link to post
Share on other sites

Yes until we are done please !!

Share this post


Link to post
Share on other sites

This topic is on hold, waiting on a back-up disk !!!

 

Chuck

Share this post


Link to post
Share on other sites

Hey Chris, glad you got it up & running !

 

Before installing Avast remove Norton first !!

For removal all products of Norton >> http://www.majorgeeks.com/mg/get/norton_removal_tool,1.html

 

 

 

 

Avast Free Antivirus

 

Instructions for setting up AVAST !!

 1. Right-click the Avast icon located in the notification area of the Windows task bar. Select "Program Settings" to launch the Avast settings window.
 2. Click "Common" in the left column to view common configuration needs. Place a check mark next to each option you want to enable.
 3. Click "Appearance" in the left column to change how the Avast icon and user interface is displayed on your computer. You can choose to animate the Avast icon and select optional translucent effects for the user interface.
 4. Select "Chest" from the left column. Configure the options for the Chest size. The Chest is where quarantined files are kept. Additionally, you can configure the maximum size of report files to be sent when a virus is found on your computer.
 5. Click "Confirmations" to alter when Avast will question you about what to do with an infected file or before performing certain actions.
 6. Choose the "Language" option located in the left column to install additional languages for Avast. By default, English is the only available language.
 7. Use the "Sounds" selection to change Avast sounds or to disable Avast sounds completely.
 8. Configure the Log file limit and the logging level by selecting "Logging" from the left column. Select "Exclusions" to add files for Avast to ignore when scanning your computer.
 9. Click "Update" to configure update options. You can choose Avast to automatically update, ask when a new update is available, or only allow manual updates.
10.   Select "Troubleshooting" to configure options that help when you are having problems with Avast. You can configure Avast to only display pop-ups if a full screen application is not running or to disable the rootkit scan Avast Antivirus performs as your system boots up.
11. Click "OK" to apply the new configuration and close the configuration options.

 

 

Chuck
 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0