OTL logfile created on: 11/13/2013 7:43:31 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Richard\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16721) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.91 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 62.86% Memory free 7.82 Gb Paging File | 6.24 Gb Available in Paging File | 79.84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 681.84 Gb Total Space | 6.05 Gb Free Space | 0.89% Space Free | Partition Type: NTFS Drive D: | 16.69 Gb Total Space | 2.05 Gb Free Space | 12.30% Space Free | Partition Type: NTFS Computer Name: RICH-HP | User Name: Richard | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/11/13 19:38:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Richard\Downloads\OTL.exe PRC - [2013/10/15 11:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2013/09/20 09:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2013/09/13 09:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2013/07/25 10:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2013/05/20 22:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe PRC - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/01/04 15:21:22 | 000,404,712 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe PRC - [2012/09/17 05:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe PRC - [2012/08/13 09:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2012/08/13 09:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2011/08/16 15:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe PRC - [2011/08/16 15:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe PRC - [2011/08/12 10:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2011/08/03 08:55:11 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011/08/03 08:54:41 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011/07/13 00:57:58 | 000,082,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe PRC - [2011/05/27 15:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe PRC - [2011/05/27 15:57:28 | 002,015,136 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe PRC - [2011/05/27 15:57:26 | 007,025,568 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe PRC - [2011/05/18 18:28:16 | 001,641,888 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe PRC - [2011/02/24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe PRC - [2007/09/10 23:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/10/11 17:19:00 | 001,079,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\51ffeacb880d9c15fecc1c74f83e8973\System.IdentityModel.ni.dll MOD - [2013/10/11 17:18:59 | 018,109,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\60608b811724b2711cb96817043c4dd8\System.ServiceModel.ni.dll MOD - [2013/10/11 17:17:45 | 002,906,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\7a2dfdf44f0610b43e65f28a1448f110\ReachFramework.ni.dll MOD - [2013/10/11 17:17:29 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\10ef07233e429503b5bc942aa6194fe8\System.Runtime.DurableInstancing.ni.dll MOD - [2013/10/11 17:17:28 | 002,659,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dll MOD - [2013/10/10 05:32:01 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dll MOD - [2013/10/10 05:31:59 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll MOD - [2013/10/10 05:31:53 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll MOD - [2013/10/10 05:31:50 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dll MOD - [2013/10/10 05:31:48 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll MOD - [2013/08/18 03:43:42 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll MOD - [2013/08/14 04:43:48 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll MOD - [2013/08/14 04:43:47 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll MOD - [2013/08/14 04:43:43 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll MOD - [2013/07/10 22:09:48 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll MOD - [2013/05/16 09:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2013/05/16 09:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012/12/09 19:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll MOD - [2012/08/10 15:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2012/05/30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/05/27 15:57:32 | 000,022,944 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll MOD - [2011/05/27 15:08:56 | 000,660,480 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll MOD - [2010/08/22 21:01:36 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll MOD - [2010/08/22 21:01:08 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll MOD - [2010/08/22 21:01:06 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll MOD - [2010/08/22 21:01:06 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll MOD - [2010/08/22 20:32:34 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2011/04/19 16:31:16 | 000,181,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service) SRV:[b]64bit:[/b] - [2010/10/11 03:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:[b]64bit:[/b] - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:[b]64bit:[/b] - [2010/02/09 15:55:52 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper) SRV - [2013/11/03 11:48:41 | 000,507,912 | ---- | M] () [Auto | Running] -- C:\Windows\Installer\MSIC9D4.tmp -- (Level Quality Watcher) SRV - [2013/10/09 18:09:34 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/10/01 05:07:29 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/05/20 22:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS) SRV - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2012/09/17 05:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0) SRV - [2012/09/02 16:24:24 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/08/16 15:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService) SRV - [2011/08/12 10:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2011/08/03 08:55:11 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011/08/03 08:54:41 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011/07/13 00:57:58 | 000,082,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService) SRV - [2011/05/27 15:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService) SRV - [2011/02/24 01:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) SRV - [2010/06/01 16:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2013/06/18 05:01:18 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:[b]64bit:[/b] - [2013/05/22 23:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA) DRV:[b]64bit:[/b] - [2013/05/20 23:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys -- (SymDS) DRV:[b]64bit:[/b] - [2013/05/15 23:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP) DRV:[b]64bit:[/b] - [2013/04/24 18:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys -- (SymNetS) DRV:[b]64bit:[/b] - [2013/04/15 20:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS) DRV:[b]64bit:[/b] - [2013/03/04 19:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON) DRV:[b]64bit:[/b] - [2013/03/04 19:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX) DRV:[b]64bit:[/b] - [2013/02/11 22:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:[b]64bit:[/b] - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:[b]64bit:[/b] - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2012/08/10 02:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:[b]64bit:[/b] - [2012/07/25 23:32:22 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:[b]64bit:[/b] - [2012/06/06 20:16:42 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv) DRV:[b]64bit:[/b] - [2012/06/06 19:48:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2012/06/06 19:48:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011/09/19 02:02:35 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:[b]64bit:[/b] - [2011/09/19 01:52:26 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2011/09/14 04:35:45 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2011/08/04 05:25:16 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2011/08/03 08:51:56 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:[b]64bit:[/b] - [2009/06/22 15:50:00 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp) DRV:[b]64bit:[/b] - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013/11/10 19:23:32 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20131113.001\ex64.sys -- (NAVEX15) DRV - [2013/11/10 19:23:32 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20131113.001\eng64.sys -- (NAVENG) DRV - [2013/10/28 11:37:14 | 000,521,816 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20131112.002\IDSviA64.sys -- (IDSVia64) DRV - [2013/10/22 17:11:13 | 001,524,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20131101.003\BHDrvx64.sys -- (BHDrvx64) DRV - [2013/08/27 04:59:39 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013/08/27 04:59:39 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/08/27 17:16:17 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\AFS.SYS -- (AFS) DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.duckduckgo.com/ IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback> IE - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50042;https=127.0.0.1:50042 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "DuckDuckGo" FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\ [2013/11/13 19:07:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2013/08/13 07:38:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFF [2013/10/09 17:38:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/13 19:40:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\sp2@sp.com: C:\Program Files (x86)\Social Privacy\FF\ [2013/10/10 18:02:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Extensions [2013/11/11 05:42:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\1zvytk7c.default\extensions [2013/11/11 05:42:56 | 000,000,000 | ---D | M] (ScorpionSaver) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\1zvytk7c.default\extensions\ScorpionSaver@jetpack [2013/10/30 05:20:22 | 000,320,988 | ---- | M] () (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\1zvytk7c.default\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013/11/03 12:23:31 | 000,000,861 | ---- | M] () -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\1zvytk7c.default\searchplugins\conduit-search.xml [2013/10/16 18:55:31 | 000,010,530 | ---- | M] () -- C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\1zvytk7c.default\searchplugins\duckduckgo.xml [2013/11/13 19:40:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/11/13 19:40:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013/11/11 19:10:43 | 000,450,700 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15467 more lines... O2:[b]64bit:[/b] - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation) O2:[b]64bit:[/b] - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project) O4:[b]64bit:[/b] - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2076359882-1546476900-126256798-1004..\Run: [HP ENVY 4500 series (NET)] C:\Program Files\hp\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4:[b]64bit:[/b] - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard) O4 - Startup: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriver.com/DRHM/store?Action=DisplayProductSearchResultsPage&SiteID=hpappli&Locale=en_US&keywords=%w O7 - HKU\S-1-5-21-2076359882-1546476900-126256798-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation) O9:[b]64bit:[/b] - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard) O9:[b]64bit:[/b] - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard) O9:[b]64bit:[/b] - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C718BAD-7DD5-448A-8252-A85B7AE3893C}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F73906CC-5585-4BF6-ABA9-777B258EC385}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F73906CC-5585-4BF6-ABA9-777B258EC385}: NameServer = 8.8.8.8,8.8.4.4 O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [CREATERESTOREPOINT] Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/11/13 19:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/11/11 05:42:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScorpionSaver [2013/11/03 18:36:18 | 000,000,000 | ---D | C] -- C:\Users\Richard\hpremote [2013/11/03 11:48:44 | 000,000,000 | ---D | C] -- C:\temp [2013/11/03 11:47:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sp [2013/11/03 11:42:39 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\VeriSign [2013/11/03 11:35:02 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2013/11/03 11:35:02 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2013/11/02 14:17:28 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\NPE [2013/11/02 10:21:12 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat [2013/11/02 10:21:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDirStat [2013/10/29 19:45:31 | 000,000,000 | ---D | C] -- C:\N4E'wYl!(h3SyQjZeu [2013/10/28 11:40:40 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\HP Support Assistant [2013/10/26 13:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan [2013/10/26 13:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations [2013/10/26 13:11:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations [2013/10/26 13:11:19 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\HpUpdate [2013/10/26 13:11:13 | 000,762,400 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPMC511.dll [2013/10/26 13:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2013/10/26 13:10:35 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\HP [2013/10/25 05:25:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/10/25 05:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/10/25 05:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/10/25 05:24:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013/10/25 05:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/10/19 17:01:13 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\OpenOffice.org [2013/10/19 12:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013/10/19 12:07:02 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013/10/19 12:06:16 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Programs [2013/10/19 11:58:43 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\CrashDumps [2013/10/19 11:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013/10/19 11:34:53 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\Unknown folder [2013/10/19 10:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva [2013/10/19 10:59:49 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva [2013/10/18 04:57:36 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Apple Computer [2013/10/18 04:48:35 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Apple [2013/10/16 19:03:30 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Malwarebytes [2013/10/16 18:46:46 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Mozilla [2013/10/16 18:46:43 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Macromedia [2013/10/16 18:46:42 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Eraser 6 [2013/10/16 18:46:19 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Mozilla [2013/10/16 18:46:19 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Hewlett-Packard [2013/10/16 18:37:13 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\WinPatrol [2013/10/16 18:37:04 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\PDFC [2013/10/16 18:37:04 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Apple Computer [2013/10/16 18:37:02 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Adobe [2013/10/16 18:36:48 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Adobe [2013/10/16 18:36:39 | 000,000,000 | R--D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013/10/16 18:36:39 | 000,000,000 | R--D | C] -- C:\Users\Richard\Searches [2013/10/16 18:36:39 | 000,000,000 | R--D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013/10/16 18:36:38 | 000,000,000 | -H-D | C] -- C:\Users\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2013/10/16 18:36:38 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\TouchSmartData [2013/10/16 18:36:30 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Identities [2013/10/16 18:36:28 | 000,000,000 | R--D | C] -- C:\Users\Richard\Contacts [2013/10/16 18:36:25 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\VirtualStore [2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\AppData\Local\Temporary Internet Files [2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Templates [2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Start Menu [2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\SendTo [2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Recent [2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\PrintHood [2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\NetHood [2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Documents\My Videos [2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Documents\My Pictures [2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Documents\My Music [2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\My Documents [2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Local Settings [2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\AppData\Local\History [2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Cookies [2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\Application Data [2013/10/16 18:36:14 | 000,000,000 | -HSD | C] -- C:\Users\Richard\AppData\Local\Application Data [2013/10/16 18:36:13 | 000,000,000 | --SD | C] -- C:\Users\Richard\AppData\Roaming\Microsoft [2013/10/16 18:36:13 | 000,000,000 | R--D | C] -- C:\Users\Richard\Videos [2013/10/16 18:36:13 | 000,000,000 | R--D | C] -- C:\Users\Richard\Saved Games [2013/10/16 18:36:13 | 000,000,000 | R--D | C] -- C:\Users\Richard\Pictures [2013/10/16 18:36:13 | 000,000,000 | R--D | C] -- C:\Users\Richard\Music [2013/10/16 18:36:13 | 000,000,000 | R--D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013/10/16 18:36:13 | 000,000,000 | R--D | C] -- C:\Users\Richard\Links [2013/10/16 18:36:13 | 000,000,000 | R--D | C] -- C:\Users\Richard\Favorites [2013/10/16 18:36:13 | 000,000,000 | R--D | C] -- C:\Users\Richard\Downloads [2013/10/16 18:36:13 | 000,000,000 | R--D | C] -- C:\Users\Richard\Documents [2013/10/16 18:36:13 | 000,000,000 | R--D | C] -- C:\Users\Richard\Desktop [2013/10/16 18:36:13 | 000,000,000 | R--D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013/10/16 18:36:13 | 000,000,000 | -H-D | C] -- C:\Users\Richard\AppData [2013/10/16 18:36:13 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Temp [2013/10/16 18:36:13 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Microsoft [2013/10/16 18:36:13 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Media Center Programs [2013/10/16 18:36:13 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Macromedia [2013/10/16 18:36:13 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\Hewlett-Packard [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/11/13 19:35:10 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/11/13 19:12:46 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/11/13 19:12:46 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/11/13 19:12:14 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/11/13 19:12:14 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/11/13 19:12:14 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/11/13 19:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/11/13 19:05:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/11/13 19:05:05 | 3147,706,368 | -HS- | M] () -- C:\hiberfil.sys [2013/11/13 19:03:14 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/11/13 18:46:00 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRich.job [2013/11/12 05:37:03 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRichard.job [2013/11/11 19:10:43 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/11/11 05:40:45 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131111-191043.backup [2013/11/11 05:40:17 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131111-054045.backup [2013/11/03 18:18:46 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk [2013/11/03 18:08:57 | 001,343,238 | ---- | M] () -- C:\Users\Richard\Desktop\Virus.png [2013/11/03 12:37:06 | 000,003,844 | ---- | M] () -- C:\Users\Richard\Documents\cc_20131103_123701.reg [2013/11/03 12:24:02 | 000,000,246 | ---- | M] () -- C:\Windows\wininit.ini [2013/11/03 11:42:32 | 000,001,409 | ---- | M] () -- C:\Users\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/11/02 14:30:52 | 000,637,030 | ---- | M] () -- C:\Users\Richard\Desktop\WinDirStat end.jpg [2013/11/02 14:29:46 | 000,625,687 | ---- | M] () -- C:\Users\Richard\Desktop\WinDirStat begin.jpg [2013/11/02 12:49:44 | 000,003,032 | ---- | M] () -- C:\{E927904B-8486-4479-A6F9-5B0A6F4CCE48} [2013/11/02 12:40:49 | 000,002,680 | ---- | M] () -- C:\{BAC9C88F-EEBF-4CCC-8B33-D66181447A80} [2013/11/02 12:37:17 | 000,002,984 | ---- | M] () -- C:\{10B187DA-26C5-4CEA-A231-F0812F41E7A5} [2013/11/02 11:11:47 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131111-054017.backup [2013/11/02 10:55:24 | 000,595,472 | ---- | M] () -- C:\Users\Richard\Desktop\WinDirStat paint.jpg [2013/11/02 10:21:13 | 000,000,993 | ---- | M] () -- C:\Users\Richard\Desktop\WinDirStat.lnk [2013/10/30 00:37:19 | 000,002,920 | ---- | M] () -- C:\{6461A597-40BC-490B-AE54-FEE7DB69D44A} [2013/10/29 23:46:04 | 000,002,800 | ---- | M] () -- C:\{29974BE0-C1C3-418B-ABA7-47C1C131B5D9} [2013/10/29 23:36:45 | 000,003,080 | ---- | M] () -- C:\{E3F8DD4C-CD45-40E4-9097-BA22966356FC} [2013/10/29 20:23:13 | 000,002,608 | ---- | M] () -- C:\{65B8DD62-5226-4757-8C98-A8CFCC7D1713} [2013/10/28 17:53:16 | 000,009,059 | ---- | M] () -- C:\Users\Richard\Desktop\Recipes.odt [2013/10/28 04:44:44 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131102-121147.backup [2013/10/27 05:13:01 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131028-054444.backup [2013/10/26 17:52:44 | 000,002,608 | ---- | M] () -- C:\{7ACA56EA-DEE9-44A5-8DB8-1F5C3FEDA61D} [2013/10/26 17:39:48 | 000,003,520 | ---- | M] () -- C:\{21970A59-E018-44BB-9DA0-2BFC4F8506CE} [2013/10/26 17:29:00 | 000,003,072 | ---- | M] () -- C:\{5A0EC818-1F81-4EEF-A294-C4652B24D647} [2013/10/26 15:13:32 | 000,003,168 | ---- | M] () -- C:\{9FA090A8-2805-44BA-8A41-005F80A835EC} [2013/10/26 15:08:56 | 000,003,008 | ---- | M] () -- C:\{54C19903-AACE-4C9D-8011-F5108978A04A} [2013/10/26 14:53:52 | 000,003,168 | ---- | M] () -- C:\{A971E772-C78B-4BC9-8AC8-D6E099E5871D} [2013/10/26 14:52:17 | 000,003,008 | ---- | M] () -- C:\{E46001CE-6EE5-4BD1-9EE1-3A386B763350} [2013/10/26 13:11:31 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk [2013/10/26 13:11:12 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP ENVY 4500 series.lnk [2013/10/26 13:11:11 | 000,002,178 | ---- | M] () -- C:\Users\Public\Desktop\HP ENVY 4500 series.lnk [2013/10/26 13:11:00 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2013/10/26 09:07:42 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131027-061301.backup [2013/10/26 04:56:50 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131026-100742.backup [2013/10/25 05:25:06 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/10/25 04:28:46 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131026-055650.backup [2013/10/24 17:36:18 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131025-052846.backup [2013/10/24 04:43:50 | 000,450,700 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131024-183618.backup [2013/10/24 04:42:44 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131024-054350.backup [2013/10/23 04:42:04 | 000,450,700 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131024-054244.backup [2013/10/22 04:43:03 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131023-054204.backup [2013/10/21 17:47:47 | 000,037,732 | ---- | M] () -- C:\Users\Richard\Documents\cc_20131021_184742.reg [2013/10/21 17:22:30 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131022-054303.backup [2013/10/21 04:42:02 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131021-182230.backup [2013/10/19 17:05:49 | 000,001,961 | ---- | M] () -- C:\Users\Richard\Documents\Recipes - Shortcut.lnk [2013/10/19 17:01:20 | 000,001,197 | ---- | M] () -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013/10/19 12:19:38 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131021-054202.backup [2013/10/19 12:15:13 | 000,003,584 | ---- | M] () -- C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/10/19 12:14:50 | 000,450,700 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131019-131938.backup [2013/10/19 12:07:04 | 000,001,341 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013/10/19 11:57:24 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/10/19 11:00:21 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk [2013/10/16 18:36:19 | 000,000,258 | RHS- | M] () -- C:\Users\Richard\ntuser.pol [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/11/03 18:18:46 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk [2013/11/03 18:08:56 | 001,343,238 | ---- | C] () -- C:\Users\Richard\Desktop\Virus.png [2013/11/03 12:37:04 | 000,003,844 | ---- | C] () -- C:\Users\Richard\Documents\cc_20131103_123701.reg [2013/11/03 11:42:32 | 000,001,409 | ---- | C] () -- C:\Users\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/11/02 14:30:52 | 000,637,030 | ---- | C] () -- C:\Users\Richard\Desktop\WinDirStat end.jpg [2013/11/02 14:29:46 | 000,625,687 | ---- | C] () -- C:\Users\Richard\Desktop\WinDirStat begin.jpg [2013/11/02 12:49:43 | 000,003,032 | ---- | C] () -- C:\{E927904B-8486-4479-A6F9-5B0A6F4CCE48} [2013/11/02 12:40:47 | 000,002,680 | ---- | C] () -- C:\{BAC9C88F-EEBF-4CCC-8B33-D66181447A80} [2013/11/02 12:37:13 | 000,002,984 | ---- | C] () -- C:\{10B187DA-26C5-4CEA-A231-F0812F41E7A5} [2013/11/02 10:55:24 | 000,595,472 | ---- | C] () -- C:\Users\Richard\Desktop\WinDirStat paint.jpg [2013/11/02 10:21:13 | 000,000,993 | ---- | C] () -- C:\Users\Richard\Desktop\WinDirStat.lnk [2013/10/30 00:37:07 | 000,002,920 | ---- | C] () -- C:\{6461A597-40BC-490B-AE54-FEE7DB69D44A} [2013/10/29 23:46:01 | 000,002,800 | ---- | C] () -- C:\{29974BE0-C1C3-418B-ABA7-47C1C131B5D9} [2013/10/29 23:36:36 | 000,003,080 | ---- | C] () -- C:\{E3F8DD4C-CD45-40E4-9097-BA22966356FC} [2013/10/29 20:23:09 | 000,002,608 | ---- | C] () -- C:\{65B8DD62-5226-4757-8C98-A8CFCC7D1713} [2013/10/28 11:42:11 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForRichard.job [2013/10/26 17:52:43 | 000,002,608 | ---- | C] () -- C:\{7ACA56EA-DEE9-44A5-8DB8-1F5C3FEDA61D} [2013/10/26 17:39:43 | 000,003,520 | ---- | C] () -- C:\{21970A59-E018-44BB-9DA0-2BFC4F8506CE} [2013/10/26 17:28:58 | 000,003,072 | ---- | C] () -- C:\{5A0EC818-1F81-4EEF-A294-C4652B24D647} [2013/10/26 15:13:30 | 000,003,168 | ---- | C] () -- C:\{9FA090A8-2805-44BA-8A41-005F80A835EC} [2013/10/26 15:08:54 | 000,003,008 | ---- | C] () -- C:\{54C19903-AACE-4C9D-8011-F5108978A04A} [2013/10/26 14:53:52 | 000,003,168 | ---- | C] () -- C:\{A971E772-C78B-4BC9-8AC8-D6E099E5871D} [2013/10/26 14:52:16 | 000,003,008 | ---- | C] () -- C:\{E46001CE-6EE5-4BD1-9EE1-3A386B763350} [2013/10/26 13:11:31 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk [2013/10/26 13:11:12 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP ENVY 4500 series.lnk [2013/10/26 13:11:11 | 000,002,178 | ---- | C] () -- C:\Users\Public\Desktop\HP ENVY 4500 series.lnk [2013/10/26 13:11:00 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013/10/25 05:25:06 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013/10/21 17:47:44 | 000,037,732 | ---- | C] () -- C:\Users\Richard\Documents\cc_20131021_184742.reg [2013/10/19 17:05:49 | 000,001,961 | ---- | C] () -- C:\Users\Richard\Documents\Recipes - Shortcut.lnk [2013/10/19 17:02:27 | 000,009,059 | ---- | C] () -- C:\Users\Richard\Desktop\Recipes.odt [2013/10/19 17:01:19 | 000,001,197 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013/10/19 12:15:13 | 000,003,584 | ---- | C] () -- C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/10/19 12:07:04 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013/10/19 12:07:04 | 000,001,341 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013/10/19 11:56:57 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/10/19 10:59:50 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk [2013/10/16 18:36:47 | 000,001,415 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013/10/16 18:36:19 | 000,000,258 | RHS- | C] () -- C:\Users\Richard\ntuser.pol [2013/10/16 18:36:13 | 000,000,290 | ---- | C] () -- C:\Users\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2013/10/16 18:36:13 | 000,000,272 | ---- | C] () -- C:\Users\Richard\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2013/10/07 17:54:19 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-RICH-HP-Microsoft-Windows-7-Home-Premium-(64-bit).dat [2013/09/22 09:36:18 | 000,000,246 | ---- | C] () -- C:\Windows\wininit.ini [2013/08/27 13:42:30 | 000,000,135 | ---- | C] () -- C:\Windows\Reimage.ini [2013/01/26 15:45:46 | 000,000,629 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2012/09/02 16:21:46 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012/08/27 17:39:10 | 000,018,289 | ---- | C] () -- C:\Windows\HPHins01.dat.temp [2012/08/27 17:39:10 | 000,004,284 | ---- | C] () -- C:\Windows\hphmdl01.dat.temp [2012/06/06 19:48:36 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012/06/06 19:48:35 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012/06/06 19:48:34 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< >[/color] [color=#E56717]========== Base Services ==========[/color] SRV:[b]64bit:[/b] - [2009/07/13 19:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc) SRV:[b]64bit:[/b] - [2013/02/26 23:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo) SRV:[b]64bit:[/b] - [2009/07/13 19:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG) SRV:[b]64bit:[/b] - [2010/11/20 21:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS) SRV:[b]64bit:[/b] - [2010/11/20 21:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE) SRV:[b]64bit:[/b] - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso) SRV:[b]64bit:[/b] - [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem) SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem) SRV:[b]64bit:[/b] - [2012/07/04 16:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser) SRV:[b]64bit:[/b] - [2013/07/08 23:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc) SRV - [2013/07/08 22:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc) SRV:[b]64bit:[/b] - [2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch) SRV:[b]64bit:[/b] - [2010/11/20 21:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp) SRV - [2010/11/20 21:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp) SRV:[b]64bit:[/b] - [2012/06/06 19:42:51 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache) SRV:[b]64bit:[/b] - [2009/07/13 19:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost) SRV:[b]64bit:[/b] - [2009/07/13 19:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv) SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv) SRV:[b]64bit:[/b] - [2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess) SRV:[b]64bit:[/b] - [2010/11/20 21:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent) No service found with a name of MsMpSvc No service found with a name of NisSrv SRV:[b]64bit:[/b] - [2009/07/13 19:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv) SRV:[b]64bit:[/b] - [2009/07/13 19:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS) SRV:[b]64bit:[/b] - [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman) SRV:[b]64bit:[/b] - [2009/07/13 19:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm) SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm) SRV:[b]64bit:[/b] - [2012/10/03 11:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc) SRV:[b]64bit:[/b] - [2009/07/13 19:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi) SRV:[b]64bit:[/b] - [2012/06/06 19:44:41 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay) SRV:[b]64bit:[/b] - [2012/02/11 00:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler) SRV:[b]64bit:[/b] - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage) No service found with a name of EMDMgmt SRV:[b]64bit:[/b] - [2009/07/13 19:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto) SRV:[b]64bit:[/b] - [2010/11/20 21:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan) SRV:[b]64bit:[/b] - [2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs) SRV:[b]64bit:[/b] - [2010/11/20 21:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon) SRV:[b]64bit:[/b] - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs) SRV:[b]64bit:[/b] - [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc) SRV:[b]64bit:[/b] - [2010/11/20 21:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer) SRV:[b]64bit:[/b] - [2010/11/20 21:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection) SRV - [2010/11/20 21:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection) No service found with a name of slsvc SRV:[b]64bit:[/b] - [2010/11/20 21:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule) SRV:[b]64bit:[/b] - [2010/11/20 21:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv) SRV - [2010/11/20 21:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv) SRV:[b]64bit:[/b] - [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes) SRV:[b]64bit:[/b] - [2012/04/30 23:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc) SRV:[b]64bit:[/b] - [2010/11/20 21:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS) SRV:[b]64bit:[/b] - [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv) SRV:[b]64bit:[/b] - [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder) SRV:[b]64bit:[/b] - [2010/11/20 21:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC) SRV:[b]64bit:[/b] - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2010/11/20 21:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog) SRV:[b]64bit:[/b] - [2010/11/20 21:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc) SRV:[b]64bit:[/b] - [2010/11/20 21:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc) SRV:[b]64bit:[/b] - [2010/11/20 21:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver) SRV - [2010/11/20 21:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver) SRV:[b]64bit:[/b] - [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt) SRV:[b]64bit:[/b] - [2012/06/02 16:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv) SRV:[b]64bit:[/b] - [2010/11/20 21:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc) SRV:[b]64bit:[/b] - [2009/07/13 19:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc) SRV:[b]64bit:[/b] - [2010/11/20 21:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation) [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2012/06/06 19:43:16 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2012/06/06 19:43:16 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2012/06/06 19:43:16 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2012/06/06 19:43:16 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 21:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2012/06/06 19:43:16 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2012/06/06 19:43:16 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010/11/20 21:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2013/09/20 09:51:08 | 003,885,120 | ---- | M] (Safer-Networking Ltd.) MD5=CDEB46FE688F062D3033209B29755203 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe [color=#A23BEC]< MD5 for: SERVICES >[/color] [2009/06/10 15:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services [color=#A23BEC]< MD5 for: SERVICES.CFG >[/color] [2012/09/23 19:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg [2013/09/05 08:04:00 | 000,559,090 | ---- | M] () MD5=8ADD48E413D05BF2E7AEC00173DDFABC -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg [color=#A23BEC]< MD5 for: SERVICES.DAT >[/color] [2013/11/05 16:18:20 | 000,003,117 | ---- | M] () MD5=5F3B95A58780ADA3F223F004CDEE9967 -- C:\Users\Richard\AppData\Local\Temp\jrt\services.dat [color=#A23BEC]< MD5 for: SERVICES.EXE >[/color] [2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe [2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [color=#A23BEC]< MD5 for: SERVICES.EXE.MUI >[/color] [2010/11/21 01:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui [2010/11/21 01:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui [color=#A23BEC]< MD5 for: SERVICES.HTML >[/color] [2013/01/04 13:50:38 | 000,006,329 | ---- | M] () MD5=CBF97253DD695DF0C1591D1357E15043 -- C:\Program Files (x86)\BillP Studios\WinPatrol\services.html [color=#A23BEC]< MD5 for: SERVICES.LNK >[/color] [2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk [color=#A23BEC]< MD5 for: SERVICES.MOF >[/color] [2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof [2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof [color=#A23BEC]< MD5 for: SERVICES.MSC >[/color] [2010/11/21 01:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc [2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc [2010/11/21 01:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc [2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc [2010/11/21 01:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc [2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc [2010/11/21 01:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc [2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc [color=#A23BEC]< MD5 for: SERVICES.PTXML >[/color] [2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml [2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml [color=#A23BEC]< MD5 for: SERVICES.RDB >[/color] [2012/08/13 09:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb [2012/08/13 09:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files (x86)\OpenOffice.org 3\program\services.rdb [2012/08/10 14:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb [color=#A23BEC]< MD5 for: SERVICES.SBS >[/color] [2013/07/16 12:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe [2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe [2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [color=#A23BEC]< dir C:\ /S /A:L /C >[/color] Volume in drive C is OS Volume Serial Number is 5A17-373D Directory of C:\ 07/13/2009 11:08 PM Documents and Settings [..] 0 File(s) 0 bytes Directory of C:\ProgramData 07/13/2009 11:08 PM Application Data [..] 07/13/2009 11:08 PM Desktop [..] 07/13/2009 11:08 PM Documents [..] 07/13/2009 11:08 PM Favorites [..] 07/13/2009 11:08 PM Start Menu [..] 07/13/2009 11:08 PM Templates [..] 0 File(s) 0 bytes Directory of C:\Users 07/13/2009 11:08 PM All Users [C:\ProgramData] 07/13/2009 11:08 PM Default User [..] 0 File(s) 0 bytes Directory of C:\Users\All Users 07/13/2009 11:08 PM Application Data [..] 07/13/2009 11:08 PM Desktop [..] 07/13/2009 11:08 PM Documents [..] 07/13/2009 11:08 PM Favorites [..] 07/13/2009 11:08 PM Start Menu [..] 07/13/2009 11:08 PM Templates [..] 0 File(s) 0 bytes Directory of C:\Users\Campagnolo 10/26/2013 01:48 PM Application Data [C:\Users\Campagnolo\AppData\Roaming] 10/26/2013 01:48 PM Cookies [C:\Users\Campagnolo\AppData\Roaming\Microsoft\Windows\Cookies] 10/26/2013 01:48 PM Local Settings [C:\Users\Campagnolo\AppData\Local] 10/26/2013 01:48 PM My Documents [C:\Users\Campagnolo\Documents] 10/26/2013 01:48 PM NetHood [C:\Users\Campagnolo\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 10/26/2013 01:48 PM PrintHood [C:\Users\Campagnolo\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 10/26/2013 01:48 PM Recent [C:\Users\Campagnolo\AppData\Roaming\Microsoft\Windows\Recent] 10/26/2013 01:48 PM SendTo [C:\Users\Campagnolo\AppData\Roaming\Microsoft\Windows\SendTo] 10/26/2013 01:48 PM Start Menu [C:\Users\Campagnolo\AppData\Roaming\Microsoft\Windows\Start Menu] 10/26/2013 01:48 PM Templates [C:\Users\Campagnolo\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\Campagnolo\AppData\Local 10/26/2013 01:48 PM Application Data [C:\Users\Campagnolo\AppData\Local] 10/26/2013 01:48 PM History [C:\Users\Campagnolo\AppData\Local\Microsoft\Windows\History] 10/26/2013 01:48 PM Temporary Internet Files [C:\Users\Campagnolo\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Users\Campagnolo\Documents 10/26/2013 01:48 PM My Music [C:\Users\Campagnolo\Music] 10/26/2013 01:48 PM My Pictures [C:\Users\Campagnolo\Pictures] 10/26/2013 01:48 PM My Videos [C:\Users\Campagnolo\Videos] 0 File(s) 0 bytes Directory of C:\Users\Default 07/13/2009 11:08 PM Application Data [..] 07/13/2009 11:08 PM Cookies [..] 07/13/2009 11:08 PM Local Settings [..] 07/13/2009 11:08 PM My Documents [..] 07/13/2009 11:08 PM NetHood [..] 07/13/2009 11:08 PM PrintHood [..] 07/13/2009 11:08 PM Recent [..] 07/13/2009 11:08 PM SendTo [..] 07/13/2009 11:08 PM Start Menu [..] 07/13/2009 11:08 PM Templates [..] 0 File(s) 0 bytes Directory of C:\Users\Default\AppData\Local 07/13/2009 11:08 PM Application Data [..] 07/13/2009 11:08 PM History [..] 07/13/2009 11:08 PM Temporary Internet Files [..] 0 File(s) 0 bytes Directory of C:\Users\Default\Documents 07/13/2009 11:08 PM My Music [..] 07/13/2009 11:08 PM My Pictures [..] 07/13/2009 11:08 PM My Videos [..] 0 File(s) 0 bytes Directory of C:\Users\Guest 07/13/2013 10:43 AM Application Data [C:\Users\Guest\AppData\Roaming] 07/13/2013 10:43 AM Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies] 07/13/2013 10:43 AM Local Settings [C:\Users\Guest\AppData\Local] 07/13/2013 10:43 AM My Documents [C:\Users\Guest\Documents] 07/13/2013 10:43 AM NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 07/13/2013 10:43 AM PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 07/13/2013 10:43 AM Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent] 07/13/2013 10:43 AM SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo] 07/13/2013 10:43 AM Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu] 07/13/2013 10:43 AM Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\Guest\AppData\Local 07/13/2013 10:43 AM Application Data [C:\Users\Guest\AppData\Local] 07/13/2013 10:43 AM History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History] 07/13/2013 10:43 AM Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Users\Guest\Documents 07/13/2013 10:43 AM My Music [C:\Users\Guest\Music] 07/13/2013 10:43 AM My Pictures [C:\Users\Guest\Pictures] 07/13/2013 10:43 AM My Videos [C:\Users\Guest\Videos] 0 File(s) 0 bytes Directory of C:\Users\Public\Documents 07/13/2009 11:08 PM My Music [C:\Users\Public\Music] 07/13/2009 11:08 PM My Pictures [C:\Users\Public\Pictures] 07/13/2009 11:08 PM My Videos [C:\Users\Public\Videos] 0 File(s) 0 bytes Directory of C:\Users\Richard 10/16/2013 06:36 PM Application Data [C:\Users\Richard\AppData\Roaming] 10/16/2013 06:36 PM Cookies [C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Cookies] 10/16/2013 06:36 PM Local Settings [C:\Users\Richard\AppData\Local] 10/16/2013 06:36 PM My Documents [C:\Users\Richard\Documents] 10/16/2013 06:36 PM NetHood [C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 10/16/2013 06:36 PM PrintHood [C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 10/16/2013 06:36 PM Recent [C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Recent] 10/16/2013 06:36 PM SendTo [C:\Users\Richard\AppData\Roaming\Microsoft\Windows\SendTo] 10/16/2013 06:36 PM Start Menu [C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu] 10/16/2013 06:36 PM Templates [C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\Richard\AppData\Local 10/16/2013 06:36 PM Application Data [C:\Users\Richard\AppData\Local] 10/16/2013 06:36 PM History [C:\Users\Richard\AppData\Local\Microsoft\Windows\History] 10/16/2013 06:36 PM Temporary Internet Files [C:\Users\Richard\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Users\Richard\Documents 10/16/2013 06:36 PM My Music [C:\Users\Richard\Music] 10/16/2013 06:36 PM My Pictures [C:\Users\Richard\Pictures] 10/16/2013 06:36 PM My Videos [C:\Users\Richard\Videos] 0 File(s) 0 bytes Total Files Listed: 0 File(s) 0 bytes 82 Dir(s) 6,157,422,592 bytes free [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:373E1720 < End of report >